Demystifying FedRAMP - Part 4 - Who is allowed to work on the system or access SSP documentation? What about non-US Persons / non-US Citizens?

Authored by: Jason Shropshire
Note: This is part 4 of a multi-part series. See the links below for other topics in the series. Today we will address questions around handling and security of the FedRAMP System Security Plan (SSP) and related documentation, as well as who is allowed access to components within the system boundary. This includes that ever pervasive question, “…

Demystifying FedRAMP - Part 3 - Is system documentation included in the system boundary? What classification should be placed on our system security plan (SSP)?

Authored by: Jason Shropshire
Note: This is part 3 of a multi-part series. See the links below for other topics in the series. Today we will address questions around handling and classification of the FedRAMP System Security Plan (SSP) and other documents that are included in the FedRAMP Package. This will be closely related to the next topic regarding the protection of this…

Demystifying FedRAMP - Part 2 – If I follow FedRAMP requirements and get a P-ATO, my cloud service will be well designed and attractive to Federal Agencies, right?

Authored by: Jason Shropshire
In part 1 of this series, we addressed the question “Is an NDA with FedRAMP needed to protect my company’s trade secrets?” In today’s topic we address the question “If I follow FedRAMP requirements and get a P-ATO, my cloud service will be well designed and attractive to Federal Agencies, right?”. The short answer is no…  But the key to…

Demystifying FedRAMP - Part 1 - Is an NDA with FedRAMP needed to protect my company’s trade secrets?

Authored by: Jason Shropshire
While providing FedRAMP consulting for our customers, we’ve have had to address a variety of questions that have come to us varying from the strategic to specific questions on how a Cloud Service Provider (CSP) should treat the information in its System Security Plan (SSP). In addressing these questions, we have sometimes floated questions to the…

The Mecklenburg County Ransomware Attack -- Four Key Takeaways for Your Breach Readiness Program

Authored by: Rob Seate
The scope of ransomware victims continues to rapidly expand beyond individual consumers and into business and Government organizations. This was recently evidenced in early December 2017 by the Mecklenburg County (NC) local Government in which they were the victim of a ransomware attack. The impact of this malicious software attack resulted in…

Is your organization ready for a data breach?

Authored by: Gary Daemer
We talk with many organizations every day, and the most common issue we see in cyber security today is culture, even though we see the threats everywhere in the news, on TV, in print and all over the internet. Despite all of this media coverage, organizations are still struggling getting past one of the first questions we are consistently asked…

Your wireless network is KRACK-ed! Time to act!

Authored by: Jason Shropshire
A new wireless vulnerability affecting WPA2 protected wireless networks was published by security researchers on Monday as first reported by ArsTechnica. A paper by two Belgian researchers has cast more light on the vulnerabilities discovered in the Wi-Fi Protected Access II (WPA2) implementations on most, if not all, wireless networking devices…

Higher Education Must Ensure Information Security

Authored by: Stephen Simchak
I was talking to my colleague, Nicole White, the other day about the need for DoD contractors to implement NIST 800-171 controls before the end of 2017 to comply with DFARS 252.204-7012. For over ten years, InfusionPoints has been helping Federal agencies implement the entire suite of FISMA controls. Now our company is thoroughly engaged in…