What is FedRAMP and Why Does My Organization Need It?

It’s a common practice to shorten long and complicated organizational names to more digestible acronyms. However, navigating these acronyms and the programs behind them can sometimes feel like sifting through alphabet soup.  That’s why I’m here to help decode one of the most-well known federal programs: the Federal Risk and Authorization Management Program—otherwise known as FedRAMP.  

Continue reading “What is FedRAMP and Why Does My Organization Need It?”

CMMC Expert Tony Bai on the DFARS Interim Rule, Rollout Timelines, Certification, and More

With questions surfacing around CMMC and the changing regulatory landscape, Tony Bai, Federal Practice Lead at A-LIGN, offers his expert advice on a variety of federal compliance topics to help you understand what frameworks your organization should care about, how you can prepare and what is on the horizon for federal compliance.

Continue reading “CMMC Expert Tony Bai on the DFARS Interim Rule, Rollout Timelines, Certification, and More”

How European Companies Can Accelerate International Expansion with SOC 2 Compliance

The United States represents an attractive market for many European companies, but international expansion can be fraught with risk because of a completely different regulatory landscape. 
Continue reading “How European Companies Can Accelerate International Expansion with SOC 2 Compliance”

Ostendio Expands MyVCM Auditor Connect Marketplace with
A-LIGN Partnership

Reposted with permission, Ostendio Inc.

ARLINGTON, Va. – September 28, 2020 – Ostendio Inc., a leading provider of integrated risk management software, and A-LIGN, a security and compliance provider, today announced that A-LIGN is joining the MyVCM Auditor Connect™ marketplace offering customers more choices in their third party security and risk management audit firms. Continue reading “Ostendio Expands MyVCM Auditor Connect Marketplace with
A-LIGN Partnership”

Featured CLIMBER:
Shayna Davitt

CLIMBERS take many different paths to elevate to their summit. Going above and beyond for our clients and fellow CLIMBERS is recognized through the annual value awards at CLIMB, A-LIGN’s annual training and team-building event. Continue reading “Featured CLIMBER:
Shayna Davitt”

FIPS 140-2 and FedRAMP: A 3PAO Perspective

Many organizations understand encryption is the key to keeping sensitive information secure, but there are several options like modules and algorithms to choose from – many without an established standard. Continue reading “FIPS 140-2 and FedRAMP: A 3PAO Perspective”

The New Normal:
Fully-Enabled Remote Audits

The new normal is anything but normal, but before we join in the chorus of “uncertain times” let’s take a moment to reflect on how standards organizations have responded to COVID-19 to enable remote audits so that organizations can continue to demonstrate trust. Continue reading “The New Normal:
Fully-Enabled Remote Audits”

Federal Compliance Definitions: A Glossary of Terms

The world of compliance is filled with acronyms and abbreviations for some of its more complicated regulation systems and organizations. There is perhaps no better example than the long list of acronyms associated with federal compliance laws. Continue reading “Federal Compliance Definitions: A Glossary of Terms”

Your Guide to FedRAMP, FISMA and NIST

The federal government processes large amounts of important data daily, which is why it is vital for government organizations to understand and undergo federal assessments such as FedRAMP, FISMA, NIST and NIST SP 800-171. Continue reading “Your Guide to FedRAMP, FISMA and NIST”

Protecting the Nation: How to Achieve Federal Compliance

Federal assessments like FedRAMP, FISMA and NIST 800-171 help mitigate the risk of data breaches to important federal government agencies and departments, making them mandatory assessments used for federal security standards. Continue reading “Protecting the Nation: How to Achieve Federal Compliance”