If you’re a cloud software vendor who wants to sell — or has already sold — to federal government agencies, it’s likely that you’re already aware of FedRAMP compliance. But cyberattacks aren’t just limited to the federal government. With more people working from home and moving to the cloud now than ever before, news of attacks on state […]
President Joe Biden signed and released an Executive Order (EO) from the White House on May 12th, addressing his plan to improve the nation’s cybersecurity and protect federal government networks. This order comes on the heels of the Colonial Pipeline Ransomware attack and the now infamous SolarWinds breach. You can read the full text of […]
There’s a lot of uncertainty around the Cybersecurity Maturity Model Certification (CMMC). In this episode of Security on Cloud, Tony Bai, Director of Federal Practice Lead at A-LIGN, joined us to explain the CMMC framework, its importance, and why it’s being introduced. Tony shares insight on how CMMC applies to Controlled Unclassified Information (CUI) and the […]
Return on Investment (ROI) is typically thought of as a calculation of how and when you can get your money back on money spent. However, when it comes to FedRAMP, having real-world ROI insight can be the difference between choosing a potentially disastrous and delayed FedRAMP journey, or choosing a successful and accelerated FedRAMP journey. […]
If compliance is not security, then why do it at all?
The newest word on the market is Compliance Automation. But what exactly is Compliance Automation? Well, let’s start with what Compliance Automation is NOT.
SOC2 compliance is a must-have for SaaS companies. Anitian’s VisionPath compliance team looks at your road to SOC2 compliance.
GDPR has rapidly devolved into a touchstone for everything from vendor FUD to political frothing. It has been hailed as a huge step forward for privacy and assailed as the worst thing to come out of Europe since the Bubonic Plague. Let’s push aside the hyperbole and let facts and reason rule the day.
The new NIST 900-53 Revision 5 is out, and we look at the changes.
ISO 27001 audits are not like other kinds of security assessments