Services
Services
SOC & Attestations
SOC & Attestations
Payment Card Assessments
Payment Card Assessments
ISO Certifications
ISO Certifications
Privacy Assessments
Privacy Assessments
Federal Assessments
Federal Assessments
Healthcare Assessments
Healthcare Assessments
Penetration Testing
Penetration Testing
Cybersecurity Assessments
Cybersecurity Assessments
Crypto and Digital Trust
Crypto and Digital Trust
Schellman Training
Schellman Training
Industry Solutions
Industry Solutions
Cloud Computing & Data Centers
Cloud Computing & Data Centers
Financial Services & Fintech
Financial Services & Fintech
Healthcare
Healthcare
Payment Card Processing
Payment Card Processing
US Government
US Government
Learning Center
Learning Center
Articles
Articles
Whitepapers
Whitepapers
Case Studies
Case Studies
Events & Live Webinars
Events & Live Webinars
On-Demand Webinars
On-Demand Webinars
About Us
About Us
Leadership Team
Leadership Team
Careers
Careers
Corporate Social Responsibility
Corporate Social Responsibility

The Schellman Blog

Stay up to date with the latest compliance news from the Schellman blog.

CHRISTINA MCGHEE

Christina McGhee is the FedRAMP Technical Lead at Schellman. Christina has experience evaluating federal organizations against NIST and OMB standards to determine compliance, FISMA audits, and SSAE16 audits for federal agencies. She has also assisted multiple large cloud service providers in preparing and progressing through the FedRAMP authorization process.

Blog Feature

HIPAA | HITRUST | Healthcare

By: CHRISTINA MCGHEE
May 23rd, 2017

We as humans have an innate nature to be helpful.  When it comes to providing information about ourselves, we usually do so without thinking twice, especially when the request comes from someone we trust like a doctor, hospital, or other health care provider. However, providing this personal information, such as your Social Security Number (SSN), can increase the likelihood your personal information or identity are stolen.

Blog Feature

Cloud Computing

By: CHRISTINA MCGHEE
May 20th, 2016

Originally published at cloudsecurityalliance.org Today, consumers have an increasing interest in implementing cloud solutions to process and store their data.  They are looking to take advantage of the benefits provided by cloud computing, including flexibility, cost savings, and availability.  Fortunately, there are many cloud solutions available to consumers, touting cloud computing features such as multi-tenancy, virtualization, or increased collaboration.  But is it really a cloud service? 

Blog Feature

FISMA | Cloud Computing | FedRAMP

By: CHRISTINA MCGHEE
March 4th, 2016

Originally published on www.meritalk.com The Federal government is the leading creator, collector, consumer, and communicator of information in the United States. If there are changes to its regulatory requirements, it is entirely possible those changes will eventually spread into the commercial sector.  Such is the case with two related risk management programs developed by the Federal government that now enforce commercial organizations working contractually with the Federal government to employ Federal security standards.

Blog Feature

BrightLine Responds

By: CHRISTINA MCGHEE
December 1st, 2014

When assigning and reviewing user roles and privileges, reference a documented separation of duties chart, showing which roles, privileges, or other access types that one user cannot have access to in order to prevent potential conflicts of interest.

Blog Feature

By: CHRISTINA MCGHEE
October 13th, 2014

[Tweet "A user should only have access to the data, systems, hardware, etc., that they need to be able to perform their assigned duties."]

Blog Feature

Cloud Computing | FedRAMP

By: CHRISTINA MCGHEE
May 23rd, 2014

Via: FCW.com The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide program that provides a standardized approach to security assessments, authorizations, and continuous monitoring for cloud products and services. FedRAMP is meant to replace the current process by which federal agencies assess low and moderate baseline third party cloud service provider systems prior to procurement. Preceding FedRAMP, individual agencies managed their own assessment methodology following guidance loosely set by the Federal Information Security Management Act of 2002 (FISMA).