FedRAMP Question and Answer session from PMO webinar
November 13, 2012, Tom McAndrew, EVP Commercial Services, Coalfire
On October 25, the FedRAMP PMO conducted its first webinar, in what will be a series of webinars, on the FedRAMP process. This first webinar covered the four methods that CSPs can get listed in the FedRAMP repository.
This webinar is well worth the time to listen to it. The PMO had a lengthy Q&A session, which we have transcribed for your convenience below. The FedRAMP PMO also provides a transcription, but leverages a speech-to-text service which garbled some of the phrases and meanings. Our human reviewed Q&A of that section of the webinar is below.
FISMA vs FedRAMP: Compliance requirement differences
May 03, 2012, Tom McAndrew, EVP Commercial Services, Coalfire
Organizations that work with, or want to work with, government agencies must manage to government compliance regulations. Almost everyone is familiar with the FISMA compliance standards, but with the announcement of FedRAMP, which provides a structure to manage compliance requirements for "a cloud first initiative" for government agencies and organizations working with them, there’s a new set of compliance requirements to adhere to. Or is there?
Formalized IT Security Policy Now Required for Government Prime and Sub-contractors
January 20, 2012, Alan Ferguson, Executive VP, Sales and Marketing, Co-founder
This month the GSA announced an IT security mandate for government prime- and sub-contractors that requires them to have a formalized IT security plan that includes periodic audits. Many government sub-contractors, large and small, will benefit from a third-party compliance program review so they can meet the intent of the rule but more importantly, they can promote an IT risk audit as a benefit to their customer base in their business development efforts. There are a large number of sub-contractors, including IT service providers, that will need to comply with this new mandate.