Assessments for both StateRAMP and FedRAMP rely on the 3PAO’s understanding of the systems and people that will interact with a specific government agency. With this knowledge, it’s easier to determine where particular requirements begin and where they end. Across both of these frameworks, this concept is known as the “authorization boundary.” 

The authorization boundary serves as a (sometimes physical, sometimes logical, sometimes administrative) fence that delineates the scope of a cloud system’s operations, setting clear boundaries for where assessment and regulatory requirements begin and end. 

Whether you’re a cloud service provider or a government agency representative, this article will shed light on this essential concept and help you understand its impact on the landscape of cloud security.

Read More

StateRAMP guidelines include network security standards from NIST 800-53, with specific requirements for implementing those guidelines based on the application and data processing. Implementing boundary controls is one of the more relevant and sometimes challenging aspects of compliance network security. Here, we will dig into how StateRAMP (and FedRAMP, to some extent) approach subnetworks and boundary security.

Read More

In the unfortunate event that a breach occurs, organizations must have a plan in place to respond and recover. StateRAMP borrows requirements from FedRAMP and NIST 800-53 to define how exactly state and local governments can implement incident response into their overall security infrastructure.

Read More