Change Control & Configuration Management Processes for FedRAMP/FISMA/CMMC Compliance
Change control and configuration management processes help maintain a secure baseline configuration of the Cloud Service Provider’s (CSP) architecture.
Change control and configuration management processes help maintain a secure baseline configuration of the Cloud Service Provider’s (CSP) architecture.
AWS Resource Access Manager (RAM) is a service that enables you to easily and securely share AWS resources with any AWS account or within your AWS Organization.
stackArmor has been supporting customers since 2014 in assisting with their AWS cloud migration and management needs. Once the migration is done, continued cloud management is critical to receiving the cloud dividend. stackArmor has developed the Well-Managed Cloud framework and the stackArmor ThreatAlert® security platform to help customers easily manage their cloud environments. The ThreatAlert platform provides four key areas of focus including security, operations, compliance, and governance. Screenshot of ThreatAlert® Security Platform for managing and operating secure and optimal cloud environments on AWS A key part of operating a cloud environment is to ensure the lowest possible operational costs. To help customers implement an easy to understand Cloud cost optimization is the process of reducing your overall cloud spend by identifying mismanaged resources, eliminating waste, reserving capacity for higher discounts, and right-sizing computing services to scale. There are a few common cloud cost optimization best practices, including, finding
ISVs and Startups are increasingly being driven to provide software as a service to Government agencies. SaaS solutions are critical to driving digital transformation and helping agencies meet their mission requirements. Commercial organizations must obtain a FedRAMP Authority To Operate (ATO) to ensure that their cloud system meets government data confidentiality, integrity, and availability requirements. The technical architecture for obtaining an ATO can be especially challenging for large multi-product or multi-country organizations. For example, large ISV’s have multiple product lines or complex compliance requirements that must satisfy current and future needs. A platform-centric architecture is essential to ensure that the FedRAMP compliant system is scalable given the high cost of initial compliance. stackArmor has pioneered ATO Acceleration using an “in-boundary” platform-centric architecture on AWS. stackArmor-s ATO Acceleration solution is vetted by AWS and is called ThreatAlert®. The solution incorporates two key best practices highly relevant for compliance-focused organizations: 1) A
The Cybersecurity Maturity Model Certification (CMMC) is a unified standard for implementing cybersecurity across the Defense Industrial Base (DIB), which includes over 300,000 companies in the supply chain.
For start-ups, ISVs, small businesses, commercial organizations, government contractors, education institutions, and federal agencies that are considering achieving an Authority to Operate (ATO), join us for the ATO Acceleration Workshop on Wednesday, October 28th, 2020 at 1pm ET.
Since its release in 2014, Kubernetes has truly revolutionized the world of application orchestration.
stackArmor Lightning Talks – Compliance In The Cloud (AWS) stackArmor Presents Lightning Talks – Compliance In The Cloud on August 19th, 2020 at 1PM ETThe recording is available to watch on-demand! Session 1: ATO on CloudJoin us for an introductory session on the Authority to Operate (ATO) on AWS program. This will be followed by a panel discussion on ‘’Startups: Achieving ATO on AWS”. Time: 1:00pm – 2:25pm ETSpeakers:Greg Herrmann – Sr. Security Partner Strategist, AWSMike Colson – Technical Engagement Architect, AWSDon Spidell – Cloud Architect Lead, Summit Technology GroupMike Ciancio – IT Manager, G2OPSAndrew Urushima – SVP Finance, BitglassGaurav “GP” Pal – Principal and Founder, stackArmorMartin Rieger – Chief Solutions Officer, stackArmor Session 2: CIS Benchmarks and Audit Best PracticesGet an opportunity to learn about CIS benchmarks and offerings that help accelerate your path to FedRAMP/CMMC compliance. Hear from accredited FedRAMP third-party assessment organizations (3PAOs) on audit best practices,
Click here to register and watch the lightning talks recording on-demand!
The EKS service will now be presented to the FedRAMP JAB for accreditation such that government and defense organizations can start leveraging this service.
Federal Information Processing Standard (FIPS) FIPS 140-2 validated encryption is a prerequisite for FedRAMP and CMMC compliance and is governed by the FIPS 140-2 Publication, a U.S. government computer security standard used to approve cryptographic module.
The FIPS 140-2 standard specifies the security requirements that will be satisfied by a cryptographic module.
ISV’s and SaaS providers looking to obtain FedRAMP accreditation must comply with FIPS 140-2 encryption standards. The National Institute of Standards and Technology (NIST) issued the FIPS 140 Publication Series to coordinate the requirements and standards for cryptography modules that include both hardware and software components. It is critical to protect a cryptographic module within a security system to maintain the confidentiality and integrity of the information. ISV’s and Cloud Service Providers (CSP) looking to sell cloud solutions to the US Government and Department of Defense customers must understand FIPS requirements. Understanding FIPS FIPS (Federal Information Processing Standards) is a set of standards that describe document processing, encryption algorithms, and other information technology processes for use within non-military federal government agencies and by government contractors and vendors who support government agencies. The FIPS 140-2 standard specifies the security requirements that will be satisfied by a cryptographic module. The standard provides four increasing
The US Federal Government is expected to nearly double its acquisition of cloud services from 2019 to 2024 based on a newly released market
Commercial ISV’s and SaaS providers looking to provide cloud-based services to US Federal and Department of Defense customers
The FedRAMP Marketplace continues to show robust growth of over 30% every year with US Government agencies granting nearly 1,000 ATOs for FedRAMP.
Prior to beginning the FedRAMP certification journey, it is important to understand and categorize the nature of the data being hosted in the cloud service.
FedRAMP PMO developed a security assessment framework that must be followed by commercial cloud service providers seeking an authority to operate (ATO)
Containers are increasingly being adopted and deployed on cloud platforms like Amazon Web Services (AWS). Services like Amazon Elastic Container Registry (ECR)
Organizations looking to comply with NIST SP 800-53 or NIST SP 800-171 security requirements for obtaining an Authority-To-Operate (ATO) for FedRAMP, FISMA
US Government & Defense Agencies are modernizing using FedRAMP accredited cloud services. Learn how you can reduce the time and cost of obtaining a FedRAMP
FedRAMP certification is a security and compliance accreditation requirement for commercial cloud service providers looking to sell
Commercial organizations selling cloud hosted applications to US Federal and Department of Defense agencies must have a FedRAMP accreditation.
AWS re:Invent is a conference hosted by Amazon Web Services for the global cloud computing community. The event features keynote announcements, training and certification opportunities, access to more than 2,000 technical sessions, a partner expo, after-hours events, and so much more. We are proud to be featured at AWS re:Invent 2019 by our customer- Zscaler highlighting our work in accelerating NIST/FedRAMP compliance for research universities: