Any IT or cloud provider working with the government needs to show that they are secured against data breach or theft. As the SolarWinds hack has demonstrated, our interconnected technology systems are under attack from outside entities who want to gain access to critical civil, military, and industrial data and undermine our security. That’s why frameworks like FedRAMP and CMMC exist. 

But do these frameworks play well together? As of right now, there isn’t a clear 1-to-1 relationship between the two. But some similarities between the two could help cloud service providers who want to work with defense agencies prepare their systems for CMMC compliance if they currently have FedRAMP certification. 

Read More

One of the earliest tasks that Cloud Service Providers, 3PAOs, and state agencies complete are determining the security levels required to protect data in a cloud environment. FedRAMP uses federal standards and documentation to outline Impact Levels based on the importance of the data. StateRAMP follows suit by defining Impact Categories based on FedRAMP.

Read More

StateRAMP, like any other compliance framework, includes several reports to document a provider’s progress through certification for the Program Management Office (PMO). As of February 2021, however, the PMO is still spinning up its resources and and StateRAMP reports templates. As such, many required report templates are slated for availability on the StateRAMP website but are as of yet not published. 

Read More