Upcoming Webinar | The New Frontier of 2025 Compliance: Mastering GovRAMP, IN-RAMP, and the Mystery of FedRAMP 20x on Sept. 4th @ 1:00 PM ET

Contact Us
Services
Services
Crypto and Digital Trust
Crypto and Digital Trust
Schellman Training
Schellman Training
Sustainability Services
Sustainability Services
AI Services
AI Services
About Us
About Us
Leadership Team
Leadership Team
Corporate Social Responsibility
Corporate Social Responsibility
Careers
Careers
Strategic Partnerships
Strategic Partnerships

Blog

The Schellman Blog

Stay up to date with the latest compliance news from the Schellman blog.

Blog Feature

FedRAMP | Federal Assessments | CMMC

By: Matt Hungate
August 19th, 2025

If you develop or sell commercial-off-the-shelf (COTS) technology that ends up in Department of Defense (DoD) environments, there’s a new bar you have to clear. Katie Arrington, the acting DoD CIO has issued a new memo that directly impacts how you manage your software supply chain, and it’s going to change how COTS vendors prepare for procurement.

Blog Feature

FedRAMP | Federal Assessments

By: Matt Hungate
August 7th, 2025

The FedRAMP 20x pilot marks the most significant shift in federal cloud security in over a decade. Launched in May 2025, the program aims to modernize the authorization process by emphasizing speed, automation, and real-time security validation. For organizations pursuing Low Baseline authorization, the 20x path offers a faster, more efficient entry point into the federal market.

Blog Feature

FedRAMP | Federal Assessments | CMMC

By: Tim Walsh
July 28th, 2025

Organizations seeking to work with the US government today must navigate a growing array of compliance requirements. Among the most prominent security frameworks are the Cybersecurity Maturity Model Certification (CMMC) and Federal Risk and Authorization Management Program (FedRAMP), each playing a critical role in securing federal information and systems.

Blog Feature

FedRAMP | Federal Assessments

By: Jacob Handra
July 1st, 2025

Vulnerability scanning is one of the most critical — and commonly misunderstood — requirements in achieving the Federal Risk and Authorization Management Program (FedRAMP) Authorization to Operate (ATO). Cloud Service Providers (CSPs) must demonstrate a mature vulnerability management program to meet FedRAMP’s rigorous standards, requiring the right people, processes, and technologies in place.

Blog Feature

FedRAMP | Penetration Testing

By: Tim Campbell
April 9th, 2025

It's been an exciting past few years for the Schellman penetration testing team. Throughout 2024, our team worked with over 150 clients to support their efforts in securing their businesses. As a lead assessor in the FedRAMP marketplace, Schellman prides ourselves in being able to assess our clients’ systems and helping to identify the vulnerabilities they may have.

Blog Feature

FedRAMP | Federal Assessments | StateRAMP

By: Jon Coffelt
April 1st, 2025

Any Cloud Service Provider (CSP) who is familiar with FedRAMP likely knows that presenting an authorization package that includes a non-FedRAMP-authorized external service storing or processing of federal metadata wouldn’t get you very far—it’s likely a showstopper. However, some may not realize that that’s not necessarily the case regarding StateRAMP.

Blog Feature

Cybersecurity Assessments | FedRAMP | News | Federal Assessments

By: Schellman
March 31st, 2025

TAMPA, Fla. – March 31, 2025 – Schellman, a leading provider of attestation and compliance services and a top 50 CPA firm, is pleased to announce that Schellman has expanded its offerings to perform cleared assessments for its clients. As an accredited FedRAMP® Third Party Assessment Organization (3PAO), this enables Schellman to perform Department of Defense (DoD) Impact Level 6 (IL6) assessments as well as other NIST-based assessments, SOC 2 examinations, and penetration testing for DoD systems. This milestone strengthens Schellman’s position as a trusted assessment partner for government and defense-related environments.

Blog Feature

FedRAMP | Federal Assessments

By: Nick Rundhaug
March 26th, 2025

As more government agencies move sensitive data to the cloud, ensuring security and compliance is of paramount importance. As such, the FedRAMP (Federal Risk and Authorization Management Program) assessment and authorization process is a critical framework to ensure that cloud environments meet federal security standards.

{