After a few failed attempts, cyber incident reporting legislation made it over the finish line as part of the fiscal year (FY) 2022 appropriations bill – a victory hailed by Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly and lawmakers as a necessary step for more visibility to protect critical infrastructure. […]
The Senate on March 1 approved by unanimous consent the Strengthening American Cybersecurity Act of 2022. The bill is a sweeping legislative package introduced last month that aims to update the Federal Information Security Management Act (FISMA), codify the General Services Administration’s Federal Risk and Authorization Management Program (FedRAMP), and require timely cyber incident reporting by critical infrastructure providers. […]
Leadership of the Senate Homeland Security and Governmental Affairs Committee has introduced a package bill in the Senate that would update both the Federal Information Security Management Act (FISMA), which sets cybersecurity requirements for Federal agencies, and codify the Federal Risk and Authorization Management Program (FedRAMP) that certifies cloud services as secure to use for Federal government agencies. […]
Jennifer Franks, director of information technology and cybersecurity at the Government Accountability Office (GAO), is calling on the Office of Management and Budget (OMB) to develop a standardized definition of what the Federal Risk and Authorization Management Program (FedRAMP) costs and how government agencies should evaluate costs when moving their services into the cloud. […]
stackArmor announced today that the company is working with Red Hat to accelerate the FedRAMP Authority to Operate (ATO) project for Red Hat OpenShift Service on AWS (ROSA). […]
The Senate Homeland Security and Governmental Affairs Committee voted today to advance the Federal Secure Cloud Improvement and Jobs Act of 2021, sending the bill to the full Senate for consideration. […]
The Senate Homeland Security and Governmental Affairs Committee held a roundtable discussion on Nov. 30 with Federal officials and industry experts about proposed reforms to the General Service Administration’s (GSA) Federal Risk and Authorization Management Program (FedRAMP). […]
The Federal government has transitioned from a “Cloud First” to a “Cloud Smart” strategy intended to guide agencies in leveraging cloud technology without compromising security. However, accomplishing this is a team effort, Federal officials said during a SCGov panel discussion on November 16.
Sen. Gary Peters, D-Mich., chairman of the Senate Homeland Security and Governmental Affairs Committee, introduced legislation this week to make permanent the General Service Administration’s Federal Risk and Authorization Management Program (FedRAMP), and ensure that Federal agencies can quickly and securely adopt cloud technologies. […]
Following on the successes of the FedRAMP program that certifies cloud services as secure to use for Federal government agencies, the home-grown StateRAMP program is forging ahead with similarly vital services to state and local governments and institutions of higher learning, state, and industry leaders explained on October 5 during MeriTalk’s StateRAMP: Taking the On-Ramp to Secure SLED Cloud Solutions online event. […]
The fiscal year (FY) 2022 National Defense Authorization Act (NDAA) passed the House of Representatives late Sept. 23 with a bipartisan 316-113 vote. Among the amendments are a number of tech provisions focusing heavily on cybersecurity, along with some focusing on the digital workforce, cloud, and AI. […]
StateRAMP, the nonprofit formed earlier this year by leaders from state and local governments and the private sector to help state and local governments manage their third party supplier cybersecurity risks, has released the initial roster of its Authorized Vendor List (AVL). […]
The Office of Management and Budget (OMB) and the Cybersecurity and Infrastructure Security Agency (CISA) both published key draft guidance documents today that provide the next set of road maps for Federal civilian agencies to transition to zero trust security concepts over the next three years and to guide agencies to securely migrate to cloud services. […]
Federal IT modernization may see a significant increase in funding, $3.35 billion to be exact, if an amendment from Rep. Gerry Connolly, D-Va., is successful. […]
The Federal Risk and Authorization Management Program (FedRAMP) authorization journey can sometimes be a confusing one to navigate, but experts agree that the National Institute of Standards and Technology’s (NIST) Open Security Controls Assessment Language (OSCAL) formats are helping to speed the FedRAMP approval process. […]
Federal agency demand for cloud service products in the General Services Administration’s (GSA) FedRAMP marketplace showed a 60 percent year-over-year jump in the first half of Fiscal Year 2021, as agencies continued their move to cloud services in order to deal with pandemic-driven tech needs and IT modernization priorities. […]
FedRAMP released its annual survey for FY2021 today. […]
A new tool from MeriTalk and stackArmor is providing insight into the Federal Risk and Authorization Management Program (FedRAMP), and helping cloud service providers (CSPs) make data-driven decisions while pursuing their authorization journey. […]
The FedRAMP Authorization Act sponsored by Rep. Gerry Connolly, D-Va., has been nearly four years in the making without crossing the goal line. But after the House approved the bill earlier this year, Rep. Connolly said today that the House is “working in lockstep” with Senate colleagues to hopefully pass the bill in 2021. […]
The American Association for Laboratory Accreditation (A2LA) has released an updated version of the R311 policy document, which outlines the requirements for all FedRAMP recognized third-party assessment organizations (3PAOs) and organizations seeking A2LA accreditation to be recognized by FedRAMP. […]
While the Federal government certifies cloud vendors as secure through the General Services Administration’s (GSA) Federal Risk and Authorization Management Program (FedRAMP), an official at the Government Accountability Organization (GAO) shared striking statistics about agencies going outside of the program for cloud vendors, which can lead to vulnerabilities. […]
FedRAMP and the National Institute of Standards and Technology (NIST) announced the release of version 1.0.0 of the Open Security Controls Assessment Language (OSCAL) that aims to help cloud service providers (CSPs) speed the FedRAMP approval process. […]
Due to the ongoing COVID-19 pandemic, FedRAMP announced that it is now allowing remote testing of data centers. […]
The General Services Administration’s FedRAMP program announced that it extended the deadline for its Connect Business Cases to May 21, 2021. […]
The Internal Revenue Service’s (IRS) Office of Online Services (OLS) is looking for a FedRAMP compliant Customer Feedback Management (CFM) cloud-based solution. […]
The Federal Risk and Authorization Management Program (FedRAMP) has released guidance for scanning for vulnerabilities in cloud containers. […]
U.S. Customs and Border Protection (CBP) issued a request for information (RFI) regarding the private sector capabilities to support key capabilities of an Incident-Driven Video Recording System (IDVRS) program – body-worn cameras (BWC), video management systems (VMS), IT infrastructure, cloud-based storage systems, and other interrelated systems supporting incident-driven recordings. […]
The FedRAMP Program Management Office (PMO) announced March 24 that it has recently joined YouTube. The PMO said its channel will serve as “a one-stop source for quick, simple, informative videos on FedRAMP tutorials, and program updates.” […]
The United States Census Bureau is turning to cloud services, in the form of Software-as-a-Service (SaaS), to design and deploy surveys. […]
As COVID-19 created unprecedented demand for remote work, one Federal agency was especially well equipped to transition to full telework in March 2020. The civilian agency had invested in robust collaboration tools and IT infrastructure, including network bandwidth upgrades in January 2020, which eased the transition and kept workers productive. […]