Raj Raghavan, Author at Securitybricks

Securitybricks Launches FedRAMP Accelerator on ServiceNow Platform

Posted on 25-Jul 202325-Jul 2023 by Raj Raghavan

Securitybricks releases the first FedRAMP accelerator built on ServiceNow platform for the recently released FedRAMP Rev 5 controls.

SAN FRANCISCO, CA, UNITED STATES, July 25, 2023/EINPresswire.com/ — Securitybricks announced today that it has launched the first FedRAMP accelerator built on ServiceNow platform for the recently released FedRAMP Rev 5 controls. It is now available on ServiceNow Store as a free download.

As an authorized FedRAMP Third-Party Assessment Organization (3PAO) and a ServiceNow Build partner, Securitybricks combined its in-depth understanding of control testing by incorporating continuous monitoring capabilities with control automation for 80% of the FedRAMP controls. The accelerator will enable Cloud Service Providers (CSPs) to reduce time for FedRAMP Authority to Operate (ATO) assessment using various data elements within their ServiceNow platform.

The accelerator comes with 320+ controls needed for FedRAMP moderate assessment and questionnaire samples built on the ServiceNow CAM (continuous monitoring and authorization). Out of the box, the accelerator comes with FedRAMP Rev 5 control content along with ability to build authorization boundary, a SSP (system security plan) and POA&M management.

Securitybricks FedRAMP solution extends the free accelerator which includes:

– Complete citations and authority documents for FedRAMP Rev 5 controls
– Content for inherited controls from Azure and AWS
– Ability to build authorization boundary using cloud workload data
– SSP document along with required FedRAMP ATO artifacts
– Connectors to AWS Security Hub and Azure Defender for cloud configuration and vulnerability data
– Supply chain controls automation
– Continuous monitoring reporting including POA&M

“We are excited to bring the first automated FedRAMP ATO solution built on the ServiceNow platform. In addition, all our solution implementations are backed by a free ‘mock 3PAO audit’ to guarantee the ATO package meets FedRAMP PMO requirements.” stated Raj Raghavan, CEO of Securitybricks.

##

About Securitybricks, Inc.

Securitybricks, Inc. is a cybersecurity consulting firm focused on cloud security and compliance. Based in the U.S., its team members are all U.S. Citizens, including military veterans, with over 15+ years of experience in implementing cybersecurity and regulatory compliance controls. https://securitybricks.io/.

About FedRAMP

The Federal Risk and Authorization Management Program (FedRAMP) is a United States federal government-wide compliance program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. All Cloud Service Providers (CSPs) seeking to offer services to the Federal government are required to be assessed by a 3PAO.

Learn more about how Securitybricks can help you achieve FedRAMP Compliance at the FedRAMP Marketplace here.

Raj Raghavan
Securitybricks, Inc.
email us here

https://www.einpresswire.com/article/646297318/securitybricks-launches-fedramp-accelerator-on-servicenow-platform

Securitybricks Earns FedRAMP Third Party Organization Assessment (3PAO) Status

Posted on 18-Apr 202318-Apr 2023 by Raj Raghavan

This accreditation enables Securitybricks to validate that service providers have implemented the required cloud security measures to protect government data.

SAN FRANCISCO, CA, UNITED STATES, April 18, 2023/EINPresswire.com/ — Securitybricks announced today that it has earned accreditation as a Third Party Assessment Organization (3PAO) under the Federal Risk and Authorization Management Program (FedRAMP). This accreditation authorizes Securitybricks to assess and certify cybersecurity controls for Cloud Service Providers looking to do business with any of 400+ US Federal agencies.

To earn the 3PAO accreditation, Securitybricks completed a comprehensive assessment conducted, over a span of 2 years, by the American Association for Laboratory Accreditation (A2LA), the FedRAMP 3PAO accreditation body to verify technical competence and quality management compliance to ISO/IEC 17020:202 standard.

