• What is FedRAMP+?

    Keith Kidd, Director, FedRAMP Assessment, Coalfire

    The Department of Defense (DoD) Cloud Computing (CC) Security Requirements Guide (SRG) Version 1, Release 3 defines FedRAMP Plus (FedRAMP+) as:

    “… the concept of leveraging the work done as part of the FedRAMP assessment and adding specific security controls and requirements necessary to meet and assure DoD’s critical mission requirements. A CSP’s CSO can be assessed in accordance with the criteria outlined in this SRG, with the results used as the basis for awarding a DoD provisional authorization.”

    Read more
  • Data privacy: What’s new in cross-border transfers? The Standard Contractual Clauses

    Lisa Gumbs, Senior Consultant, Commercial Services, GDPR, Coalfire

    The transfer of personal data between companies and countries is vital for smooth data processing operations. When transferring data out of the European Union, companies are required to comply with the General Data Protection Regulation (GDPR) which requires that any data that is transferred to a vendor in a third country for processing must receive the same level of protection as required by the EU. The GDPR specifically prohibits transfer of personal data to third countries that do not have an adequate level of data protection. To lawfully transfer data out of the EU to another country, the data controller must have a lawful mechanism in place to make the transfer. In the not-too-distant past, US companies primarily relied on Privacy Shield certification or the Standard Contractual Clauses in contracts with vendors to authorize that data transfer. Read more
  • Long-awaited changes to the nation’s cybersecurity infrastructure become reality

    FedRAMP Advisory Directors, Coalfire

    There is a lot of buzz in the biz about the ripple effects of President Biden’s “Executive Order (EO) on Improving the Nation’s Cybersecurity,” which comes on the heels of the Colonial Pipeline hack. The pipeline, which delivers about 45% of the fuel used on the Eastern Seaboard, was shut down after a ransomware attack by a group of alleged criminal hackers who call themselves “DarkSide.” Read more
  • Third party risk management and the cloud

    Bob Post, Managing Principal, Strategy, Privacy, Risk

    Risk is inevitable with third party vendors that have access to your company and client data. With expanding attack surfaces, dispersed supply chains, and IoT issues on the rise, TPRM (third party risk management) is becoming a more mission-critical security practice in the cloud. Let’s look at problems and solutions. Read more
  • The road to secure crypto: start getting risk management priorities on your threat modeling radar

    Karl Steinkamp, Director, PCI Product and Quality Assurance

    While attending the biggest event in crypto history earlier this month in Miami, it struck me that, although irrational over-exuberance was the mood, the reality is really sinking in: We are in a new payments industry paradigm shift. It’s not a fad anymore, and it’s not going away. An exclamation to the event was the notice that on June 9, 2021, El Salvador has officially adopted bitcoin as legal tender (currency) for the country.

    Read more
  • What you need to know: Transitioning CSA STAR for Cloud Controls Matrix 4.0

    Chase Kimberly, Principal of Standardization, Coalfire

    In January of this year, the Cloud Security Alliance (CSA) released a major revision to its widely adopted Cloud Controls Matrix (CCM) in the form of version 4.0. This comes in the middle of a calendar year where several alternative information security frameworks are also expected to be refined, including the HITRUST CSF, ISO/IEC 27002, and PCI DSS.

    Read more

Recent Posts

Post Topics