If you’re a cloud service provider, you’re required to make it through the Federal Risk and Authorization Management Program (FedRAMP) in order to receive Authority to Operate (ATO) in the federal marketplace which allows you to provide your services and products for use by the federal government. There are two different avenues you can take to achieve ATO—through the Joint Authorization Board (JAB) or through an agency.

What It Means for the Present & the Future

We all know that cybercriminals are now a thing.

Schellman becomes the first compliance services firm authorized by the CMMC AB and the 5th C3PAO Overall October 19, 2021 (Tampa, FL) – Schellman is pleased to announce that we are now an authorized Cybersecurity Maturity Model Certification (CMMC) Third Party Assessment Organization (C3PAO). Overseen by the Department of Defense (DoD) alongside the CMMC Accreditation Body (CMMC AB), the CMMC program is designed to enforce consistent cybersecurity practices across the hundreds of thousands of defense contractors that participate in and make up the Defense Industrial Base (DIB). A group that now includes Schellman, C3PAOs are the independent assessment organizations that work alongside advisory and training providers to improve cybersecurity practices and protect the sensitive information maintained by the DIB participants.

Every year, millions of people donate to nonprofit organizations with the hope of making a positive impact in their local and greater communities. These statistics speak for themselves:

Chris Smith from Schellman & Company, LLC Selected to Attend AICPA’s 2021 Leadership Academy Tampa, FL – August 3, 2021 – Schellman & Company, LLC, a leading provider of attestation and compliance services, is proud to announce that Chris Smith, CPA, CISSP, CISA, CIPP/US, ISO 27001 LA is one of only 30 CPAs to be honored by the American Institute of CPAs (AICPA) with a place as part of the Leadership Academy’s 13th graduating class. Chris was selected based on his exceptional leadership skills and professional experience for the four-day Leadership Academy program, which will take place virtually October 25-28, 2021.

What is ISO 27001? At a basic level, ISO/IEC 27001:2022 (ISO 27001) is a management system framework for an information security management system (ISMS) that a company can be certified against by conforming to the ISO 27001 standard. Structured primarily around how a company manages information security and its related risk, this standard is a powerful one, as almost every company in the modern age now “manages information security” of some sort.

During a penetration test, the Schellman team often works with development teams, administrators, risk and compliance professionals and information security personnel; however, the initial point of contact for a penetration test may be an individual that isn’t any of those. More and more, someone from the product or procurement team may have the responsibility—or shared responsibility—of having a penetration test performed. While these individuals may understand a timeline for a specific task, they likely do not have full visibility into the entire project. Such circumstances, among others, can trigger one of the biggest challenges frequently seen in planning pen tests—timing.