The ink has barely dried on the CMMC final rule, and already the defense contracting community is buzzing with speculation about what comes next. Just when contractors thought they had a moment to catch their breath after years of regulatory limbo, whispers of CMMC 3.0 have begun circulating through the industry.

But is this just noise, or is there something more substantial happening behind the scenes? As it turns out, recent DoD actions suggest that conversations about the next iteration of CMMC might be closer than we thought.

Read More

Government responses to evolving security threats have, to more or less a degree, started to incorporate advanced mitigation postures that reflect a world of networked systems and complex digital supply chains. 

To address this changing landscape, the president issued Executive Order 14028, “Executive Order on Improving the Nation’s Cybersecurity.” This 2021 order introduced a zero-trust approach to security and stricter requirements for authorization processes and baseline requirements. 

This article will discuss how some aspects of this executive order are impacting or will impact, FedRAMP Authorization for cloud service offerings. 

Read More

In the era of digitization, the security of cloud services, particularly those engaged with federal agencies, is paramount. The government uses the Federal Risk and Authorization Management Program (FedRAMP)–to ensure cloud services meet stringent security standards to protect federal data. 

This article will dig into the intricacies of the FedRAMP High Impact Level and its relevance for different organizations. Whether you are a federal agency, a CSP, or a government contractor, understanding the FedRAMP High Impact Level is crucial to navigating the evolving landscape of cloud security.

Read More