Government IT Compliance

The future of government cloud compliance

Understanding the future of government cloud compliance   In 2018, nearly 79% of government IT spending was reserved for the maintenance of legacy systems, according to the IDC. But in the years since, more of those resources are being used to migrate workloads to the cloud.   Deloitte estimates that federal cloud spending has grown…

Read more

5 Benefits of Cloud Computing for Government Agencies

Federal, state and local governments have come a long way since the Office of Management and Budget introduced its “Cloud First” strategy in 2011. Although cloud adoption got off to a slow start, the public sector soon realized the potential of cutting-edge cloud computing.   According to Deloitte, federal cloud spending has increased at a…

Read more

You Failed your FedRAMP Assessment: Now What?

        As an independent software vendor (ISV), you’ve done all the right things in the commercial market. Customers love your product. Your product has a buzz in the industry. You carefully identify the public sector as your next target. All the meetings go well. You find a government project that’s hungry for…

Read more

The Federal Government ATO Process: A Guide for ISVs

Commercial independent software vendors (ISVs) who want to do business with the Department of Defense (DoD) and the federal government must meet strict security and compliance regulations by passing an Authority to Operate (ATO) process. The stakes are high for government IT security because sensitive and even top-secret data can be found in the government…

Read more

Senate Passed a Major Cybersecurity Legislation Requiring Incident Reporting

  On Tuesday, March 2, 2022, the Senate passed major cybersecurity legislation to force reporting of cyberattacks and ransomware. This risk-based approach appears to take into consideration federal officials’ warnings on the potential of Russian cyberattacks against the United States. While cyber incident reporting is now a “landmark” bill, cloud service providers managing security and…

Read more

Version (v1r4) of the DoD (CC SRG) Released

Today the Department of Defense released their latest version (v1r4) of the DoD Cloud Computing Security Requirements Guide (CC SRG).  The 351-page SRG includes a lot of renewed and modified guidance for DoD cloud solution providers.  Understanding when and how to implement this new guidance is important for all existing DoD deployments, but especially for…

Read more

Moving off milCloud?

The Defense Information Systems Agency is letting its milCloud 2.0 offering expire in May 2022.  The 89 DOD mission partners currently using milCloud will need to migrate their 4,500 workloads elsewhere by that date.  For Infrastructure-as-a-Service (IaaS), the mission partners will be able to leverage the Joint Warfighter Cloud Capability (JWCC) contract that DISA has…

Read more

SolarWinds Hackers Targeting Government

Microsoft has warned that the Russian group responsible for the SolarWinds hack is targeting the government. This comes in the wake of the United States and Britain accusing the Russian spy chief of coordinating the attack. The hack on SolarWinds has been amongst the most damaging cyberespionage events in the world. The cybercriminals are reported…

Read more

FedRAMP Authorization as a Service

In recent years, many DevOps teams with CI/CD pipelines have started exploring Security/Compliance for Government Agencies on their own through the addition of: static source code scans in their pipelines (Coverity, PMD, SonarQube, Yasca, etc) and traditional dynamic OWASP authenticated web application scans (BurpSuite, Acunetix). Consider a hypothetical company, Let’s Dev!, and that they already…

Read more