a digital blue and black padlock in a circle that looks like a CPU and motherboard.

A new congressional report recommending a FedRAMP-style framework for commercial data brokers has reignited a long-running debate in Washington: whether federal agencies should be able to buy sensitive personal data on the open market without the same legal scrutiny required for traditional surveillance.

Supporters of reform argue that the rapid growth of the data brokerage ecosystem (typical in the private sector across enterprise retail and social media) has outpaced oversight. National security officials, however, claim that commercially available data has become an essential tool for mission execution. The report’s recommendations suggest policymakers are increasingly interested in closing that gap.

Awareness

Continuous Controls Monitoring and Real-Time Compliance

Mar 18, 2026 Lazarus Alliance 0 Comment

The move to continuous controls monitoring is quickly becoming the baseline expectation for how security and compliance programs operate, particularly in cloud-first, identity-driven environments. What was once framed as “continuous compliance” or “real-time assurance” has now become a necessity driven by how risk and regulations actually function.

Audit & Compliance Awareness

What The 2026 FedRAMP RFCs Mean For Cloud Providers

Mar 11, 2026 Lazarus Alliance 0 Comment

A digital cloud with a red light shining on it from a security camera.

With the January 2026 release of multiple RFCs tied to the FedRAMP Authorization Act, the program is shifting from incremental process tweaks to structural modernization. This has been on the horizon for a while now, with the announcement of the FedRAMP 20x program. But this string of RFCs signals that the program is finalizing the finer points of this transformation. For CSPs and their compliance leaders, this is the point at which the realities of FedRAMP over the next decade come into sharper focus.