The Schellman Blog

Ever watched a personal trainer conduct a workout on social media? Throwing up weights like they’re nothing or repping for what seems like hours before a water break—they make it look so easy. So much so that many people watching leap up to join them, only to realize that, no it’s not that easy, and these trainers operate at the level they do thanks to their dedication and massive, invested effort.

Ever seen those jugglers that manage to balance multiple spinning plates at the same time? As impressive as it is, you figure you’d be happy to spin just the one plate successfully. For cloud service providers (CSPs), you have lots of different proverbial compliance “plates” to choose to channel your effort into—the trick is knowing the differences and which is best for you.

Published by the National Institute of Standards and Technology (NIST), NIST SP 800-171 is a standard created to help organizations protect Controlled Unclassified Information (CUI) from unauthorized access or disclosure.

Cyber threats continue to escalate in both frequency and economic impact. Where earlier estimates from the U.S. Council of Economic Advisors placed the cost of malicious cyber activity to the U.S. economy between $57 billion and $109 billion in 2016, more recent data shows this threat has grown exponentially. In the U.S., these cyber threats are not a problem our government, and more specifically our military, can leave unchecked, particularly when it comes to the theft of valuable intellectual property and sensitive information from all industrial sectors. The potential backlash on our economic security and national security is too great, so action had to be taken. If you’re doing business in the Defense Industrial Base (DIB) sector, you will soon need to become CMMC certified. Within this newer program meant to protect information within the supply chain of the Department of Defense (DoD), there are three levels and their related assessments. If you’re wondering which level is right for you, don’t worry—in this article, we’ll explore the different levels of CMMC compliance you can achieve, but we won’t be able to do that without first addressing the critical importance of CUI. Then, you’ll understand how all these pieces fit together and have a better idea of which level is right for your organization and what to expect in the process.

If you’re a cloud service provider (CSP) seeking FedRAMP Authority to Operate (ATO), you may be wondering if Schellman is the right compliance firm to partner with.

For the first time since 2017, the FedRAMP Project Management Office (PMO) has updated the Penetration Testing Guidance document.

Every so often, a road needs to be repaved.