Sera-Brynn is an independent, Third Party Assessment Organization (3PAO) under the FedRAMP program.
FedRAMP, the term for the Federal Risk and Authorization Management Program, is a U.S. government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. 3PAOs perform an assessment of Cloud Service Provider (CSP) systems per FedRAMP requirements, provide evidence of compliance, and play an ongoing role in ensuring CSPs meet requirements.
Organizations Migrating to a Cloud Computing Environment
Sera-Brynn can advise on cloud architecture, best practices, compliance with NIST, ISO 27000 or other frameworks, and risk control issues.
Organizations Seeking Security Testing within an Existing Cloud Environment
Sera-Brynn regularly performs vulnerability assessments and penetration testing within the cloud environment, including Azure and AWS.
U.S. Department of Defense Contractors
Sera-Brynn can advise on and assess cloud computing environments for compliance with Defense Federal Acquisition Regulation Supplement (DFARS) requirements.
Sera-Brynn can assist with cybersecurity compliance needs that arise from federal contractual requirements.
- But Seriously, What is a 3PAO?
- How Do I Know if FedRAMP is Right For My Organization?
- FedRAMP: A Heavyweight Security Framework for Cloud Service Providers
- The Heavyweight Rules and Concepts You Need to Know About FedRAMP
- Government Contracts Cyber Café Series – Cloud Computing – FedRAMP Certification
- Cloud Service Provider Requirements for FedRAMP Compliance
What is Cloud Computing?
In simple terms, it is just storing and accessing data over the Internet, as opposed to your computer’s hard drive.
In the commercial world, cloud computing can refer to software-as-a-service, infrastructure-as-a-service and platform-as-a-service. Other terms include on-demand self-service, broad network access, resource pooling, rapid elasticity and measured service.
The U.S. Department of Defense defines cloud computing to mean enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing — including networks, servers, storage, applications and services — that can be rapidly provisioned and released with minimal management effort or service provider interaction.
This can include other commercial terms, such as on-demand self-service, broad network access, resource pooling, rapid elasticity and measured service.