LaTisha Raulston-Sloderbeck Articles

FedRAMP Tips & Cues – May 15, 2019

This week, FedRAMP published several Q&A’s for Cloud Service Providers(CSPs) : Cloud Service Providers (CSPs) Here are some basic questions our FedRAMP SMEs get about FIPS 140-2 validation compliance for Multi Factor Authentication (MFA). Q: I hear FIPS-validation does not apply to One-Time-Password (OTP) authentication. Is this true or false? A: This is FALSE! You...

FedRAMP Tips & Cues – April 17, 2019

Last week, FedRAMP published one Q&A for Cloud Service Providers(CSPs) and one Q&A for Federal Agencies: Cloud Service Providers (CSPs) Q: What are FedRAMP baseline requirements for a Cloud Service Offering (CSO) to become a High Baseline System? 1) There should be no interconnections to systems or services lacking FedRAMP Authorization. For JAB P-ATOs, interconnections...

FedRAMP Tips & Cues – April 3, 2019

This week, FedRAMP published one Tip and one Q&A for Cloud Service Providers(CSPs) : Cloud Service Providers (CSPs) TIP: All FedRAMP Baselines require the CSP information system to accept and electronically verify Personal Identity Verification (PIV) and Common Access Card (CAC) credentials according to IA-2(12). Many CSP’s assign the responsibility of PIV/CAC implementation to the...

FedRAMP Tips & Cues – March 6, 2019

This week, FedRAMP published one Tip and one Q&A for Cloud Service Providers(CSPs) : Cloud Service Providers (CSPs) TIP: When submitting a Security Assessment Report (SAR) package to your 3PAO, a few simple quality checks will help ensure a timely review: Ensure the SAR Template text is unchanged, except for the removal of instructional text....