9 matches found
What NIST’s latest password standards mean, and why the old ones weren’t working
Say goodbye to the days of using the "@" symbol to mean "a" in your password or replacing an "S" with a "$." The U.S. National Institute of Standards and Technology NIST recently announced new guidelines for the ways website and organizations should handle password creation and management that wi...
Threat and vulnerability management - No time for complacency
There was some very good news in Coalfires 4th Annual Penetration Risk Report. Most notable was that high-risk vulnerabilities have been cut almost in half since 2018 when we first began reporting our pen testing research derived from thousands of direct client engagements. Also of note, the larg...
FedRAMP® CSPs face a new challenge meeting FIPS Compliance
The Federal Risk and Authorization Management Program FedRAMP requires Cloud Service Providers CSPs to meet federal mandates and achieve or maintain a FedRAMP authorization. One of those mandates require the consistent use of FIPS 140-2 validated cryptographic modules everywhere cryptography is...
Highlights from FedRAMP®’s new Penetration Test Guidance
In an effort to stay on top of the evolving threats being faced by the cloud community, the FedRAMP PMO released Version 3.0 of their Penetration Test Guidance, dated June 30, 2022. 3PAOs and CSPs should begin using the updated pen test guide for pen tests beginning shortly after June 5, 2022,...
Extending your FedRAMP Program to Container Infrastructure with the Qualys Cloud Platform
Following the recent release of the FedRAMP Vulnerability Scanning Requirements for Containers, FedRAMP-authorized systems that make use of containers have one month from March 16, 2021 to submit a plan for compliance with the new requirements. Organizations with a need to certify their services...
So your company has decided to do FedRAMP - What does that mean?
The exponential increase in cloud adoption in recent years has led to a dramatic increase in technology companies evolving from software and application companies to Software as a Service SaaS, Platform as a Service PaaS or Infrastructure as a Service IaaS providers. The 2011 release of the Cloud...
Top 10 Things CSPs Need to Know about FedRAMP Authorization on Amazon Web Services
Coalfire conducted a webinar, FedRAMP on AWS: What you need to know. The discussion covered what cloud service providers need to know when pursuing FedRAMP authorization leveraging AWS U.S East/West or GovCloud. Below youll find the Top 10 things that cloud service providers should know...
FedRAMP Readiness Assessment Report (RAR) template launched
As part of the FedRAMP Accelerated process, cloud service providers CSPs can now complete a Readiness Assessment Report RAR to demonstrate their readiness for the FedRAMP process. The RAR is required for CSPs pursuing the FedRAMP JAB approval route. CSPs should also consider having a Readiness...
FedRAMP Question and Answer session from PMO webinar
On October 25, the FedRAMP PMO conducted its first webinar, in what will be a series of webinars, on the FedRAMP process. This first webinar covered the four methods that CSPs can get listed in the FedRAMP repository. This webinar is well worth the time to listen to it. The PMO had a lengthy Q&A...