Fedramp certification & Cybersecurity & Compliance Firm

  With the recent unveiling of CMMC 2.0, the expanded presence of StateRAMP, and new FedRAMP advisory guidelines for external servers, it’s safe to say that 2022 has a lot in store for Federal compliance changes. Tony Bai, A-LIGN’s Federal Practice Lead, and Emily Cummins, Anitian’s Director of Cloud Security, had a chance to sit down and discuss the latest news in federal compliance and what it could mean for your organization. Let’s dive in and get their thoughts on the latest CMMC 2.0 introduction, the new FedRAMP authorization boundary guidance, StateRAMP and more! CMMC 2.0Like everyone else in the world of federal compliance, A-LIGN and Anitian have been closely tracking the Cybersecurity Maturity Model Certification (CMMC) since the U.S. Department of Defense (DoD) shared its initial draft of the model in early 2020. With the release of CMMC 2.0 , three major changes were recently announced: fewer security tiers, removing some third-party assessment requirements, and allo...

Even though compliance is an on-going process, each individual assessment has its own lifecycle, which begins with a self-assessment of scoping factors. This can be a tedious process to complete for every audit, especially if the same questions get asked more than once, or continue to show up in assessment requirements. Fortunately, HITRUST has introduced a strategic approach to its scoping factors, which it announced in its Assurance Advisory: 2020-003 . HITRUST made multiple changes to its scoping factors, streamlining the audit process by mapping scoping factor questions to assessment requirements – eliminating unrelated requirements. The scoping factor now includes additional context to questions to avoid the typical back-and-forth that could occur during QA of the assessment. This Assurance Advisory is set to minimize unrelated requirements when a scoping factor is marked “no” and to curtail the constant flow of “this is not applicable because…” responses currently captured in H...

Is your organisation getting maximum value from its compliance program? Each compliance report or certification you possess is more than just a document — it’s an affirmation to your customers, prospects, and partners that your company understands the importance of cybersecurity and is fully capable of safeguarding sensitive information. To spread the word about the assessments that have been completed and what they actually mean, your organisation needs to identify and leverage all available opportunities to market your compliance program and drive new revenue into the business. Whereas companies in the U.S. — especially in the tech industry — can be quite enthusiastic about promoting their various certifications and achievements, organisations in Europe tend to be a bit more subdued when it comes to compliance marketing. Read on to explore the top tips you should be using to market your unique competitive advantage: compliance. Publish a Press Release The press release is a cornersto...

  The emergence of automated security and compliance solutions still leaves organizations with a problem: these point solutions are unable to provide independent third-party certification. Preparation is a key component to a successful audit, but it is only the first step. A-LIGN is transforming how organizations demonstrate compliance by combining its compliance management platform, A‑SCEND, with its years of audit experience through a single-provider approach – from audit readiness to certification, across multiple security frameworks. An audit encompasses readiness, evidence collection, fieldwork, reporting, and certification. Investing into readiness software alone creates a “last mile” problem, meaning that an organization will still need to invest time and money into an additional service provider to complete its audit. There is a management adage that “a failure to plan is planning to fail,” but when a solution is only focused on preparation then an organization may experien...