FedRAMP

What is FedRAMP and Why Does My Organization Need It?

What is FedRAMP and Why Does My Organization Need It?

It’s a common practice to shorten long and complicated organizational names to more digestible acronyms. However, navigating these acronyms and the programs behind them can sometimes feel like sifting through alphabet soup.  That’s why I’m here to help decode one of the most-well known federal programs: the Federal Risk and Authorization Management Program—otherwise known as FedRAMP.  

Read More

How to Share Your Cybersecurity Assessment with Your Professional Community

Cybersecurity Assessment with Your Professional Community

A-LIGN’s SVP of Marketing, Brian Gladstein, has been sharing ideas and best practices for getting the word out about your cybersecurity assessment. As the final post in this series, Brian discusses sharing your cybersecurity assessment with your professional community and how to promote your commitment to their security.

Read More

CMMC Expert Tony Bai on the DFARS Interim Rule, Rollout Timelines, Certification, and More

CMMC-Expert

With questions surfacing around CMMC and the changing regulatory landscape, Tony Bai, Federal Practice Lead at A-LIGN, offers his expert advice on a variety of federal compliance topics to help you understand what frameworks your organization should care about, how you can prepare and what is on the horizon for federal compliance.

Read More

Mind the Gap: How to Change Auditors without Impacting Compliance

Mind the Gap: How to Change Auditors without Impacting Compliance

Increasingly, organizations are realizing that a strategic compliance program increases operational efficiencies by replacing ad hoc and transactional audits with a more thoughtful approach. And as organizations get more serious about strategic compliance, they realize consolidation is a key component.

Read More

FIPS 140-2 and FedRAMP: A 3PAO Perspective

FIPS 140-2 and FedRAMP: A 3PAO Perspective

Many organizations understand encryption is the key to keeping sensitive information secure, but there are several options like modules and algorithms to choose from – many without an established standard.

Read More

The New Normal:
Fully-Enabled Remote Audits

The New Normal: Fully-enabled Remote Audits

The new normal is anything but normal, but before we join in the chorus of “uncertain times” let’s take a moment to reflect on how standards organizations have responded to COVID-19 to enable remote audits so that organizations can continue to demonstrate trust.

Read More

Federal Compliance Definitions: A Glossary of Terms

Federal Compliance Definitions: A Glossary of Terms

The world of compliance is filled with acronyms and abbreviations for some of its more complicated regulation systems and organizations. There is perhaps no better example than the long list of acronyms associated with federal compliance laws.

Read More

Your Guide to FedRAMP, FISMA and NIST

FedRAMP, FISMA and NIST

The federal government processes large amounts of important data daily, which is why it is vital for government organizations to understand and undergo federal assessments such as FedRAMP, FISMA, NIST and NIST SP 800-171.

Read More

Protecting the Nation: How to Achieve Federal Compliance

International

Federal assessments like FedRAMP, FISMA and NIST 800-171 help mitigate the risk of data breaches to important federal government agencies and departments, making them mandatory assessments used for federal security standards.

Read More

FedRAMP Tailored: New Program for Cloud Service Providers (CSPs)

The Federal Risk and Authorization Management Program (FedRAMP), a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services, released FedRAMP Tailored on September 28, 2017. This new Baseline was designed and developed for Cloud Service Providers (CPS) with Low-Impact Software-as-a-Service (LI-SaaS) Systems, supporting emerging technology […]

Read More