Securitybricks will leverage its domain expertise in cloud security and control compliance, and its thorough understanding of NIST 800-53 control requirements to provide a suite of approved 3PAO services. In addition, Securitybricks has developed an automation approach that can shorten a CSP’s FedRAMP readiness timelines and reduce certification costs by 40%.

“FedRAMP is the first step in Securitybricks’ commitment to the Public Sector market. President Biden signed the FedRAMP Authorization Act in Dec. 2022, that aims to facilitate and accelerate secure cloud adoption by providing defined security authorizations, which opens the federal market to CSP’s of all sizes…” stated Raj Raghavan, CEO of Securitybricks.

###

About Securitybricks, Inc.
Securitybricks, Inc., a firm focused on cloud security and compliance. Based in the U.S., its team members all US Citizens, including military veterans, have over 15+ years’ experience in implementing cybersecurity and regulatory compliance controls. https://securitybricks.io/.

About FedRAMP
The Federal Risk and Authorization Management Program (FedRAMP) is a United States federal government-wide compliance program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. All Cloud Service Providers seeking to offer services to the Federal government are required to be assessed by a 3PAO.

Learn more about how Securitybricks can help you achieve FedRAMP Compliance at the FedRAMP Marketplace here.

Katalin Pesti
Securitybricks, Inc.
3PAO@securitybricks.io

The Cyber Compliance Market

Posted on 20-Jan 202320-Jan 2023 by Raj Raghavan

Recently, someone asked me to quantify the federal cyber market.

FedRAMP is now a law that underlines the Government’s Cloud first mandate. After years of ambiguity and excessive costs to become FedRAMP certified to demonstrate data protection controls based on agency’s needs, the law now sets a level playing field for mid-size service enterprises who want to tap into the Federal market. The new law puts a system of reciprocity which allows federal agencies to certify vendors and have the same level of data protection more easily.

While this law is appealing, the certification rules have not changed. Readiness is still a mountain to climb even with an understanding of the intent of NIST 800-53 controls and the applicability to the service provider’s environment. While the NIST requirements are complex, the cloud security architects and DevOps ability to design and implement the service within an approved boundary with appropriate data controls is no small feat. The demand for these cloud security professionals is very high.

Once you are FedRAMP certified, the burden to provide continuous monitoring reports that include reporting on incidents, security events, and scan for vulnerabilities while ensuring the new product features don’t cause “significant change” is an ongoing program.

“Let us do the numbers” from my favorite NPR show Marketplace by Kai Ryssdal.

While 2022 saw the federal government spend over $11B in cloud technologies, the new bill signed in Dec. 2022 increases the spending
The Federal market is a long-term revenue stream with a market of 440 agencies
Government agencies in 10 states have adopted FedRAMP and renamed it StateRAMP
FedRAMP is the security gate that will open the gates to these agencies
FedRAMP requires validation from a pool of 40 3PAOs
The lack of cloud security and application security professionals will further strain service providers ability to get certified quickly

The numbers are interesting but, where do you start?

Does your compliance team or security team understand NIST security framework?
Is your commercial cloud deployment aligned to security benchmarks or regulations?
Don’t let 1000 controls of NIST intimidate you. These are common sense cyber hygiene controls that are broken into domains that your information security probably has implemented
3PAOs can offer guidance, but your FedRAMP readiness team should have cloud security engineers who can map current security tools and processes to NIST requirements
While AWS, GCP and Azure offer “FedRAMP Ready” GovCloud, see if it makes sense to implement your cloud software in the GovCloud and continuously monitor it
This is not a security tool game or FedRAMP ready “blueprint” but an assessment of your security controls and process to meet a slightly higher security requirement

There is a small battalion of certified assessors who can provide guidance and certification. The shortage of certified auditors is increasing timelines as many of us are now getting ready for CMMC, a DoD mandate, that impacts 300,000+ DoD subcontractors in 2023.

Contact

Let us hear from you