The Defense Information Systems Agency is letting its milCloud 2.0 offering expire in May 2022. The 89 DOD mission partners currently using milCloud will need to migrate their 4,500 workloads elsewhere by that date. For Infrastructure-as-a-Service (IaaS), the mission partners will be able to leverage the Joint Warfighter Cloud Capability (JWCC) contract that DISA has…
Below are 5 Reasons Software Vendors should use Project Hosts for FedRAMP By having Project Hosts providing cloud compliance-as-a-service, you can focus on improving your SaaS solution rather than get mired in compliance. It is easier for us to bring you through our 40th managed FedRAMP audit than for you to get through your first…
As a company that is not currently mandated to be compliant with designated cybersecurity frameworks, it may seem superfluous to invest time and money into gaining compliance with the regulations of your field. With standards at varying levels of security, from FedRAMP to StateRAMP, HITRUST, and more, compliance is looked at by many security…
Founded at the beginning of 2020, StateRAMP was born from the clear need for a standardized approach to the cybersecurity standards required from service providers offering solutions to state and local governments. StateRAMP is a membership organization comprised of service providers offering IaaS, PaaS, and/or SaaS solutions, third-party assessment organizations, and government officials. Our members…
Businesses that handle personal health information need to pay attention to HIPAA and HITECH requirements. Being HIPAA-compliant is a slippery goal, though. The only definitive determination of compliance comes from a court or administrative judgment after the fact. The Security Rule doesn’t provide specific technical guidance on an acceptable level of security. With data breaches…
Microsoft has warned that the Russian group responsible for the SolarWinds hack is targeting the government. This comes in the wake of the United States and Britain accusing the Russian spy chief of coordinating the attack. The hack on SolarWinds has been amongst the most damaging cyberespionage events in the world. The cybercriminals are reported…
Overview If your organization is new to the cloud or has already gotten your feet wet with the cloud concept, managed services can mean a shift in the decision in several key areas. The management of a cloud offering allows your application or service to be the focus in your business. Ultimately, having a management…
In recent years, many DevOps teams with CI/CD pipelines have started exploring Security/Compliance for Government Agencies on their own through the addition of: static source code scans in their pipelines (Coverity, PMD, SonarQube, Yasca, etc) and traditional dynamic OWASP authenticated web application scans (BurpSuite, Acunetix). Consider a hypothetical company, Let’s Dev!, and that they already…
Incidents of cloud systems having their data stolen, held hostage, leaked, or destroyed are accelerating. 2019 data breaches include: Quest Diagnostics: medical, financial, and personal information for 11.9 million subscribers Capital One: credit card information for 100 million subscribers Zynga: Personal information and Facebook IDs for 218 million subscribers In addition to these large incidents,…
How your Organization can benefit from outsourcing your Security Compliance needs Today there are countless standards, mandates, laws and regulations that organizations are required to adhere to depending on what industry you are selling your application to. With all of the compliance requirements and the ever shifting IT landscape, it is certainly challenging – if…