If you’re a cloud software vendor who wants to sell — or has already sold — to federal government agencies, it’s likely that you’re already aware of FedRAMP compliance. But cyberattacks aren’t just limited to the federal government. With more people working from home and moving to the cloud now than ever before, news of attacks on state […]
Cybersecurity Executive Order: Can automation fix the nation’s misconfiguration problem?
President Joe Biden signed and released an Executive Order (EO) from the White House on May 12th, addressing his plan to improve the nation’s cybersecurity and protect federal government networks. This order comes on the heels of the Colonial Pipeline Ransomware attack and the now infamous SolarWinds breach. You can read the full text of […]
Unlocking the Mysteries of the Fed’s New CMMC Requirement
There’s a lot of uncertainty around the Cybersecurity Maturity Model Certification (CMMC). In this episode of Security on Cloud, Tony Bai, Director of Federal Practice Lead at A-LIGN, joined us to explain the CMMC framework, its importance, and why it’s being introduced. Tony shares insight on how CMMC applies to Controlled Unclassified Information (CUI) and the […]
Why Real-World ROI Matters to Software Vendors Pursuing FedRAMP in 2021
Return on Investment (ROI) is typically thought of as a calculation of how and when you can get your money back on money spent. However, when it comes to FedRAMP, having real-world ROI insight can be the difference between choosing a potentially disastrous and delayed FedRAMP journey, or choosing a successful and accelerated FedRAMP journey. […]
The Problem with Compliance
If compliance is not security, then why do it at all?
What is Compliance Automation?
The newest word on the market is Compliance Automation. But what exactly is Compliance Automation? Well, let’s start with what Compliance Automation is NOT.
The Top Five SOC 2 Compliance Questions Answered
SOC2 compliance is a must-have for SaaS companies. Anitian’s VisionPath compliance team looks at your road to SOC2 compliance.
GDPR is Coming
GDPR has rapidly devolved into a touchstone for everything from vendor FUD to political frothing. It has been hailed as a huge step forward for privacy and assailed as the worst thing to come out of Europe since the Bubonic Plague. Let’s push aside the hyperbole and let facts and reason rule the day.
What’s New in NIST 800-53 R5
The new NIST 900-53 Revision 5 is out, and we look at the changes.
ISO 27001 – Part 3 – The Audit
ISO 27001 audits are not like other kinds of security assessments
