The Federal Risk and Authorization Management Program has been around for nearly 15 years. In that time, it changed and was updated periodically to keep up with the times. While changes are occasionally made to the underlying security frameworks like FedRAMP, CMMC and the NIST documentation that reviews each security control, there is also communication directly from the Department of Defense and other organizations to issue additional guidance. The most recent memo, issued on December 21, 2023, comes from the Department of Defense and issues additional information about the concept of Equival ..read more

Here at Ignyte, we talk a lot about the most common and popular security certifications and frameworks for cloud service providers and others, FedRAMP, CMMC, and their associated NIST publications. These are very important, but they’re far from everything that can be relevant to a CSP or to businesses looking to maintain their security credentials. Most CSPs have to deal with basic PII, CUI, and other forms of protected information that may be treated broadly the same. Others have to adhere to other standards when they handle specific kinds of information. For example: Defense-related informa ..read more

FedRAMP is the Federal Risk and Authorization Management Program, and it’s one of the common security frameworks used by the government, its agencies, and the contractors that work with it. However, it’s not solely restricted to the government: FedRAMP can be used in the private sector just as well. The question is, how does it work if you want to do so, do you need to follow it, and what are the benefits of doing so? Detailing FedRAMP As mentioned above, FedRAMP is the Federal Risk and Authorization Management Program. It’s meant to be a standardized way to handle security authorization, asse ..read more

Whenever a business wants to work with the federal government, they are going to have to comply with certain frameworks to guarantee that, as part of the federal supply chain, it is secured to an appropriate level. The specific frameworks and standards vary based on factors such as impact levels and whether or not you’re in an industry with specific guidelines, like HIPAA or DoD standards. The bright side of FedRAMP compliance is that every detail, from the overall security framework to the individual security controls, is outlined and plainly detailed in NIST documentation. The downside is th ..read more

As time marches on and technology develops, there’s a constant push and pull between information security and attempts to breach that security. Obscurity – simply hiding from sight – isn’t enough with automated processes capable of scanning any possible address looking for signs of life, so much of modern computer security comes down to cryptography. Pretty much everyone has some experience with cryptography, from our childhood spy media to modern computer science. It’s a world full of advanced math, logical processes, and constant attacks. The US government uses cryptography to secure informa ..read more

Any business or service provider looking to work with the federal government or one of its departments or agencies is going to need to comply with one of the security frameworks as appropriate for their role, usually something like CMMC, FedRAMP, or HITRUST. A key part of these security frameworks is verification and validation that security measures are in place and that continuous monitoring is effective. This is usually done by a comprehensive audit conducted by a certified 3PAO (third party assessment organization), which goes through all of a business’s processes and systems, checks for c ..read more

In today’s digital age, destroying data is not as easy as it once was. Before the advent of computers, if you needed to destroy sensitive government information to prevent it from falling into the wrong hands, all you often needed to do was light some papers on fire. With computers, you might think that it’s a simple matter. After all, if you’ve ever accidentally deleted a file or had a hard disk crash, you’ve probably lost data and haven’t been able to recover it. The reality is, though, that data lingers even if it’s not easily accessible. When you delete a file on a hard drive, nothing actu ..read more

In the world of government contracting, information security is taken very seriously. There are a dozen different standards for security depending on who you are, what information you handle, and what department you’re working with. We’ve talked about many of them before, such as DFARS, FedRAMP, and CMMC, but there’s yet another to discuss. As you’ve guessed, if you’ve read the title, or as you know from seeing this post, we’re talking about FIPS. So, what is FIPS, what are the 199 and 200 documents, what does compliance mean, and what do you need to do as a company planning to work with the g ..read more

Navigating Authority to Operate: FISMA or FedRAMP? Decades ago, the government stood on its own. While it would often contract out with individuals and companies for services, there was always a barrier between third-party operations and government operations to prevent intrusion, infiltration, or compromise. Over the years, though, society has grown more and more complex. The advent of computerized systems, networks, and the internet has meant that an immense amount of complexity – that formerly was handled by paperwork and people – now needs to exist. The modern government simply couldn’t ex ..read more

What is OSCAL and Why Does It Matter for NIST and FedRAMP? Complying with federal cybersecurity guidelines is a difficult task. Unfortunately, many contractors and cloud service providers take a rather lax view of compliance, and it’s an all-too-common scenario for a company to build up standards and practices for audit time and let them slip immediately thereafter until the lead-up to the next audit. Part of this is simply the immense complexity of cybersecurity. With hundreds of security controls across dozens of control families, with continuous monitoring in play, with POAMs and auditing ..read more