You Failed your FedRAMP Assessment: Now What?

        As an independent software vendor (ISV), you’ve done all the right things in the commercial market. Customers love your product. Your product has a buzz in the industry. You carefully identify the public sector as your next target. All the meetings go well. You find a government project that’s hungry for…

The Federal Government ATO Process: A Guide for ISVs

Commercial independent software vendors (ISVs) who want to do business with the Department of Defense (DoD) and the federal government must meet strict security and compliance regulations by passing an Authority to Operate (ATO) process. The stakes are high for government IT security because sensitive and even top-secret data can be found in the government…

Senate Passed a Major Cybersecurity Legislation Requiring Incident Reporting

  On Tuesday, March 2, 2022, the Senate passed major cybersecurity legislation to force reporting of cyberattacks and ransomware. This risk-based approach appears to take into consideration federal officials’ warnings on the potential of Russian cyberattacks against the United States. While cyber incident reporting is now a “landmark” bill, cloud service providers managing security and…

Version (v1r4) of the DoD (CC SRG) Released

Today the Department of Defense released their latest version (v1r4) of the DoD Cloud Computing Security Requirements Guide (CC SRG).  The 351-page SRG includes a lot of renewed and modified guidance for DoD cloud solution providers.  Understanding when and how to implement this new guidance is important for all existing DoD deployments, but especially for…

Why Software Vendors (ISVs) Should Leverage Cloud Platform-as-a-Service

Cloud Platform-as-a-service or PaaS is primarily designed for software vendors (ISVs). Leveraging PaaS allows ISVs to develop, run, manage and scale their software and services without worrying about infrastructure management. Developers can build on top of cloud PaaS to write their code and use it as a code hosting platform for version control and collaboration.…