The Coalfire Blog
Welcome to the Coalfire Blog, a resource covering the most important issues in IT security and compliance. You'll also find information on Coalfire's insights into the unique IT GRC issues that impact the industries we serve, including Retail, Financial Services, Healthcare, Higher Education, Software, Government and Utilities.
The Coalfire blog is written by the company's leadership team and our highly-credentialed security assessment experts. We look forward to your comments, so please join the conversation.
Determining if your Company is Prepared for FedRAMP
May 13, 2013, Tom McAndrew, EVP, Coalfire Federal
Many companies interested in pursuing FedRAMP are seeking guidelines, checklists and any referenceable source to help them understand and determine their level of preparedness to go through the FedRAMP process. The GSA's FedRAMP.gov site provides documentation on the FedRAMP process in their "Guide to Understanding FedRAMP." In it is a 12-step checklist to help organizations gauge their readiness for FedRAMP. Read More
Posted in: federal, FedRAMP | 0 Comments
Agencies to report progress with FedRAMP
April 26, 2013, Tom McAndrew, EVP, Coalfire Federal
The FedRAMP PMO recently conducted webinars on April 23 and 25 regarding Agencies requirement to report their progress on compliance with FedRAMP. The discussion covered the FedRAMP progress to date, the reporting requirements and process for moving services to FedRAMP authorized cloud service providers. You will find the archived webinars on the Past Events page of FedRAMP.gov when they are available. Read More
Posted in: Agency, federal, FedRAMP, policy | 0 Comments
FedRAMP PMO - FedRAMP Process and Developing SSP webinar Q&A
January 16, 2013, Tom McAndrew, EVP, Coalfire Federal
The FedRAMP program continues to gain momentum and GSA and the FedRAMP PMO conduct great, interactive, webinars available to attend live or to watch later. There is much to learn from the GSA on how to navigate the FedRAMP process according to their requirements.
Posted in: federal, FedRAMP | 0 Comments
FedRAMP Question and Answer session from PMO webinar
November 13, 2012, Tom McAndrew, EVP, Coalfire Federal
On October 25, the FedRAMP PMO conducted its first webinar, in what will be a series of webinars, on the FedRAMP process. This first webinar covered the four methods that CSPs can get listed in the FedRAMP repository.
This webinar is well worth the time to listen to it. The PMO had a lengthy Q&A session, which we have transcribed for your convenience below. The FedRAMP PMO also provides a transcription, but leverages a speech-to-text service which garbled some of the phrases and meanings. Our human reviewed Q&A of that section of the webinar is below. Read More
Posted in: cloud, federal, fedramp, government | 0 Comments
FISMA vs FedRAMP: Compliance requirement differences
May 03, 2012, Tom McAndrew, EVP, Coalfire Federal
Organizations that work with, or want to work with, government agencies must manage to government compliance regulations. Almost everyone is familiar with the FISMA compliance standards, but with the announcement of FedRAMP, which provides a structure to manage compliance requirements for "a cloud first initiative" for government agencies and organizations working with them, there’s a new set of compliance requirements to adhere to. Or is there? Read More
Posted in: assessments, compliance, federal, FedRAMP, FISMA | 0 Comments