If you’re a cloud service provider, you’re required to make it through the Federal Risk and Authorization Management Program (FedRAMP) in order to receive Authority to Operate (ATO) in the federal marketplace which allows you to provide your services and products for use by the federal government. There are two different avenues you can take to achieve ATO—through the Joint Authorization Board (JAB) or through an agency.

What It Means for the Present & the Future

We all know that cybercriminals are now a thing.

Schellman becomes the first compliance services firm authorized by the CMMC AB and the 5th C3PAO Overall October 19, 2021 (Tampa, FL) – Schellman is pleased to announce that we are now an authorized Cybersecurity Maturity Model Certification (CMMC) Third Party Assessment Organization (C3PAO). Overseen by the Department of Defense (DoD) alongside the CMMC Accreditation Body (CMMC AB), the CMMC program is designed to enforce consistent cybersecurity practices across the hundreds of thousands of defense contractors that participate in and make up the Defense Industrial Base (DIB). A group that now includes Schellman, C3PAOs are the independent assessment organizations that work alongside advisory and training providers to improve cybersecurity practices and protect the sensitive information maintained by the DIB participants.

Every year, millions of people donate to nonprofit organizations with the hope of making a positive impact in their local and greater communities. These statistics speak for themselves:

Chris Smith from Schellman & Company, LLC Selected to Attend AICPA’s 2021 Leadership Academy Tampa, FL – August 3, 2021 – Schellman & Company, LLC, a leading provider of attestation and compliance services, is proud to announce that Chris Smith, CPA, CISSP, CISA, CIPP/US, ISO 27001 LA is one of only 30 CPAs to be honored by the American Institute of CPAs (AICPA) with a place as part of the Leadership Academy’s 13th graduating class. Chris was selected based on his exceptional leadership skills and professional experience for the four-day Leadership Academy program, which will take place virtually October 25-28, 2021.

When I first began considering a career with Schellman, I began to dig through industry jargon to familiarize myself—my background was in nonprofits, and there was a lot of new information to parse through, including many, many acronyms. Among those that I discovered was ISO, an abbreviation that up to just a few months ago, was lost among others like NBA, NCAA, and TSLA that some might argue are more important. When I initially learned, more specifically, of ISO 27001, I had no clue what it meant, but I’d eventually discern that this certification was the one that potentially could change the course of my professional career. Throughout my extensive research, it was the unique nature of ISO 27001 that was among the important gems I discovered that would eventually draw me into the industry.

During a penetration test, the Schellman team often works with development teams, administrators, risk and compliance professionals and information security personnel; however, the initial point of contact for a penetration test may be an individual that isn’t any of those. More and more, someone from the product or procurement team may have the responsibility—or shared responsibility—of having a penetration test performed. While these individuals may understand a timeline for a specific task, they likely do not have full visibility into the entire project. Such circumstances, among others, can trigger one of the biggest challenges frequently seen in planning pen tests—timing.