Control Origination Demystified

Control Origination can be confusing. Get it wrong and your System Security Plan (SSP) control definitions will not be attestable or certifiable. This series of illustrations provide an explanation to guide you through Control Origination requirements present in all NIST and FISMA assessments such as FedRAMP, 800-53, HIPAA, CJIS, DFARS, 800-171 and others.All controls originate… Read More

HHS Publishes Healthcare Cyber Security Guidelines Based on NIST CSF

New HHS publication outlines top cyber threats & best practices for healthcare industry Noting that cyber security is “the responsibility of every health care professional, from data entry specialists to physicians to board members,” the U.S. Department of Health and Human Services (HHS) has published Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients (HICP).… Read More

Why your cloud business needs FedRAMP certification

Now more than ever, FedRAMP certification will put your cloud services or SaaS solution head and shoulders above the competition. The Federal Risk and Authorization Management Program, or FedRAMP, was designed to support the federal government’s “cloud-first” initiative by making it easier for federal agencies to contract with vendors that provide SaaS solutions and other… Read More