cybersecurity

Is “FedRAMP Ready” Status in your PaaS, IaaS, or SaaS’ Future?

“FedRAMP Ready” is an official designation from the Federal Risk and Authorization Management Program, or FedRAMP. The status of “FedRAMP Ready” is awarded to cloud service providers who undergo an independent security assessment to show they are ready to move ahead with the full FedRAMP authorization process.  Achieving FedRAMP Ready status is typically a singular… Read more »

Final Compliance Date for NY DFS Cybersecurity Regulation is March 1, 2019

A significant deadline is now approaching under the New York State Department of Financial Services (“DFS”) cybersecurity regulation, 23 NYCRR 500.   On March 1, 2019, the two-year transitional period under the NY DFS regulation expires and all remaining requirements become effective. The final requirement concerns supply chain cybersecurity. Background The NY DFS cybersecurity framework requires… Read more »

In the News: NEO Blockchain adds Spatium™ wallet to the list of approved wallets

In recent news, Spatium announced that its wallet for storing cryptocurrency was accepted into the NEO blockchain community.  In order to be accepted into the selective community, Spatium’s wallet underwent multiple, rigorous technical security reviews.  Sera-Brynn was the independent third-party evaluator.  Spatium states that its “software wallet promises greater security than today’s hardware wallets based… Read more »

Our 5 Favorite Blogs of 2018 on Cybersecurity and Privacy for Businesses

FedRAMP strategy, red teaming, NIST privacy standards, evolving Federal acquisition rules, Ohio’s new cybersecurity safe harbor law – these are some of the Sera-Brynn staff blog topics from 2018.  We wrote about GDPR (but are still digesting PIPEDA, the Canadian privacy law).  We continued to talk about the FAR Reform.  We published a guest blogger’s… Read more »

Visit Sera-Brynn’s Booth at NARA’s CUI Industry Day!

Sera-Brynn offers professional services and tools to help identify and map the flow of Controlled Unclassified Information (CUI) throughout a government contractor’s information systems. The presence of CUI is of significant consequence to government contractors and their cybersecurity programs. On December 10, 2018, the National Archives and Records Administration (NARA) is hosting an event on… Read more »

GSA’s proposed new rule to govern data breaches, government access, proprietary information, and contractor responsibilities

In November 2018, U.S. General Services Administration (GSA) published its intent to enact a new rule on the reporting of data breaches. GSA is the U.S. government’s lead contracting agency. GSA also manages many government-wide IT security programs, like FedRAMP and cloud.gov. The proposed rule will ensure that GSA, plus the agency customer, will have… Read more »

Using Red Team Assessments to Test Security Maturity

Red teaming is an under-appreciated term in modern businesses.  Red teaming is an opportunity for leadership to understand how an entire system works together to protect information critical to a company’s existence, their “crown jewels.” Red teaming in the age of the Internet has had companies focusing exclusively on CYBER Red Teams.  However, such an… Read more »

Ohio’s New Cybersecurity Law Grants Data Breach Litigation Safe Harbor

Ohio’s law – effective November 2018 – creates a safe harbor for organizations that adopt one of 10 cybersecurity compliance frameworks. With a new cybersecurity law, the home of the Rock and Roll Hall of Fame is now rocking the cybersecurity framework discussion. Effective November 2, 2018, Ohio’s law puts cybersecurity frameworks centerstage. The law… Read more »

Cybersecurity’s 3-Million-Person Workforce Shortage is Now a Risk Management Problem

Cybersecurity’s 3-million-person workforce shortage is now a risk management problem. The cybersecurity workforce needs and wants you!  Good news for many of us – but from an employer or strategic workforce planning perspective, this is problematic. There’s now a shortage of people qualified to protect data, systems, and operations. Worldwide, the cybersecurity workforce shortage is… Read more »

But Seriously, What is a 3PAO?

3PAO means “third party assessment organization” under the FedRAMP program. FedRAMP is the U.S. government’s first program for the protection of federal information in the cloud. A 3PAO audits the cloud service provider because, in short, self-assessments are not permitted. Stated another way: a 3PAO is an independent entity that performs initial and period security… Read more »