Blog

stackArmor, Carahsoft partner with University of Utah School of Medicine to Accelerate FISMA ATO for NEMSIS

TYSONS CORNER, Va., Dec. 15, 2023 — stackArmor, Inc., a leading provider of FedRAMP, FISMA, CMMC 2.0, NIST AI RMF and StateRAMP compliance acceleration solutions and Carahsoft Technology Corp., the Trusted Government IT Solutions Provider® today announced that it has assisted University of Utah School of Medicine, with successfully obtaining a FISMA Moderate ATO for the National Emergency Medical Services Information System (NEMSIS). NEMSIS is a collaborative system hosted on Amazon Web Services (AWS) to improve prehospital patient care through the standardization, aggregation, and utilization of point of care EMS data at a local, state, and national level. NEMSIS is a program of US Department of Transportation’s National Highway Traffic Safety Administration (NHTSA) Office of EMS and hosted by the University of Utah’s Data Coordinating Center, housed within the School of Medicine. “FISMA is one of the most important regulations regarding Federal data security standards and guidelines. An ATO (Authority To Operate) forms the

Read More »

Understanding Risk Assessment Standards for Deploying Safe & Secure AI Systems

A blog post by Matthew Venne, Sr. Solutions Director, stackArmor It’s no secret that Cloud 2.0 will be driven by Artificial Intelligence (AI). The rate at which the world is adopting AI-based solutions is nothing short of staggering; what was once viewed as science fiction, is quickly becoming science fact. With each AI system that gets deployed into the world, another machine takes ownership of decisions previously made by a human. We are currently seeing AI being adopted across all sectors of life: self-driving cars, college admissions, housing applications, the defense industry and more.  This presents unique challenges and risks that require new thought leadership to properly assess and mitigate. What happens if: An Autonomous Intelligence System (AIS) used for college admissions incorporates a bias against any demographic? An AI-powered smartwatch discovers its owner has a condition they wanted to keep private? An AIS escalates its own privileges to access

Read More »

All Eyes on AI: Rising Interest, Regulation, and Compliance Requirements

AI is so much more than a buzz term these days. It is a full blown technological revolution commanding the attention of industries and sectors across the board. Its surging role is particularly evident in the public sector where government and federal agencies are flocking to capture the benefits of the emerging tech. Take the Department of State for example. In order to automate the time-consuming task of documentation processing and declassification, the department has instituted an AI-driven pilot project that helps to streamline reviews. AI Initiatives from The White House and Public Sector  But as AI gains traction, there is also a rush to get ahead of its challenges. In a talk hosted by the Information Technology Industry Council, Arati Prabhakar, the director of the White House’s Office of Science and Technology Policy, discussed an expected executive order that focuses on balancing opportunity with risk. Of course, that became

Read More »

FedRAMP and Federal Cybersecurity Market Roundup October 2023

October was a busy month for FedRAMP. From Federal Secure Cloud Advisory Committee (FSCAC) meetings to an automation overhaul, there were a slew of activities aiming to further prepare the program for the future it faces and will need to serve. Developing the Next Generation of FedRAMP The push to really explore FedRAMP’s upcoming chapter began with the first FSCAC meeting of the month on October 19. The focus of this particular gathering was to delve further into the Cloud Solution Provider (CSP) Authorization Path and offer an opportunity to present insights on how to enhance this process. The following convening on October 26 was centered around the growing role of Continuous Monitoring (ConMon), also offering an opening of the floor to discuss input that would lead to draft recommendations. But the key theme that keeps recurring is automation. While the forthcoming November meetings will tune more deeply into equipping

Read More »

stackCast Episode #4: Nick Mistry, SVP and CISO at Lineaje

On a new episode of stackCast (powered by stackArmor), host Martin Rieger, Chief Solutions Officer & CISO at stackArmor, welcomes the SVP and CISO at Lineaje, Nick Mistry. The two discuss: The importance of software supply chain security and why it has been mandated by some government programs such as FedRAMP and FISMA The overview of a Software Bill of Materials (SBOM) and breakdown of transitive dependencies vs. dependencies Why Lineaje developed an SBOM exchange platform (SBOM360 Hub) and how it works How SBOM360 Hub impacts the overall security posture of a company To learn more about Lineaje and how they solve critical Software Supply Chain security problems faced by every organization that builds, uses, or sells software, please visit: https://www.lineaje.dev/. – About stackCast: Welcome to stackCast, powered by stackArmor, your go-to source for all things related to cloud security and cybersecurity compliance. Hosted by Martin Rieger, Chief Solutions Officer

Read More »

Accelerating FedRAMP ATOs: OMB Memo

The Office of Management and Budget (OMB) released a Draft Memorandum for Modernizing the Federal Risk and Authorization Management Program (FedRAMP) on Friday, Oct 27, 2023. FedRAMP was codified in 2022 when Congress passed the FedRAMP Authorization Act (“Act”).  The Act established FedRAMP within the General Services Administration (GSA) and created a FedRAMP Board to provide input and recommendations to the Administrator of GSA. FedRAMP has been in place through a Office of Management and Budget (OMB) memorandum in December 2011. OMB released the DRAFT Memorandum that has a number of highlights. Salient elements of the proposed changes are summarized below from our perspective in having supported over 200 system migrations and ATOs since 2009 when we supported the first Government wide Cloud Authorization To Operate (ATO) in May 2010 for Recovery.gov and then the first Cabinet Agency Cloud ATO in Dec 2010 for Treasury.gov. SaaS focus: OMB has a

