When we talk about scans, tests, and authorization in the context of StateRAMP assessment, we tend to think that the process (and all its moving parts) are relatively stable and predictable. And, for the most part, this thinking is correct. However, it’s normal, and in some ways expected, to run into issues where scans and tests return problems that can halt a StateRAMP authorization process–even if there isn’t a clear and unmitigated system failure. These instances fall under the category of a vulnerability deviation, and cloud service providers have a path toward working around these issues and gaining their StateRAMP ATO.

Read More

In December 2023, the Department of Defense announced its new Proposed Rules for CMMC. This release comes two years after their initial proposal for CMMC 2.0 as a framework. 

Many of CMMC’s expected requirements are coming to pass, and the DoD is looking to finalize and aggressively roll out the program over the next three years. 

Learn more about this next phase in CMMC implementation and what it might mean for your organization.

Read More