Blog
This week, FedRAMP published one Q&A for Federal Agencies and one Tip for Cloud Service Providers(CSPs): Federal Agencies Q: What does FedRAMP Ready status mean? Is it a requirement for CSPs who would like to pursue an Agency authorization? A: FedRAMP Ready is a designation intended to demonstrate a CSP’s ability to complete the full...
This week, FedRAMP published two Q&A’s, one for Federal Agencies and one for Cloud Service Providers(CSPs): Federal Agencies Q: If a FedRAMP Authorized service offers several multi-factor authentication (MFA) methods to remotely access that service, may I use any of those forms of multifactor authentication to access the service? A:Cryptographic functions are used in many...
This week, FedRAMP published two tips for Cloud Service Providers (CSPs): TIP: Deviation Requests (DR) should be written as stand-alone documents, telling the entire story of the need for the DR and how the DR is implemented. The Deviation Request is the mechanism used by the CSP to document and justify a deviation from full...
This week, FedRAMP published two tips for Cloud Service Providers (CSPs): TIP: In the “Description of Risk to the System” section of the Deviation Request, do NOT copy and paste the vulnerability description from the source. It is necessary to explain the vulnerability within the context of the system and the potential risk should a...
This week, FedRAMP published one tip for Cloud Service Providers (CSPs): TIP: When submitting the Annual Assessment (AA) package, the final Security Assessment Plan (SAP), Security Assessment Review (SAR), System Security Plan (SSP) and Plan of Action & Milestones (POA&M) documents must be submitted no later than the P-ATO anniversary date. CSP’s should plan carefully...
This week, FedRAMP published two tips about significant change requests and POA&M items: TIP: When submitting a Significant Change Request (SCR), always discuss the change with your reviewer prior to submitting the form. A CSP is often inclined to err on the side of caution and evaluate a change as significant when it may not...
The process to obtain a Office 365 FedRAMP ATO is time consuming, manual, and paper-intensive. Until now! Introducing ATO as a Service™, an exclusive Software as a Service that automates FedRAMP processes, and shortens FedRAMP ATO timeframes for Office 365 government subscriptions. cFocus Software has partnered with Microsoft Corporation to develop ATO as a Service™, allowing...
The process to obtain an Azure FedRAMP ATO is time consuming, manual, and paper-intensive. Until now! Introducing ATO as a Service™, an exclusive Software as a Service that automates FedRAMP processes, and shortens FedRAMP ATO timeframes for information systems hosted in the Azure Government Cloud. cFocus Software has partnered with Microsoft Corporation to develop the offering,...
This week, FedRAMP published a weekly tip that addresses applying for an Agency High Baseline Authorization and an RAR Federal Mandate that is often overlooked: Q: What are some frequently asked questions for CSPs who currently hold an Agency Authorization to Operate (ATO) at the Moderate level, but wish to apply for an Agency High...
Anyone who has ever used the Risk Management Framework (RMF) in two or more different organizations can attest to how dynamic RMF, Security Plans, and Plans of Action and Milestones (POAMs) are. They are so dynamic, in fact, that no two organizations utilize them the same. That’s one of the things that Information Assurance professionals...