Continuous Monitoring

Succeeding with FedRAMP: Continuous Monitoring

Introduction So, you’ve received your FedRAMP authorization, either through the Agency ATO or the JAB P-ATO process.  Now what? Unlike other programs,...

Inherent Risk Tiering for Third-Party Vendor Assessments

  Importance of Third-Party Risk Tiering It can be a challenging and overwhelming task to adequately manage the risk associated...

A+: AMI’s, Automation & AWS

A few weeks ago, I attended AWS re:Invent 2016 with nine of my colleagues. If you have never been, re:Invent is...

Stop by Booth 118 @ AWS re:Invent to Learn How We Can Secure Your Cloud

The AWS Shared Responsibility Model: Part 1 – Security in the Cloud

Cloud Service Providers (CSP) offer a range of infrastructure, platforms, and software for customers to consume. Whether you are looking...

Choosing a 3PAO: FedRAMP, Cybersecurity & Cloud Expertise are Vital

FedRAMP and the Cloud First policy As a direct result of the Cloud Smart Policy, the Federal Government is spending...

2012 RSA Security Conference

Like 20,000 other people across the country and world, I just returned from the 2012 RSA Security Conference.  It was...

Implementing Security Monitoring in Small and Mid-sized Organizations

I recently had the pleasure of leading a project implementing a security monitoring solution in a small organization. Based on...

Current State of FISMA Part 3: What Is the Target?

So, I’ve rambled a bit in the past several weeks on the current state of FISMA.  You’d think that somewhere...