Recent Articles

House Introduces FISMA 2022 Legislation

Introducing FISMA 2022 The House of Representatives introduced H.R.6497 – Federal Information Security Modernization Act of 2022 (aka FISMA 2022) this week. FISMA 2022 was introduced by Chairwoman Carolyn B. Maloney and Ranking Member James Comer House Committee on Oversight and Reform. The goals of FISMA 2022 are to: Clarify Federal Cybersecurity Roles for Improved...

FedRAMP Tips & Cues – June 12, 2019

Last week, FedRAMP published one Tip and one Q&A for Cloud Service Providers(CSPs) : Cloud Service Providers (CSPs) TIP: Cloud Service Providers (CSPs) pursuing a JAB P-ATO have asked about how to implement new technologies. New technologies have a minimum control set in the significant change policy and procedures. The assumption is that all the...

FedRAMP Tips & Cues – May 29, 2019

This week, FedRAMP published one Tip and one Q&A for Cloud Service Providers(CSPs) : Cloud Service Providers (CSPs) Tip: Recently, we’ve received inquiries about the SAR review process for CSPs pursuing a JAB Provisional Authorization to Operate (P-ATO). There are a number of things that JAB Reviewers need in order to properly assess risks noted in...

FedRAMP Tips & Cues – May 15, 2019

This week, FedRAMP published several Q&A’s for Cloud Service Providers(CSPs) : Cloud Service Providers (CSPs) Here are some basic questions our FedRAMP SMEs get about FIPS 140-2 validation compliance for Multi Factor Authentication (MFA). Q: I hear FIPS-validation does not apply to One-Time-Password (OTP) authentication. Is this true or false? A: This is FALSE! You...

FedRAMP Tips & Cues – April 17, 2019

Last week, FedRAMP published one Q&A for Cloud Service Providers(CSPs) and one Q&A for Federal Agencies: Cloud Service Providers (CSPs) Q: What are FedRAMP baseline requirements for a Cloud Service Offering (CSO) to become a High Baseline System? 1) There should be no interconnections to systems or services lacking FedRAMP Authorization. For JAB P-ATOs, interconnections...

FedRAMP Tips & Cues – April 3, 2019

This week, FedRAMP published one Tip and one Q&A for Cloud Service Providers(CSPs) : Cloud Service Providers (CSPs) TIP: All FedRAMP Baselines require the CSP information system to accept and electronically verify Personal Identity Verification (PIV) and Common Access Card (CAC) credentials according to IA-2(12). Many CSP’s assign the responsibility of PIV/CAC implementation to the...

FedRAMP Tips & Cues – March 6, 2019

This week, FedRAMP published one Tip and one Q&A for Cloud Service Providers(CSPs) : Cloud Service Providers (CSPs) TIP: When submitting a Security Assessment Report (SAR) package to your 3PAO, a few simple quality checks will help ensure a timely review: Ensure the SAR Template text is unchanged, except for the removal of instructional text....