Recent Articles

FedRAMP Weekly Tips- November 30, 2017

This week, FedRAMP published two questions and answers. One for Cloud Service Providers (CSPs) and one for Third Party Assesment Organizations (3PAOs): Cloud Service Providers (CSPs) Q: What are the roles and responsibilities of the third party assessment organization (3PAO) and the cloud service provider (CSP) during the assessment? A: While FedRAMP certifies 3PAOs to perform security...

FedRAMP Weekly Tips- November 23, 2017

This week, FedRAMP published two questions and answers. One for Cloud Service Providers (CSPs) and one for Third Party Assesment Organizations (3PAOs): Cloud Service Providers (CSPs) Q: How do policies and procedures differ from the System Security Plan (SSP)? A: Policies and procedures are a critical supplement to the SSP and are required by the first control...

FedRAMP Weekly Tips- November 9, 2017

This week, FedRAMP published  two questions and answers. One for  Cloud Service Providers (CSPs) and  one for Third Party Assesment Organizations (3PAOs): Cloud Service Providers (CSPs) Q: Why is it important to maintain consistency between the security control implementation statements and the technical diagrams in the System Security Plan (SSP)? A: The security control implementation statements...

FedRAMP Weekly Tips- November 2, 2017

This week, FedRAMP published  two questions and answers. One for  Cloud Service Providers (CSPs) and  one for Third Party Assesment Organizations (3PAOs) Cloud Service Providers (CSPs) Q: The Agency I’m working with requires that their data be cryptographically protected. What requirements must I follow? A: Any system that handles Government data may be the target of...

October 2017 DC Chatbots Meetup Wrap Up

We held the inaugural event of The Washington DC Bots & Chatbots Meetup on Wednesday, October 25, 2017 at the Tenley-Friendship Neighborhood Library. It was great! We had a small group, but the group was really engaged and energetic. We started by making introductions, and sharing our interests in chatbots. We then proceeded with the...

FedRAMP Weekly Tips – October 18, 2017

This week, FedRAMP published  two questions and answers for Cloud Service Providers (CSPs) and  Important Stakeholder  Information: Cloud Service Providers (CSPs) Q: Can a CSP mark a control as both “Implemented” and “Alternative Implemented” in the System Security Plan (SSP)? A: Usually not. If a control is fully implemented, then only the “Implemented” box is checked....

FedRAMP Weekly Tips – October 11, 2017

This week, FedRAMP published questions and answers, one for Cloud Service Providers (CSPs) and one for Thrid Party Assesment Organizations (3PAOs): Cloud Service Providers (CSPs) Q: If I am uploading an Agency-authorized cloud service package for review/approval by FedRAMP, how do I ensure I am uploading all the required documents? A: The FedRAMP Documentation Checklist (found on FedRAMP.gov...