Did you know? The historic Apollo 11 mission that put a man on the moon took eight days, three hours, 18 minutes, and 35 seconds.

The Federal Risk and Authorization Management Program (FedRAMP) is a U.S. government initiative that standardizes the security assessment and authorization process for cloud products and services used by federal agencies. Part of this process requires cloud service providers (CSPs) to complete a FedRAMP Readiness Assessment Report (RAR), which is used to determine whether they are prepared to undergo full FedRAMP authorization.

Self-help guru Tony Robbins once said that "the meeting of preparation with opportunity generates the offspring we call luck."

If you’re a cloud service provider, you’re required to make it through the Federal Risk and Authorization Management Program (FedRAMP) in order to receive Authority to Operate (ATO) in the federal marketplace which allows you to provide your services and products for use by the federal government. There are two different avenues you can take to achieve ATO—through the Joint Authorization Board (JAB) or through an agency.

As a Third Party Assessment Organization (3PAO), Schellman has been performing FedRAMP security assessments for Cloud Service Providers (CSPs) since 2014. During this time, we have seen our CSP clients pioneer technologies that provide federal agencies an opportunity to leverage new and innovative cloud services, all while modernizing their approach to building, deploying, and managing applications through containerization. Though this gradual shift to containerizing system components has increased CSPs’ operational efficiency and scale, it has also introduced new security risks to FedRAMP systems.

Yesterday, on May 12th, President Biden issued the “Executive Order (EO) on Improving the Nation’s Cybersecurity.” Given that the Order features 11 sections that include both policy and general provisions among others, its 8,080 words is arguably the equivalent of multiple EOs. Such an effort is, no doubt, purposeful by the President—this is significant, and will certainly impact the security worlds of both the government itself and those companies that provide it with software and services.

Though Amazon’s Relational Database Services (RDS) can make hosting a database much easier, using them can also present new challenges, including some that crop up when you’re trying to scan against security benchmarks or meet compliance initiatives.

When two alpinists approach the same rock wall, they may both have the goal of reaching the summit, but the process they take to get there likely diverges greatly. Maybe one hikes up the backside while the other opts to climb the rock face directly—it likely depends on their individual skills, their gear, etc.