StateRAMP, much like FedRAMP, includes a series of documents that the cloud provider and their 3PAO must complete before they are fully authorized. These documents align with several stages of the assessment process and provide regulating authorities with the proof they need to see that the cloud offering meets requirements.
Here, we summarize the documents you must complete as part of your StateRAMP assessment process.
There’s recently been a push within FedRAMP towards modernizing the framework to meet modern security challenges and better align federal security standards across agencies and technologies.
Part of this push is standardizing how security controls are measured and assessed, and the most recent blog from FedRAMP mentions a new standard–OSCAL.
Here, we will discuss OSCAL, why the National Institute of Standards and Technology (NIST) is creating it to address assessments, and how we streamline them.
The latest FedRAMP draft memo from the OMB shakes up quite a bit about the program. While nothing is set in stone, much ink is spilled on what it will mean for the program and participating cloud service providers.
In this article, we will discuss what this new memo says about automation–specifically, how the program will start approaching automation to ensure compliance within its ecosystem of providers.