Blog
We held the second monthly Washington DC Bots & Chatbots Meetup on Thursday, November 30, 2017 at DC Library Express (1900 K St NW, Washington, DC). The topic of the meetup was ‘How to Build Your Own Alexa’. It was such a great Meetup! We had about 20-25 people who were all engaged and asked...
This week, FedRAMP published two questions and answers. One for Cloud Service Providers (CSPs) and one for Third Party Assesment Organizations (3PAOs): Cloud Service Providers (CSPs) Q: What are the roles and responsibilities of the third party assessment organization (3PAO) and the cloud service provider (CSP) during the assessment? A: While FedRAMP certifies 3PAOs to perform security...
This week, FedRAMP published two questions and answers. One for Cloud Service Providers (CSPs) and one for Third Party Assesment Organizations (3PAOs): Cloud Service Providers (CSPs) Q: How do policies and procedures differ from the System Security Plan (SSP)? A: Policies and procedures are a critical supplement to the SSP and are required by the first control...
This week, FedRAMP published two questions and answers. One for Cloud Service Providers (CSPs) and one for Third Party Assesment Organizations (3PAOs): Cloud Service Providers (CSPs) Q: All of the controls listed in the System Security Plan (SSP) Template do not apply to my system, so I only completed those that are applicable and left the...
This week, FedRAMP published two questions and answers. One for Cloud Service Providers (CSPs) and one for Third Party Assesment Organizations (3PAOs): Cloud Service Providers (CSPs) Q: Why is it important to maintain consistency between the security control implementation statements and the technical diagrams in the System Security Plan (SSP)? A: The security control implementation statements...
This week, FedRAMP published two questions and answers. One for Cloud Service Providers (CSPs) and one for Third Party Assesment Organizations (3PAOs) Cloud Service Providers (CSPs) Q: The Agency I’m working with requires that their data be cryptographically protected. What requirements must I follow? A: Any system that handles Government data may be the target of...
We held the inaugural event of The Washington DC Bots & Chatbots Meetup on Wednesday, October 25, 2017 at the Tenley-Friendship Neighborhood Library. It was great! We had a small group, but the group was really engaged and energetic. We started by making introductions, and sharing our interests in chatbots. We then proceeded with the...
This week, FedRAMP published two questions and answers for Cloud Service Providers (CSPs) and Important Stakeholder Information: Cloud Service Providers (CSPs) Q: Can a CSP mark a control as both “Implemented” and “Alternative Implemented” in the System Security Plan (SSP)? A: Usually not. If a control is fully implemented, then only the “Implemented” box is checked....
This week, FedRAMP published questions and answers, one for Cloud Service Providers (CSPs) and one for Thrid Party Assesment Organizations (3PAOs): Cloud Service Providers (CSPs) Q: If I am uploading an Agency-authorized cloud service package for review/approval by FedRAMP, how do I ensure I am uploading all the required documents? A: The FedRAMP Documentation Checklist (found on FedRAMP.gov...
This week, FedRAMP published two tips for Cloud Service Providers (CSPs): TIP: Deviation Requests (DR) should be written as stand-alone documents, telling the entire story of the need for the DR and how the DR is implemented. The Deviation Request is the mechanism used by the CSP to document and justify a deviation from full...