Recent Articles

FedRAMP Weekly Tips – July 13 2017

This week, FedRAMP published a weekly tip that discusses requirements for vulnerability scanning: Q: What are the FedRAMP requirements for vulnerability scanning? A: Vulnerability scanning must occur for Operating System (OS)/ infrastructure, databases, and web application components in the Cloud Service offering authorization boundary. The scanning parameters for the components must be defined in the Security...

FedRAMP Weekly Tips – July 6 2017

This week, FedRAMP published a weekly tip that discusses email notifications and background checks on staff members. TIP: When submitting a RAR or an authorization package, be sure to send an email notification to info@fedramp.gov. Cloud Service Providers (CSPs), Partnering Agencies, and/or Third Party Assessment Organizations (3PAOs) must send an email notification to info@fedramp.gov to let...

FedRAMP Weekly Tips – June 29 2017

This week, FedRAMP published a weekly tip that discusses POA&Ms and testing evidence timeliness. Q: What purpose does the Plan of Action & Milestones (POA&M) document serve? A: The purpose of the POA&M is to facilitate a disciplined and structured approach to mitigating risks in accordance with the CSP’s risk mitigation strategy. The POA&Ms include...

FedRAMP Weekly Tips – June 22 2017

This week, FedRAMP published a weekly tip that discusses CSP transfers of ownership and ISSO assignments for a JAB P-ATO: Q: Is there an established process for what is supposed to occur when ownership of an authorized service transfers from one Cloud Service Provider (CSP) to another? A: If there were NO changes to the...

FedRAMP Weekly Tips – June 15 2017

This week, FedRAMP published a weekly tip that addresses Incident Response Plans and Security Assessment Reports: Q: Does FedRAMP provide a template for an Incident Response Plan? A: Security Control IR-8 requires CSPs to develop an Incident Response Plan (IRP). The IRP is a required document within security authorization packages. FedRAMP does not provide a...

FedRAMP Weekly Tips – June 8 2017

This week, FedRAMP published a weekly tip that addresses applying for an Agency High Baseline Authorization and an RAR Federal Mandate that is often overlooked: Q: What are some frequently asked questions for CSPs who currently hold an Agency Authorization to Operate (ATO) at the Moderate level, but wish to apply for an Agency High...

FedRAMP Weekly Tips – June 1 2017

This week, FedRAMP published a weekly tip that addresses common mistakes made by Cloud Service Providers (CSPs). Q: What are some common mistakes that arise when addressing Control Implementation statements? A: There are several mistakes that CSPs encounter when drafting their Control Implementation statements. Some of those include: Customer Responsibility The customer specific responsibility should...

SharePoint Saturday Baltimore 2017 Wrap Up

I had the pleasure of hosting a session at SharePoint Saturday Baltimore 2017. It was very well attended.  In fact, it was sold out! I saw some old friends and met some new ones too. My Presentation I made a session presentation at the event entitled, “Office 365 Advanced Security Hardening with cFocus Software”. In...

ALERT: Latest Information on WannaCry Ransomware and Office 365

Latest Update (May 20, 2017) Looks like the WannaCry threat has been thwarted! According to USAToday.com the WannaCry ransomware attack was disabled over the weekend.  Please see the full story here: https://www.usatoday.com/story/tech/news/2017/05/13/22-year-old-wannacry-ransomware-malwaretech-analyst-stopped/101637152/. What is WannaCry Ransomware? If you haven’t heard yet, there’s a brand new ransomware threat that is spreading very rapidly. It’s called WannaCry...