Remember when Tom Brady signed with the Tampa Bay Bucs? They clearly felt he could lead their team to new heights, as they agreed to pay Brady $30 million a season. Such an investment was no doubt made easier given Brady’s playing history—the quarterback had previously led the New England Patriots to 17 division titles and six Super Bowl titles. The Bucs knew he was a proven winner, and elected to trust Brady could do the same with his new team.

Auditors. We’re an odd breed. “A necessary pain in the tuchus,” some may say. Admittedly, we’re not everyone’s cup of tea. In fact, in our 20+ years of experience, we’ve seen the word “auditor” invite various visceral responses. To be sure, organizations aren’t always enthusiastic about inviting us assessors in to do the requisite checks, despite the benefits of doing so (and despite being invited guests).

So you’ve committed to an audit. Your customers were asking, or maybe a new regulation came into effect that your organization is now subject to—whatever the reason was, you’ve got to get audited because your audit team is confirmed.

If you’re a parent, you’ve likely had the debate in the car with your young kids—they want to stop for McDonalds and you tell them, “we’ve got food at home.” From their perspective, they want what they want, but from yours, you understand you’ve already made an investment in perfectly good food at the grocery store, and you’re not about to spend any more money that you don’t have to.

If you ever went to college, you might remember how you considered where you wanted to go. The academic distinction, the on-campus facilities, their post-degree outlook—you wanted the best of the best education if you were going to pay a premium for the experience.

When King George V died in 1936, he probably expected to smoothly pass his crown onto his eldest son, who would be crowned the new king. Everyone in the United Kingdom was comfortable with how the legacy of the constitutional monarchy worked, by that point, so they likely hoped for a smooth transition.

What It Means for the Present & the Future [NOTE: Schellman previously blogged on the initial roll-out of CMMC here. This article supersedes prior Schellman content as the model has been revised and updated by DoD.]

As a Third Party Assessment Organization (3PAO), Schellman has been performing FedRAMP security assessments for Cloud Service Providers (CSPs) since 2014. During this time, we have seen our CSP clients pioneer technologies that provide federal agencies an opportunity to leverage new and innovative cloud services, all while modernizing their approach to building, deploying, and managing applications through containerization. Though this gradual shift to containerizing system components has increased CSPs’ operational efficiency and scale, it has also introduced new security risks to FedRAMP systems.