On February 20th, the FedRAMP PMO announced the release of the newest design for the FedRAMP Marketplace. While this news doesn’t necessarily shake the foundations of government compliance, the Marketplace it is an essential resource for agencies looking for a trustworthy source of information regarding cloud providers.

In this article, we’ll break down what kind of information you can find in the new Marketplace and highlight why this resource is so vital for the health and performance of the program.

Read More

When we talk about scans, tests, and authorization in the context of StateRAMP assessment, we tend to think that the process (and all its moving parts) are relatively stable and predictable. And, for the most part, this thinking is correct. However, it’s normal, and in some ways expected, to run into issues where scans and tests return problems that can halt a StateRAMP authorization process–even if there isn’t a clear and unmitigated system failure. These instances fall under the category of a vulnerability deviation, and cloud service providers have a path toward working around these issues and gaining their StateRAMP ATO.

Read More

CMMC certification is rolling out in RFPs in the defense and federal security compliance space. This framework promotes a uniform approach to security to protect important, unclassified data that passes through third-party vendors working with federal agencies. To ensure that companies meet their compliance requirements, CMMC leverages outside certified assessors to serve as a third-party assessment organization (C3PAO).

This article will cover the basics of C3PAOs in CMMC certification. This discussion includes a breakdown of CMMC requirements and the importance of a C3PAO in providing objective evaluations of vendor security in the defense space. 

Read More