Tag: fedramp
-
5 Reasons Why Organizations Don’t Achieve FedRAMP ATO
When a cloud services provider wants to work with the federal government, they have to pass a rigorous audit to make sure they’re capable of properly securing the controlled information they would handle in the process. Achieving that Authority to Operate is done through the Federal Risk and Authorization Management Program and is the biggest……
-
5 Reasons Why Organizations Don’t Achieve FedRAMP ATO
When a cloud services provider wants to work with the federal government, they have to pass a rigorous audit to make sure they’re capable of properly securing the controlled information they would handle in the process. Achieving that Authority to Operate is done through the Federal Risk and Authorization Management Program and is the biggest……
-
Torq Gets $140M Series D to Fuel AI-Powered SOC Capabilities
Funding at $1.2B Valuation to Propel Federal Market Entry and R&D in GenAI. Torq secured $140 million in Series D funding at a $1.2 billion valuation to expand its generative AI-powered security operations platform. With backing from Merlin Ventures, Torq will grow internationally, deepen AI research and pursue U.S. federal opportunities including FedRAMP certification. First…
-
ColorTokens Achieves FedRAMP® Moderate ATO for Xshield
ColorTokens is proud to announce that its Xshield Enterprise Microsegmentation Platform has achieved a FedRAMP® Moderate Authority to Operate (ATO), a significant milestone that underscores our commitment to delivering secure, resilient, and mission-ready cybersecurity solutions for the U.S. Federal Government. FedRAMP (the Federal Risk and Authorization Management Program) is the U.S. government’s gold standard for cloud security. Achieving a Moderate ATO means that Xshield has successfully met……
-
Single-Tenant vs Multi-Tenant FedRAMP Deployments
Across the ecosystem of federal contractors, a majority of deployments tend to be relatively standard. 80% of them will be FedRAMP impact level Moderate, for example, and most will have a standard set of considerations and concerns, such that a lot of security controls can be automated. It’s those outliers that make FedRAMP challenging. When……
-
FedRAMP Audit Log Retention Rules and Storage Options
Every cloud service provider that seeks an authorization to operate with the federal government using the FedRAMP framework has to undergo and pass an audit. Beyond passing the audit, the CSP needs to keep and maintain proof of not just their external audit, but also internal audits, continuous monitoring results, and more. All of this……
-
FedRAMP Deviation Requests: When and How to Submit
FedRAMP is a government-wide program meant to ensure a standardized baseline for information security throughout the cloud service providers working with the federal government. It’s a tall order. Setting forth standards that are robust enough to cover all the bases, while being open and flexible enough to cover every CSP, is not easy. NIST has……
-
How FedRAMP Agencies Evaluate CSP SAR Submissions
FedRAMP is the federal government’s framework for evaluating and enforcing standardized security across the cloud service providers operating as contractors. They take security seriously, and the protection of controlled information is their top priority. A key part of validating the security of a CSP is the SAR, or Security Assessment Report. What is the SAR,……
-
How FedRAMP Agencies Evaluate CSP SAR Submissions
FedRAMP is the federal government’s framework for evaluating and enforcing standardized security across the cloud service providers operating as contractors. They take security seriously, and the protection of controlled information is their top priority. A key part of validating the security of a CSP is the SAR, or Security Assessment Report. What is the SAR,……
-
Why Security-Minded Teams Are Turning to Hardened Linux Distributions
In conversations about operating system security, >>compliance
-
FedRAMP Monthly ConMon vs Annual Assessments
Tags: fedrampWe say this just about every time the subject comes up (which is often, given our industry and role in it), but valid information security is not a state of being. It is a moving target and a process. Achieving certification for a certain level of security is a snapshot of a moment in time,……
-
Qualys erhält höchste US-Cloud Sicherheitszertifizierung FedRAMP High ATO
Die FedRAMP High Autorisierung unterstreicht unsere erheblichen Investitionen in erstklassige Sicherheit und bekräftigt unser Engagement als vertrauenswürdiger Partner, um den Auftrag der US-Regierung zur Stärkung der Cybersicherheit voranzubringen First seen on infopoint-security.de Jump to article: www.infopoint-security.de/qualys-erhaelt-hoechste-us-cloud-sicherheitszertifizierung-fedramp-high-ato/a41812/
-
From NIST 800-53 to FedRAMP: What it really takes to bridge the gap
If your cloud platform is already compliant with NIST SP 800-53, you’ve laid important groundwork for security and risk management. But when the goal shifts to serving U.S. federal agencies, the bar is raised significantly. That’s where FedRAMP enters the picture. While FedRAMP is built on NIST 800-53, the two are not interchangeable. FedRAMP adds…The…
-
U.S. House Homeland Security Appropriations Bill Seeks to Modernize Border Infrastructure Security with Proactive OT/IT Security Measures
Tags: ai, attack, awareness, cctv, cisa, cloud, control, cryptography, cyber, cybersecurity, data, defense, detection, fedramp, government, incident response, infrastructure, intelligence, Internet, iot, law, mitigation, monitoring, network, office, privacy, risk, service, strategy, supply-chain, technology, threat, tool, vulnerability, zero-trustThe FY 2026 House Homeland Security Appropriations Bill highlights growing focus in Congress on protecting border infrastructure from cyber threats. The directive to implement continuous monitoring and real-time threat intelligence reflects a broader push toward modern, preventive cybersecurity across federal agencies. As the digital and physical worlds become increasingly intertwined, the technologies used to protect…
-
FedRAMP Pen Test Scope vs. Rules of Engagement Explained
FedRAMP has strict requirements for the security of the companies looking to earn their certification. Among the many requirements you need to navigate are tests from your C3PAO, simulating malicious actors and common threat vectors. In order to understand what you need to do to pass, it’s worth going over what penetration testing is, what……
-
SOC 2 vs SOC 3: Which Report Builds Public Trust?
