FedRAMP

HITRUST Updates: CSFBASICs, HITRUST CSF v8.1, HITRUST CSF v9

On March 1, 2017, HITRUST announced its roadmap for 2017, which included improvements to the HITRUST CSF and a renewed focus on smaller healthcare organizations. The roadmap focuses on combating cyber threats and information risks while advancing protection standards regarding healthcare data through CSFBASICs, HITRUST CSF v8.1, HITRUST CSF v9, …

Read More

FedRAMP vs. FISMA: Choosing the Right Standard for Your Federal Clients

When pursuing federal clients or servicing existing federal clients, there are a number of unique compliance needs due to the sensitivity of the federal information. Standards such as FedRAMP and FISMA exist to create consistent security standards for organizations seeking federal agency clientele. FISMA, or the Federal Information Security Management …

Read More

FedRAMP: Outline of Timeliness and Accuracy of Testing

As FedRAMP continues to emphasize the FedRAMP Accelerated program, which is meant to reduce approval time for the Joint Authorization Board (JAB), they have released additional guidance on the Timeliness and Accuracy of Testing Requirements. FedRAMP Timeliness and Accuracy of Testing There are three categories associated with testing …

Read More

FedRAMP Accelerated

Author: Cheryl Zobel, Managing Consultant at A-LIGN. FedRAMP, or the Federal Risk and Authorization Management Program, is a government program that provides a standardized approach to security assessment, authorization and continuous monitoring for cloud products and services. The FedRAMP Program Management Office (PMO) has retooled the program, …

Read More

Relevant Audit Selection for Cloud Providers

Just as in physical storage, cloud service providers are used to store sensitive data.  This can be anything from credit card information to personal information such as social security numbers.  There are three key cloud services:  Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS).  The storage of sensitive data will inevitably lead a cloud service provider to need a specific audit performed by a third-party entity, such as A-LIGN, due to legal, regulatory and/or contractual obligations.  It is important for cloud service providers to understand its obligations first when selecting an audit.  

Read More

FedRAMP Releases Updated Logo & FedRAMP Forward

  FedRAMPSM has released their newly redesigned logo in coordination with the release of “FedRAMP Forward: 2 Year Priorities.”  FedRAMP is a government-wide program that provides a standardized approach to security assessment, authorization and continuous monitoring for cloud products and services.  

Read More

Understanding FedRAMP: Cloud Service Provider’s Top 4 Questions Answered

By: Gene Geiger, Partner of A-LIGN Security and Compliance Services As an information security and audit firm focused on the compliance needs of service providers, A-LIGN’s accreditation as a FedRAMP third party assessment organization (“3PAO”) is a natural fit with our existing service offerings. Since becoming a FedRAMP 3PAO, we have noticed a trend in client calls stating their customers are inquiring about FedRAMP or that FedRAMP is being discussed during the sales cycle with prospective customers. With that being said, I thought it would be beneficial to outline the most common FedRAMP questions we have received with detailed responses.

Read More