Of all the SaaS tools used by federal IT teams, cutting-edge cybersecurity tools may be the ones in highest demand. In July 2023 a number of US agencies – including the Department of Energy and the US Office of Personnel Management – were victims of a debilitating attack by the Russian ransomware gang Clop. We […]
Seeking SaaS: FedRAMP Launches Modernization and 10X Increase
At the end of October, the federal Office of Management and Budget (OMB) released a draft memorandum for public comment titled Modernizing the Federal Risk Authorization Management Program (FedRAMP). For the people and teams that live, breathe and eat FedRAMP every day, this became BIG news overnight. OMB proposed to rescind the initial 2011 order […]
Ripcord Transforms, Anitian Empowers, Agencies Win
As far back as 2011 a presidential mandate said, “Records are the foundation of open government.” This mandate went on to say that accessible, readable public records supported the “principles of transparency, participation, and collaboration” in society, as well as a government’s march towards progress and efficiency. It’s almost impossible to calculate the number of […]
Revving Up for Rev5, Part 3: Recommendations and Timelines
FedRAMP R5 represents a lot of change. So much change that we can’t track it all in this one blog, though we gave it the Old College Try: In this last installment of the series we’ll serve up recommendations and tips from Anitian’s on-staff security and compliance experts about how to navigate the R4-to-R5 transition. Then we’ll cover […]
Revving Up for Rev5, Part 2: SCRM, Privacy and Encryption
In Part 1 of this three-part blog series we provided an overview of FedRAMP Rev5 changes: why they came about, what they aim to accomplish and – perhaps most importantly – how they’ll drive significant changes in the FedRAMP ATO process, technologies, and expectations. Now in Part 2 we get to dive into three meaty areas that […]
Revving Up for Rev5: When Threats Evolve, FedRAMP Must Evolve
It’s been a tough couple of years for cybersecurity strategists and practitioners. In 2021, supply chain attacks on Kaseya, Solar Winds, Accellion and other hardware and software providers sowed doubt into their long-standing assumptions of trust. Ransomware piggybacked on some of these exploits to drive their severity and urgency (see Kaseya, again). Even when these attacks weren’t embedded deep […]
