There's an old expression that says the most dangerous statement a person can make is "we've always done it this way." I think we can all agree that we need... Read More
Blog
Is Microsoft 365 GCC High Compliant with FedRAMP High?
Microsoft provides numerous options for its public cloud offerings. Microsoft 365 Commercial, also known as MS 365 Commercial or Commercial Microsoft 365, is the "standard" cloud. The Commercial cloud version... Read More
Guide to Implementing an IT Risk Management Framework
Enterprise risk management (ERM) is a disciplined, holistic way to identify, manage, and mitigate risk throughout your entire enterprise. IT risk management (ITRM) is one subset of that effort, focused... Read More
FedRAMP System Security Plan: Tips for Writing an SSP
The Federal Risk and Authorization Management Program (FedRAMP) standardizes how U.S. federal government agencies apply the Federal Information Security Management Act (FISMA) to cloud computing services. Through its "do once,... Read More
Understanding FIPS 140-2 Encryption Requirements to Manage Risk and Achieve FedRAMP Compliance
The Federal Risk and Authorization Management Program (FedRAMP) provides a risk-based approach to help U.S. government agencies adopt and use cloud-based technology services. FedRAMP standardizes the security requirements for cloud... Read More