The draft memo released by the OMB signals many potential changes for the FedRAMP program, especially for the continuous monitoring process. Continuous monitoring is a crucial part of FedRAMP that ensures that CSPs maintain compliance.
However, this process can also prove complicated and costly for cloud providers, especially small or unique companies offering innovative solutions. With that in mind, the new OMB memo addresses this by rethinking continuous monitoring.
In the ever-expanding cosmos of cloud computing, the Federal Risk and Authorization Management Program (FedRAMP) is the primary standard for cloud service providers working with federal agencies. Recognizing this, the Office of Management and Budget (OMB) has released a draft memorandum to revitalize FedRAMP, signaling a pivotal transformation to enhance the program’s efficiency, agility, and responsiveness to modern security threats.
This article will explore the newly proposed authorization paths for FedRAMP, how they differ from the previous standard, and what that might mean for cloud products and providers.
Companies and data brokers, armed with sophisticated data collection techniques, amass vast amounts of personal data, often without the explicit consent or awareness of the individuals concerned. The urgency of the matter has propelled jurisdictions worldwide to enact stringent data protection laws.
This article explores a new development in privacy law: the Data Delete Act. This law is just one in a longer (but recent) history of laws that include the General Data Protection Regulation (GDPR) of the European Union and the California Consumer Privacy Act (CCPA).
Here, we’ll discuss the law, its relationship to more extensive privacy regulations, and what best practices affected organizations can take to comply with it.