Compliance

Is “FedRAMP Ready” Status in your PaaS, IaaS, or SaaS’ Future?

“FedRAMP Ready” is an official designation from the Federal Risk and Authorization Management Program, or FedRAMP. The status of “FedRAMP Ready” is awarded to cloud service providers who undergo an independent security assessment to show they are ready to move ahead with the full FedRAMP authorization process.  Achieving FedRAMP Ready status is typically a singular… Read more »

Final Compliance Date for NY DFS Cybersecurity Regulation is March 1, 2019

A significant deadline is now approaching under the New York State Department of Financial Services (“DFS”) cybersecurity regulation, 23 NYCRR 500.   On March 1, 2019, the two-year transitional period under the NY DFS regulation expires and all remaining requirements become effective. The final requirement concerns supply chain cybersecurity. Background The NY DFS cybersecurity framework requires… Read more »

Our 5 Favorite Blogs of 2018 on Cybersecurity and Privacy for Businesses

FedRAMP strategy, red teaming, NIST privacy standards, evolving Federal acquisition rules, Ohio’s new cybersecurity safe harbor law – these are some of the Sera-Brynn staff blog topics from 2018.  We wrote about GDPR (but are still digesting PIPEDA, the Canadian privacy law).  We continued to talk about the FAR Reform.  We published a guest blogger’s… Read more »

Still Lagging on DFARS? The Navy Has A Memo For You

by Heather Engel, Sera-Brynn Chief Strategy Officer The Assistant Secretary of the Navy recently released a memo imposing additional requirements on select contracts. For the last three years, Defense contractors have been working (some more diligently than others) to comply with DFARS clause 252.204-7012 that requires implementation of NIST SP 800-171. I’ve written numerous articles… Read more »

Privacy Framework: NIST is in the House.

This month, NIST kicked off a series of public meetings to highlight its efforts to create a voluntary Privacy Framework. Much in the same way it developed the Cybersecurity Framework, NIST is trying to achieve a technology-privacy balance within the guidance by crowdsourcing its way there.  By bringing in views from federal agencies, small businesses,… Read more »

FedRAMP: A Heavyweight Security Framework for Cloud Service Providers

You need FedRAMP if you want to prove your cloud services is secure enough for U.S. government data. Read the full September 6, 2018 article published on cybersecurityventures.com here. In its latest Compliance Report for Cybersecurity Ventures, Sera-Brynn shared how FedRAMP came into being, who should care, and why being FedRAMP-authorized is important for companies. “The… Read more »

The Kaspersky Ban

October 1, 2018 Deadline for Government Contractors to Comply with the FAR Ban on Kaspersky Lab Products Nears On October 1, 2018, U.S. government contractors will need to be compliant with the government-wide ban on the use of Kaspersky Lab products and services in support of their government contracts.  An interim rule requiring the insertion… Read more »

What Cyber Framework Should My Organization Follow?

What are Security Frameworks? Security frameworks provide a calculated approach to determining risk, setting up a security strategy, and allocating security resources. They are (or should be) measurable, repeatable, and are often standardized by industry. With all the frameworks available…NIST, ISO, NERC CIP, PCI…which is right for your organization? Well the answer is…it depends. Where… Read more »

A Cybersecurity Checklist for GDPR

Where Does Cybersecurity Fit into GDPR? By Heather Engel, Sera-Brynn Chief Strategy Officer By now most everyone has heard of GDPR, or at the very least been bombarded by pop-up messages asking you to accept cookies and confirm access to your data as you surf the web. But if you are responsible for the security… Read more »