Here at Ignyte, we talk a lot about the major governmental cybersecurity frameworks like FedRAMP and CMMC or the international framework ISO 27001. What we don’t talk about as much but which is no less important are smaller-scale or more limited frameworks. SOC is one such framework, and it’s extremely important for those… First seen…
-
ISO 27001 Risk Register Setup: Step-by-Step Guide
While we talk a lot on this site about the US Government’s various cybersecurity frameworks, like FedRAMP and CMMC, there’s one significant framework that deserves just as much attention: ISO 27001. ISO 27001, being an ISO standard, is an international framework for cybersecurity divorced from any one country’s government. It’s a way for businesses operating……
-
New Cybersecurity Executive Order: What You Need To Know
Tags: ai, cisa, cloud, communications, compliance, computing, control, cyber, cybersecurity, data, defense, detection, encryption, exploit, fedramp, framework, government, identity, incident response, infrastructure, Internet, iot, network, office, privacy, programming, resilience, risk, service, software, supply-chain, technology, threat, update, vulnerability, vulnerability-management, zero-trustA new cybersecurity Executive Order aims to modernize federal cybersecurity with key provisions for post-quantum encryption, AI risk and secure software development. On June 6, 2025, the White House released a new Executive Order (EO) aimed at modernizing the nation’s cybersecurity posture. As cyber threats continue to evolve in scale and sophistication, the EO reinforces…
-
Avoid FedRAMP Delays: 7 Common SSP Mistakes to Fix
Seeking a FedRAMP authority to operate is a critical part of any cloud service looking to work with the government in an official capacity. It’s required if you are going to handle controlled unclassified information on behalf of the government or its contractors, and since the requirements trickle down, you don’t even necessarily have to……
-
RapidFort, Carahsoft Partner to Speed Up FedRAMP, CMMC Compliance for Public Sector
First seen on scworld.com Jump to article: www.scworld.com/news/rapidfort-carahsoft-partner-to-speed-up-fedramp-cmmc-compliance-for-public-sector
-
How FedRAMP Reciprocity Works with Other Frameworks
FedRAMP is the Federal Risk and Authorization Management Program, and it’s one of the most widely used governmental cybersecurity frameworks across the United States. It’s meant to serve as the gatekeeper for any contractor looking to work with the federal government to ensure that everyone across the board has a minimum level of cybersecurity in……
-
SentinelOne, Horizon3.ai Receive FedRAMP Authorization, Broadening Government Access
First seen on scworld.com Jump to article: www.scworld.com/news/sentinelone-horizon3-ai-security-products-get-fedramp-authorization
-
GSA launches FedRAMP 20-X to speed up cloud approvals
First seen on scworld.com Jump to article: www.scworld.com/brief/gsa-launches-fedramp-20-x-to-speed-up-cloud-approvals
-
What is COMSEC? Training, Updates, Audits More
Here at Ignyte, we talk a lot about various overarching information security frameworks, like FedRAMP, CMMC, and ISO 27001. Within these overall frameworks exist a range of smaller and narrower standards, including COMSEC. If you’ve seen COMSEC as a term, you may be passingly familiar with what it is, but if you need to know……
-
FedRAMP’s Automation Goal Brings Major Promises – and Risks
Analysts Praise FedRAMPs Speed Goals, But Worry About Unclear Execution Details. The General Services Administration is aiming to speed up cloud approvals by automating security assessments for FedRAMP, but experts tell Information Security Media Group that key questions remain on its execution, with concerns over vague directives and the impact on existing processes. First seen…
-
FedRAMP overhaul seeks industry collaboration
Tags: fedrampFirst seen on scworld.com Jump to article: www.scworld.com/brief/fedramp-overhaul-seeks-industry-collaboration
-
GSA Plans FedRAMP Revamp
The General Services Administration is planning to use automation to speed up the process to determine which cloud services federal agencies are allowed to buy. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/gsa-plans-fedramp-revamp
-
GSA Looks to Automation in FedRAMP Revamp
First seen on scworld.com Jump to article: www.scworld.com/news/gsa-looks-to-automation-in-fedramp-revamp