Achieving FedRAMP authorization requires a hardened approach to cryptographic validation beyond shallow ciphers. For CSPs, simply saying that you use AES-256 or support TLS without verified, validated cryptographic modules introduces fatal flaws into authorization efforts. 

To succeed, CSPs must build systems that assume validation is an operational need and not something they do after the fact. They must also recognize that misinterpretations of FIPS requirements can derail otherwise sound security architectures during 3PAO audits or agency reviews.

Read More

Federal Information Processing Standards (FIPS) are essential for federal agencies and contractors to ensure the security of sensitive information, such as classified data, personally identifiable information, and financial data. 

This article will describe some of the most common FIPS security standards, their importance, and how federal agencies and contractors use them. We will also discuss the recent updates to FIPS security standards, such as FIPS 140-3 and FIPS 186-5, and how they impact federal information security.

Read More

One of the foundational pieces of information that a cloud provider needs to know when preparing for their FedRAMP Authorization is the required Impact Level. These levels aren’t generic labels applied by agencies to highlight the importance of their data–they are clearly-defined categories laid out by the National Institute of Standards and Technology (NIST) to structure security requirements.

Read More