LaTisha Raulston-Sloderbeck Articles

FedRAMP Weekly Tips & Cues – May 16, 2018

This week, FedRAMP published two Tips, one for Agencies and one for Third Party Assessment Organizations (3PAOs): Agencies TIP:  During Continuous Monitoring, the Agency Authorizing Official (AO) is responsible for ensuring that the security posture of the cloud service their Agency is using continues to be acceptable. The responsibility for the AO (or his/her designated...

FedRAMP Weekly Tips & Cues – May 9, 2018

This week, FedRAMP published two Tips for Cloud Service Providers(CSPs): Cloud Service Providers (CSPs) TIP: Effective July 1, 2018, CSPs must complete implementation of TLS version 1.1 for their Federal Agency customers. CSPs must ensure that federal customers are fully authenticated and compliant with TLS version 1.1 or higher (turning off TLS 1.0 and below). Cloud...

FedRAMP Weekly Tips & Cues – May 2, 2018

This week, FedRAMP published two Q&A’s for Cloud Service Providers(CSPs): Cloud Service Providers (CSPs) Q: Can we start the annual assessment early? A: Yes, you can start your annual assessment early as long as you submit your package before the anniversary date of your Provisional Authority to Operate (P-ATO). However, you should work with your Authorizing Official to...

FedRAMP Weekly Tips – March 21, 2018

This week, FedRAMP published two Q&A’s for Cloud Service Providers(CSPs): Cloud Service Providers (CSPs) Q: When completing the Security Assessment Report (SAR), is it appropriate to assign the same values to tables F-1 and F-2 for the initial assessment? What about assigning the same values to ES-1, F-1, and F-2 for the annual assessment if there...

FedRAMP Weekly Tips & Cues -March 14, 2018

This week, FedRAMP published two questions and answers for Cloud Service Providers (CSPs): Cloud Service Providers (CSPs) Q: Are there any alternative formats available to help facilitate reviews? Sometimes scan files are in a format that does not allow reviewers to do their analysis with common tools. A: For the Security Assessment Report (SAR), always provide scan...