When organizations opt to pursue a new compliance initiative, aside from cost and necessary resources, the first thought is usually regarding what to expect. That’s true for StateRAMP as well, and though many may—correctly—assume that there are some similarities between it and the more popular FedRAMP, there are several very clear deviations by the former from the latter that you know about going in.

The release of FedRAMP’s Revision 5 has raised many questions, including those regarding the addition of a red team exercise requirement for those seeking FedRAMP authorization. As the #1 provider of FedRAMP assessments on the Marketplace who have extensive experience in offensive security, we have insight to offer.

Looking back, December 2023 was a big month for the Department of Defense (DoD). Not only did they release the 32 CFR Part 170 - Cybersecurity Maturity Model Certification (CMMC) Proposed Rule, but they also published a memorandum titled Federal Risk and Authorization Management Program (FedRAMP) Moderate Equivalency for Cloud Service Provider’s (CSP) Cloud Service Offerings (CSOs). The latter, in a huge development, clarified requirements for CSOs that are currently (or will be) storing, processing, or transmitting Covered Defense Information (CDI)—more commonly referred to as Controlled Unclassified Information (CUI)—although there are some nuances that must be understood.

Now that the DoD Cloud Computing Security Requirements Guide (SRG) v1r4 has been officially retired, cloud service providers (CSPs) will need to familiarize themselves with the two new documents that have replaced those requirements—the latest DoD CSP SRG v1r1 and DoD Mission Owner (MO) SRG—to maintain compliance with applicable mandates.

Looking back, December 2023 was a big month for the Department of Defense (DoD), as they released the both memorandum titled Federal Risk and Authorization Management Program (FedRAMP) Moderate Equivalency for Cloud Service Provider’s Cloud Service Offerings, as well as the 32 CFR Part 170 - Cybersecurity Maturity Model Certification (CMMC) Proposed Rule.

For those wanting to acquaint themselves with StateRAMP, we’ve put together answers to some of the most frequently asked questions we receive as an experienced Third-Party Assessment Organization (3PAO).

Now that the deadline for the CISA Secure Software Development form is quickly approaching, organizations are working to ensure they get their attestation in order—that includes FedRAMP Cloud Service Providers (CSPs).

With the deadlines for the newly incorporated Cybersecurity Infrastructure and Security Agency (CISA) Secure Software Development Attestation Form looming, organizations supplying government-used software must get their ducks in a row to ensure compliance with these requirements.