FedRAMP

Kicking the Tires on FedRAMP

Straight talk about whether FedRAMP accreditation is right for you. In the world of FedRAMP, you are either a cloud service provider (CSP) or a user of cloud services. Many of our CSP clients are asked about FedRAMP accreditation. In some cases, a government user has told them they should be FedRAMP accredited. This is… Read more »

Is “FedRAMP Ready” Status in your PaaS, IaaS, or SaaS’ Future?

“FedRAMP Ready” is an official designation from the Federal Risk and Authorization Management Program, or FedRAMP. The status of “FedRAMP Ready” is awarded to cloud service providers who undergo an independent security assessment to show they are ready to move ahead with the full FedRAMP authorization process.  Achieving FedRAMP Ready status is typically a singular… Read more »

Our 5 Favorite Blogs of 2018 on Cybersecurity and Privacy for Businesses

FedRAMP strategy, red teaming, NIST privacy standards, evolving Federal acquisition rules, Ohio’s new cybersecurity safe harbor law – these are some of the Sera-Brynn staff blog topics from 2018.  We wrote about GDPR (but are still digesting PIPEDA, the Canadian privacy law).  We continued to talk about the FAR Reform.  We published a guest blogger’s… Read more »

But Seriously, What is a 3PAO?

3PAO means “third party assessment organization” under the FedRAMP program. FedRAMP is the U.S. government’s first program for the protection of federal information in the cloud. A 3PAO audits the cloud service provider because, in short, self-assessments are not permitted. Stated another way: a 3PAO is an independent entity that performs initial and period security… Read more »

FedRAMP: A Heavyweight Security Framework for Cloud Service Providers

You need FedRAMP if you want to prove your cloud services is secure enough for U.S. government data. Read the full September 6, 2018 article published on cybersecurityventures.com here. In its latest Compliance Report for Cybersecurity Ventures, Sera-Brynn shared how FedRAMP came into being, who should care, and why being FedRAMP-authorized is important for companies. “The… Read more »

The Heavyweight Rules and Concepts You Need to Know About FedRAMP

The first rule of FedRAMP is … You do not talk about FedRAMP! (Sorry, that’s of course a quote from Fight Club, a movie about an insomniac office worker looking to shake things up with, well… fighting.) The real first rule about FedRAMP is that companies should attain the certification to show that their cloud… Read more »

Cloud Service Provider Requirements for FedRAMP Compliance

By Lindsey Benes, Sera-Brynn Security Analyst In the realm of securing sensitive data, acronyms abound and FedRAMP is one heard quite often. The Federal Risk and Authorization Management Program, or FedRAMP, was developed to standardize the approach to security assessment, authorization and continuous monitoring for cloud products and services. FedRAMP was developed in collaboration with… Read more »