Read More »

Suzette Kent Joins stackArmor AI Risk Management Center of Excellence (CoE)


By: Gaurav “GP” Pal, Founder and CEO, stackArmor Last month at stackArmor, we announced the establishment of our AI Risk Management Center of Excellence (CoE), comprised of executives with strong operational backgrounds and experience driving large-scale modernization efforts in Federal agencies.   We’re pleased to share that Suzette Kent, former Federal Chief Information Officer for the United States, is joining the stackArmor CoE to advise and provide ongoing counsel to stackArmor and its stakeholders. “Harnessing the power of AI for delivery of government mission and services will be transformational,” said Suzette Kent. “But, it is complicated to align all the emerging policy, risk frameworks, approval processes and existing policy and law.  I am thrilled to be included in the COE because I have seen the work of the stackArmor team to drill down to details and find a path to connect all the pieces.  We can only get to use of

Read More »

FedRAMP and Federal Cybersecurity Market Roundup September 2023

It’s been a few weeks now since Carahsoft’s FedRAMP Headliner Summit, but there is no shortage of moments to recall from it. For instance, Robert Costello commemorated his two-year anniversary as CIO at the Cybersecurity and Infrastructure Security Agency (CISA) during the event. While speaking on his role, he explained the difference that has unfolded, including a greater emphasis on having technically savvy federal employees. As quoted by MeriTalk, he stated, “We’re now doing cutting-edge technology solutions, providing services to the agencies that we weren’t before…” Growing Demand for Cloud Services It’s an important point that agencies such as CISA are enhancing tech skills. With growing risk, expanding innovations, and rising regulations, the demand is higher than ever. This is seen in funding initiatives as well. According to Government Technology, the federal government is preparing to distribute $1 billion to states and cities in order to support their cybersecurity plans.

Read More »

Implementing Zero Trust with Okta’s Identity Engine

By: Matthew Venne, Senior Solutions Director In an increasingly interconnected world, securing digital assets and sensitive information has never been more critical. In a never-ending game of “cat and mouse, malicious actors and cyber security professionals go back and forth trying to one-up each other.   As a result, the security required to protect digital assets has outgrown the “traditional” perimeter-based security model, where processes and identities are typically only authenticated once and then implicitly trusted.   To adapt to the new network complexity, a new model, the “Zero Trust” security model, has gained prominence as a more robust and effective approach to safeguarding data and systems.  Okta, a leading identity and access management (IAM) solution provider, has recently introduced its Identity Engine to implement Zero Trust principles. In this blog post, we will delve into how Okta’s Identity Engine implements Zero Trust and the benefits it offers for modern organizations. Understanding

Read More »

stackArmor Launches ATO for AI™ Governance Model To Help Public Sector Organizations Safely and Securely Accelerate AI Adoption

Solution receives industry backing with newly established AI Risk Management Center of Excellence (CoE) MCLEAN, Va., September 27, 2023 – stackArmor, the leader in security and compliance acceleration for government organizations, today announced its Approval To Operate (ATO) for AI™ accelerator, that helps public sector and government organizations rapidly implement security and governance controls to manage risks associated with Generative AI and General AI Systems. ATO for AI™ builds on the decades of experience in managing digital and information systems risk using open NIST standards like NIST RMF, NIST SP 800-53 and NIST SP 800-171 and integrates them with emerging frameworks like NIST AI RMF specifically tailored to manage AI risk. As organizations across the globe reap the benefits of AI for automated decision-making and data analysis, the Biden administration recently issued a fact sheet announcing commitments from eight AI companies to manage the risks posed by AI. The document notes the

Read More »

stackCast Episode #3: Stephen de Vries, CEO at IriusRisk

On a new episode of stackCast (powered by stackArmor), host Martin Rieger, Chief Solutions Officer & CISO at stackArmor, welcomes the CEO at IriusRisk, Stephen de Vries. The two discuss: What threat modeling is, and why it’s crucial in today’s digital landscape How IriusRisk automates the threat modeling process How IriusRisk breaks down silos between Security and Development The guide to how companies can invest in security Compliance and how working with G-SIBs comes with a unique challenge To learn more about IriusRisk and how they automate the threat modeling process, please visit: https://www.iriusrisk.com/. —- About stackCast: Welcome to stackCast, powered by stackArmor, your go-to source for all things related to cloud security and cybersecurity compliance. Hosted by Martin Rieger, Chief Solutions Officer & CISO at stackArmor, the series focuses on navigating the ever-changing landscape of cloud technology and cybersecurity. In a world where our reliance on digital technology is

Read More »

Looking Forward to the GovForward FedRAMP Headliner Summit

What’s the cloud hanging over cloud service providers’ heads? The rapidly evolving threat landscape. It’s challenging to keep up with the pace and scale of risk, which is especially true when you are working with clients as essential as federal government agencies. Therefore, it’s critical to not only maintain cyber hygiene, but to anticipate what’s lurking. One key way to help reach those goals is to band together with other cybersecurity experts to exchange ideas, discuss the topics impacting everyday tasks, explore solutions, and brainstorm on what’s ahead. Cue the GovForward FedRAMP Headliner Summit presented by GovExec. GovForward FedRAMP Headliner Summit  On August 23, leaders across the cybersecurity, cloud technology, government, and military fields will descend on the Waldorf Astoria in Washington, D.C. for conversations ranging from the need to better protect critical infrastructure to the state of cloud adoption. The main overarching theme, though, will be examining the impact

Read More »