From AFT to ATO: The Prequel
The purpose of this installment was originally to continue our journey; however, I was fortunate enough to speak on this topic in-depth at HashiTalks. Due to its technical nature, we thought it better to complete the blog series by taking a step back and providing a discussion about what the tool is, the problems it solves, and how it can empower us…
An Overview of Container Security for FedRAMP
In this article, we will explore container vulnerability scanning, frame the vulnerability management requirements in a FedRAMP context, and provide commentary on the new FedRAMP PMO updates to container scanning requirements for cloud service providers (CSPs)…
A Look at the Modernizing FedRAMP Memo
The White House Office of Management and Budget (OMB) released a draft memorandum with the goals of enhancing the Federal Risk and Authorization Management Program, widely known as FedRAMP. In this blog post, we will go through a brief background on FedRAMP, then dive into the details of the OMB memo, and what it means for the future of FedRAMP…
From AFT to ATO, AWS Native FedRAMP Compliance through Terraform (Part 1)
The complexity of achieving a FedRAMP status in this sea of ever-growing cloud architectures, often led us and customers to the same conclusion: new accounts! Why go through the process of updating the entirety of their current architecture, when we only need resources in the authorization boundary to be compliant?…
Understanding Google Chrome’s Manifest V3
Written By Understanding Google Chrome’s Manifest V3 Google Chrome is a cross-platform web browser developed by Google in 2008 for accessing the World Wide Web and running Web-based applications and is currently dominating as the most popular web browser at 65.84% market share. Google Chrome extensions are one of the most beloved and implemented features […]
An Introduction to OSCAL
Written By An Introduction to OSCAL The Open Security Controls Assessment Language (OSCAL) is a set of data formats that is used to express machine-readable representations of control catalogs, baselines, and security documentation. It is important to recognize that OSCAL is not a tool, but instead a language. Using OSCAL allows us a data interchange […]
CISA: A Quick History
Written By Get to Know CISA Perhaps one of the least understood aspects of information technology is cybersecurity. Despite constant reports of major hacks and data breaches affecting millions of Americans, there are still organizations that either practice poor security habits/protocols or neglect responsibility altogether. At one point, it could be argued this even extended […]
