Common Criteria and NIST Evaluation

Jun 1, 2023 Lazarus Alliance 0 Comment

The Common Criteria, recognized worldwide, provides a standardized framework for evaluating the security attributes of IT products and systems. From defining security requirements to testing and verifying products against these requirements, the Common Criteria assure that the evaluation process is rigorous, repeatable, and thorough.

To ensure the success of the program on a national basis, organizations in those locales will manage certified labs that can test for Common Criteria standards. One such organization and program in the United States is the National Voluntary Laboratory Accreditation Program, or NVLAP).

This article will discuss Common Criteria and how they are managed under NVLAP.

What Is SOC 2 with Additional Subject Matter (SOC 2+)?

May 25, 2023 Lazarus Alliance 0 Comment

The Service Organization Control 2 (SOC 2) report has become, for many organizations and industries, the gold standard in security and integrity. While SOC 2 can be relatively comprehensive, more than the basic SOC 2 may be needed as regulatory and industry landscapes evolve. Enter SOC 2+, also known as a SOC 2 report with additional subject matter.

By incorporating additional subject matter from other compliance frameworks or regulations, SOC 2+ offers a more comprehensive overview of an organization’s control environment. But what does SOC 2+ entail, and how can organizations prepare for this audit? This article will demystify SOC 2+ compliance and provide practical guidance on navigating this complex but critical process.

FedRAMP High Impact Level and Unique NIST Controls

May 17, 2023 Lazarus Alliance 0 Comment

In the era of digitization, the security of cloud services, particularly those engaged with federal agencies, is paramount. The government uses the Federal Risk and Authorization Management Program (FedRAMP)–to ensure cloud services meet stringent security standards to protect federal data.

This article will dig into the intricacies of the FedRAMP High Impact Level and its relevance for different organizations. Whether you are a federal agency, a CSP, or a government contractor, understanding the FedRAMP High Impact Level is crucial to navigating the evolving landscape of cloud security.