Cloud 101

Industry Insights

Read the latest cloud security news, trends, and thought leadership from subject matter experts.

Industry Insights
What the FedRAMP Authorization Act Means for Organizations
Published: 03/10/2023

Originally published by A-LIGN. Written by Tony Bai, Federal Practice Lead, A-LIGN. Since its creation in 2011, the Federal Risk and Authorization Management Program (FedRAMP) has provided a standardized government-wide approach to assessing the security of cloud computing services. However, due ...

What is the Timeline for the FedRAMP Process?
Published: 02/15/2023

Originally published by Schellman. Written by Andy Rogers, Schellman. Ever watched Jeopardy? Even if you haven’t, you’re likely familiar with the iconic theme music that plays every time contestants deliberate over their answers—it’s such an iconic tune that it’s become synonymous with waiting fo...

FedRAMP Certification: An Overview of Why It Matters
Published: 01/31/2023

Originally published by Titaniam. Cybersecurity is now in the spotlight as data breaches become a near-daily story. Organizations are consuming massive amounts of personal data that is directly tied to everyday people, and they’re often utilizing cloud-based services to help store them. This can ...

Everything You Need to Know About HITRUST Certification
Published: 01/13/2023

Originally published by A-LIGN. Written by Blaise Wabo, A-LIGN. HITRUST is a standards organization focused on security, privacy and risk management. The organization developed the HITRUST CSF to provide healthcare organizations with a comprehensive security and privacy program. This program was ...

3 Aspects of the FedRAMP Assessment Process: What Do You Need to Provide?
Published: 01/12/2023

Originally published by Schellman. Written by Andy Rogers, Schellman. Ever watched a personal trainer conduct a workout on social media? Throwing up weights like they’re nothing or repping for what seems like hours before a water break—they make it look so easy. So much so that many people watchi...

Advancing Trust in a Digital World
Published: 12/06/2022

Originally published by Thales. Written by Welland Chu, Business Development Director, Asia Pac, Thales. The pandemic has accelerated digital transformation beyond anyone’s imagination. Considering the increased cybersecurity risks introduced by digital technologies, what should society do to pre...

4 Important Compliance Management Tasks for Startups
Published: 11/28/2022

Originally published by A-LIGN. The ongoing increase in cyberattacks has emphasized the importance of cybersecurity and compliance management, especially for startups still gaining market share. As startups work to win new customers, they may have to overcome a prospect’s fears that as an organiz...

What is FedRAMP? Complete Guide to FedRAMP Authorization and Certification
Published: 11/07/2022

Originally published by A-LIGN. Written by Tony Bai, Federal Practice Lead, A-LIGN. With the rise in cybersecurity attacks comes wariness from customers — no one wants to work with an organization that has an increased risk of falling victim to an attack. And when it comes to the Federal governme...

FedRAMP vs. ISO 27001
Published: 10/28/2022

Originally published by Schellman here. Ever seen those jugglers that manage to balance multiple spinning plates at the same time? As impressive as it is, you figure you’d be happy to spin just the one plate successfully. For cloud service providers (CSPs), you have lots of different proverbial...

Your Guide to FedRAMP Pen Test Guidance 3.0
Published: 09/16/2022

Originally published by Schellman here. Written by Josh Tomkiel, Schellman. For the first time since 2017, the FedRAMP Project Management Office (PMO) has updated the Penetration Testing Guidance document. For Cloud Service Providers (CSPs) seeking FedRAMP Authority to Operate (ATO), that’s ...

When to Engage a FedRAMP Consultant vs. When to Engage a 3PAO
Published: 08/01/2022

Originally published by Schellman here. Written by Andy Rogers, Schellman. “I have a very particular set of skills. Skills I have acquired over a very long career. Skills that make me a very well-equipped advisor/assessor for your FedRAMP boundary.” If you’ve seen the film Taken, you’ll know that...

Is Your CSP Capitalizing on the Rise in Federal Cloud Spending?
Published: 07/12/2022

This blog was originally published by A-LIGN here. Written by Tony Bai, Federal Practice Lead, A-LIGN. With federal cloud spending at an all-time high, the government sector has become a lucrative market for technology companies. Analysis from Deltek indicates that federal agencies spent nearly $...

CCM v3.0.1. Update for AICPA, NIST and FedRAMP Mappings
Published: 08/02/2019

Victor Chin and Lefteris Skoutaris, Research Analysts, CSA The CSA Cloud Controls Matrix (CCM) Working Group is glad to announce the new update to the CCM v3.0.1. This minor update will incorporate the following mappings:Association of International Certified Professional Accountants (AICPA) Trus...

FedSTAR Pilot Program Status
Published: 07/24/2019

As the use of cloud technology has become more widespread, the concern about cloud security has increased. Government agencies and private sector users are concerned with protecting data and ensuring service availability. Many countries and private entities have designed and implemented security...

FedRAMP and PCI – A Comparison of Scanning and Penetration Testing Requirements
Published: 07/13/2015

By Matt Wilgus, Director of Security Assessment Services, BrightLineIn the last 30 days, the FedRAMP Program Management Office (PMO) has published guidance for both vulnerability scanning and penetration testing. The updated guidance comes on the heels of PCI mandating the enhanced penetration te...

Browse by Topic
Write for the CSA blog
Submit your blog proposal

Sign up to receive CSA's latest blogs

This list receives 1-2 emails a month.