NIAP and Protection Profiles

IT security in the federal market is layered and multifaceted. Specific requirements exist for different types of data platforms and technologies. At a more granular level, standards have been developed for individual IT products: NIAP Protection Profiles.

This article will cover why these profiles are essential for federal security, how to find them, and what to do if there isn’t an available profile to follow. 

 

Read More

The New Roadmap for FedRAMP

A hand on a computer with symbols in front of it

Recently, FedRAMP announced that, per stakeholder feedback, the federal market’s needs for cloud SaaS products are not being met. A significant part of this is the program’s bottleneck. 

To address this issue, the Office of Management and Budget (OMB) has released a draft memo offering significant program changes, including updates to infrastructure, leadership, and authorization. 

This article will briefly overview this new roadmap based on the information currently available to the public. 

 

Read More

FedRAMP and Penetration Testing Guidance Updates in 2024

"Penetration Test" on blue background

Recently, the FedRAMP program (via the OMB) released a request for feedback on new guidance documentation for penetration testing under the program. The new guidance standards target organizations and 3PAOs undergoing or performing penetration tests under FedRAMP requirements.

The new guidance addresses new attack vectors targeting subsystems in IT infrastructure. 

Here, we’ll cover his newest draft about new guidance standards for FedRAMP penetration testing.

 

Read More