<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1977396509252409&amp;ev=PageView&amp;noscript=1">

THIS FRIDAY: Free Webinar - ISO 27002 Revision

Contact a Specialist
Industry Solutions
Industry Solutions
Cloud Computing & Data Centers
Cloud Computing & Data Centers
Financial Services & Fintech
Financial Services & Fintech
Healthcare
Healthcare
Payment Card Processing
Payment Card Processing
US Government
US Government
Learning Center
Learning Center
Articles
Articles
Whitepapers
Whitepapers
Case Studies
Case Studies
Events & Live Webinars
Events & Live Webinars
On-Demand Webinars
On-Demand Webinars
Compliance Reliance
Compliance Reliance
About Us
About Us
Leadership Team
Leadership Team
Careers
Careers
Corporate Social Responsibility
Corporate Social Responsibility

Blog

The Schellman Advantage Blog

Stay up to date with the latest compliance news from the Schellman Advantage blog.

Blog Feature

FedRAMP | Security

By: Matt Hungate
September 15th, 2021

As a Third Party Assessment Organization (3PAO), Schellman has been performing FedRAMP security assessments for Cloud Service Providers (CSPs) since 2014. During this time, we have seen our CSP clients pioneer technologies that provide federal agencies an opportunity to leverage new and innovative cloud services, all while modernizing their approach to building, deploying, and managing applications through containerization. Though this gradual shift to containerizing system components has increased CSPs’ operational efficiency and scale, it has also introduced new security risks to FedRAMP systems.

Blog Feature

Cybersecurity | FedRAMP | Federal | Government

By: Douglas Barbin
May 13th, 2021

Yesterday, on May 12th, President Biden issued the “Executive Order (EO) on Improving the Nation’s Cybersecurity.” Given that the Order features 11 sections that include both policy and general provisions among others, its 8,080 words is arguably the equivalent of multiple EOs. Such an effort is, no doubt, purposeful by the President—this is significant, and will certainly impact the security worlds of both the government itself and those companies that provide it with software and services.

Blog Feature

FedRAMP | ISO 27001 / 27002

By: STUTAY MONGA
June 5th, 2017

Over the last few years, there has been a push to obtain cloud computing solutions at almost every turn.  A plethora of companies continue to provide cloud services to their existing clientele; however, much of the federal clientele remains untouched.  The Federal Risk and Authorization Management Program (FedRAMP) provides the ability for companies to follow a standardized approach in terms of security assessments, authorizations, and continuous monitoring of cloud products and services offered to the federal government.

Blog Feature

FISMA | FedRAMP

By: Schellman
October 3rd, 2016

Even if you aren’t selling to a government agency, it’s important to understand government regulations. The government is the largest single creator, collector, consumer and circulator of information in the country. If its policies change, there’s a good chance those changes will trickle down to the commercial sector.  Add to that the alphabet soup of acronyms that come with it, FISMA, FedRAMP, NIST, FIPS, etc.

Blog Feature

FedRAMP

By: MATT WILGUS
May 25th, 2016

Many cloud service providers (CSPs) are not fully addressing the database scanning requirements for FedRAMP and have questions related to database security and FedRAMP.  This article details the issues associated with not meeting the database scanning requirement, the most common reasons why this occurs, what can be done to improve this and what to consider with database security beyond scanning. 

Blog Feature

FISMA | Cloud Computing | FedRAMP

By: CHRISTINA MCGHEE
March 4th, 2016

Originally published on www.meritalk.com The Federal government is the leading creator, collector, consumer, and communicator of information in the United States. If there are changes to its regulatory requirements, it is entirely possible those changes will eventually spread into the commercial sector.  Such is the case with two related risk management programs developed by the Federal government that now enforce commercial organizations working contractually with the Federal government to employ Federal security standards.

Blog Feature

FISMA | Cloud Computing | FedRAMP

By: MATT WILGUS
October 14th, 2015

Originally published on www.fedrampfastforward.com BrightLine works with many cloud service providers (CSPs) which have built successful business by providing services to the private sector. With the growth, not to mention CloudFirst mandate, many of these CSPs are taking a much closer look at the potential to work with the Federal government. Today, part of the price of entry is compliance with the Federal Risk and Authorization Management Program (FedRAMP).

Blog Feature

FedRAMP | PCI

By: MATT WILGUS
July 9th, 2015

 Overview In the last 30 days, the FedRAMP Program Management Office (PMO) has published guidance for both vulnerability scanning and penetration testing. The updated guidance comes on the heels of PCI mandating the enhanced penetration testing requirements within its requirement 11.3 as part of the 3.0, now 3.1, version of the DSS. These augmented PCI requirements, introduced in the fall of 2013, took effect on June 30th. For many cloud service providers this means the requirements for vulnerability scanning and penetration testing are more thorough and will require additional resources for planning, executing and remediating findings. This article will walk through the updates and discuss the differentiation between FedRAMP and the PCI Data Security Standard (DSS).