Christina McGhee is the FedRAMP Technical Lead at Schellman. Christina has experience evaluating federal organizations against NIST and OMB standards to determine compliance, FISMA audits, and SSAE16 audits for federal agencies. She has also assisted multiple large cloud service providers in preparing and progressing through the FedRAMP authorization process.
HIPAA | HITRUST | Healthcare
By:
CHRISTINA MCGHEE
May 23rd, 2017
We as humans have an innate nature to be helpful. When it comes to providing information about ourselves, we usually do so without thinking twice, especially when the request comes from someone we trust like a doctor, hospital, or other health care provider. However, providing this personal information, such as your Social Security Number (SSN), can increase the likelihood your personal information or identity are stolen.
By:
CHRISTINA MCGHEE
May 20th, 2016
Originally published at cloudsecurityalliance.org Today, consumers have an increasing interest in implementing cloud solutions to process and store their data. They are looking to take advantage of the benefits provided by cloud computing, including flexibility, cost savings, and availability. Fortunately, there are many cloud solutions available to consumers, touting cloud computing features such as multi-tenancy, virtualization, or increased collaboration. But is it really a cloud service?
FISMA | Cloud Computing | FedRAMP
By:
CHRISTINA MCGHEE
March 4th, 2016
Originally published on www.meritalk.com The Federal government is the leading creator, collector, consumer, and communicator of information in the United States. If there are changes to its regulatory requirements, it is entirely possible those changes will eventually spread into the commercial sector. Such is the case with two related risk management programs developed by the Federal government that now enforce commercial organizations working contractually with the Federal government to employ Federal security standards.
By:
CHRISTINA MCGHEE
December 1st, 2014
When assigning and reviewing user roles and privileges, reference a documented separation of duties chart, showing which roles, privileges, or other access types that one user cannot have access to in order to prevent potential conflicts of interest.
By:
CHRISTINA MCGHEE
October 13th, 2014
[Tweet "A user should only have access to the data, systems, hardware, etc., that they need to be able to perform their assigned duties."]
By:
CHRISTINA MCGHEE
May 23rd, 2014
Via: FCW.com The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide program that provides a standardized approach to security assessments, authorizations, and continuous monitoring for cloud products and services. FedRAMP is meant to replace the current process by which federal agencies assess low and moderate baseline third party cloud service provider systems prior to procurement. Preceding FedRAMP, individual agencies managed their own assessment methodology following guidance loosely set by the Federal Information Security Management Act of 2002 (FISMA).