What Are the Evaluation Criteria for JAB Prioritization?

Aug 2, 2023 Continuum GRC 0 Comment

FedRAMP compliance featured image - cloud security GRC platform for government contracts AI-powered cybersecurity 2025 zero trust ransomware protection supply chain security regulatory compliance operational resilience

The Federal Risk and Authorization Management Program (FedRAMP) plays a pivotal role in safeguarding the security of cloud services within the U.S. federal government. An essential element of this program is the Joint Authorization Board (JAB), which is responsible for prioritizing and authorizing cloud offerings offered by cloud providers.

The JAB prioritization process is a methodical approach to selecting the most impactful CSOs for a JAB Provisional Authorization to Operate (P-ATO). This process holds significance for upholding the integrity of federal cloud services and shaping the future of cloud technology within the government sector.

What is an Authorization Boundary for FedRAMP and StateRAMP?

Jul 19, 2023 Continuum GRC 0 Comment

Featured GRC blog image - top trends in cybersecurity and risk management for 2025 AI-powered cybersecurity 2025 zero trust ransomware protection supply chain security regulatory compliance operational resilience

Assessments for both StateRAMP and FedRAMP rely on the 3PAO’s understanding of the systems and people that will interact with a specific government agency. With this knowledge, it’s easier to determine where particular requirements begin and where they end. Across both of these frameworks, this concept is known as the “authorization boundary.”

The authorization boundary serves as a (sometimes physical, sometimes logical, sometimes administrative) fence that delineates the scope of a cloud system’s operations, setting clear boundaries for where assessment and regulatory requirements begin and end.

Whether you’re a cloud service provider or a government agency representative, this article will shed light on this essential concept and help you understand its impact on the landscape of cloud security.

FedRAMP and DoD Impact Levels

May 17, 2023 Continuum GRC 0 Comment

GRC compliance image - Continuum GRC solutions for cyber security and audit AI-powered cybersecurity 2025 zero trust ransomware protection supply chain security regulatory compliance operational resilience

As the Department of War (DoW) increasingly leverages cloud services, the need to classify and secure sensitive data has never been more important. To address that need, the DoD’s Cloud Computing Security Requirements Guide (SRG) provides a comprehensive framework for this, establishing different Impact Levels to classify the appropriateness of a system to handle specific kinds of data.

If you’re familiar with federal regulations and cloud services, you might already notice that another framework applies to cloud service providers–FedRAMP. That’s why the DoD has guidelines for implementing specific DoD impact level requirements alongside FedRAMP.

This article discusses the DoD Impact Levels, covering what type of data they encompass and how they interact with FedRAMP.