#FedRAMPRevision5 Archives

Securitybricks Earns CMMC Third Party Organization Assessment (C3PAO) Status

Posted on 22-Aug 202301-Sep 2023 by Alyssa Seguin

Securitybricks’ C3PAO accreditation, along with its accelerators built on ServiceNow, enables Department of Defense contractors to meet CMMC requirements.

SAN FRANCISCO, CA, UNITED STATES, August 22, 2023/EINPresswire.com/ — Securitybricks announced today that it has earned accreditation as a Third Party Assessment Organization (C3PAO) from Cyber AB. This accreditation authorizes Securitybricks to perform Cybersecurity Maturity Model Certification (CMMC) assessments and certify any of the 300,000+ U.S. Department of Defense (DoD) contractors.

To earn the 3PAO accreditation, Securitybricks completed a comprehensive assessment conducted by Cyber AB, the authorized CMMC accreditation body authorized by DoD and Defense Industrial Base Cybersecurity Assessment Center (DIBCAC) to verify technical competence and quality management compliance to support DoD in protecting sensitive unclassified information.

Securitybricks has also launched its CMMC accelerators in partnership with ServiceNow to automate the CMMC assessment while meeting contractual flow down requirements using NIST 800-171 framework.

“Securitybricks is one of 10 companies in the U.S. who have earned both a FedRAMP 3PAO and a CMMC C3PAO status. These accreditations demonstrate our expertise in cloud security and compliance with a commitment to help DoD and Federal agencies protect sensitive data.” stated Raj Raghavan, CEO of Securitybricks.

###

About Securitybricks, Inc.
Securitybricks, Inc., a firm focused on cloud security and compliance. Based in the U.S., its team members all U.S. Citizens, including military veterans, have over 15+ years of experience in implementing cybersecurity and regulatory compliance controls. https://securitybricks.io/.

About CMMC
The Cybersecurity Maturity Model Certification (CMMC) is a comprehensive framework developed by the Department of Defense (DoD) to protect Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) that the Department shares with its prime and subcontractors. All Defense Industrial Base (DIB) contractors with CMMC DFARS clause are required to be assessed by a C3PAO.

Learn more about how Securitybricks can help you achieve CMMC Compliance at the Cyber AB Marketplace here.

Raj Raghavan
Securitybricks, Inc.
3PAO@securitybricks.io

https://www.einnews.com/pr_news/651342567/securitybricks-earns-cmmc-third-party-organization-assessment-c3pao-status

Securitybricks Launches FedRAMP Accelerator on ServiceNow Platform

Posted on 25-Jul 202325-Jul 2023 by Raj Raghavan

Securitybricks releases the first FedRAMP accelerator built on ServiceNow platform for the recently released FedRAMP Rev 5 controls.

SAN FRANCISCO, CA, UNITED STATES, July 25, 2023/EINPresswire.com/ — Securitybricks announced today that it has launched the first FedRAMP accelerator built on ServiceNow platform for the recently released FedRAMP Rev 5 controls. It is now available on ServiceNow Store as a free download.

As an authorized FedRAMP Third-Party Assessment Organization (3PAO) and a ServiceNow Build partner, Securitybricks combined its in-depth understanding of control testing by incorporating continuous monitoring capabilities with control automation for 80% of the FedRAMP controls. The accelerator will enable Cloud Service Providers (CSPs) to reduce time for FedRAMP Authority to Operate (ATO) assessment using various data elements within their ServiceNow platform.

The accelerator comes with 320+ controls needed for FedRAMP moderate assessment and questionnaire samples built on the ServiceNow CAM (continuous monitoring and authorization). Out of the box, the accelerator comes with FedRAMP Rev 5 control content along with ability to build authorization boundary, a SSP (system security plan) and POA&M management.

Securitybricks FedRAMP solution extends the free accelerator which includes:

– Complete citations and authority documents for FedRAMP Rev 5 controls
– Content for inherited controls from Azure and AWS
– Ability to build authorization boundary using cloud workload data
– SSP document along with required FedRAMP ATO artifacts
– Connectors to AWS Security Hub and Azure Defender for cloud configuration and vulnerability data
– Supply chain controls automation
– Continuous monitoring reporting including POA&M

“We are excited to bring the first automated FedRAMP ATO solution built on the ServiceNow platform. In addition, all our solution implementations are backed by a free ‘mock 3PAO audit’ to guarantee the ATO package meets FedRAMP PMO requirements.” stated Raj Raghavan, CEO of Securitybricks.

##

About Securitybricks, Inc.

Securitybricks, Inc. is a cybersecurity consulting firm focused on cloud security and compliance. Based in the U.S., its team members are all U.S. Citizens, including military veterans, with over 15+ years of experience in implementing cybersecurity and regulatory compliance controls. https://securitybricks.io/.

About FedRAMP

The Federal Risk and Authorization Management Program (FedRAMP) is a United States federal government-wide compliance program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. All Cloud Service Providers (CSPs) seeking to offer services to the Federal government are required to be assessed by a 3PAO.

Learn more about how Securitybricks can help you achieve FedRAMP Compliance at the FedRAMP Marketplace here.

Raj Raghavan
Securitybricks, Inc.
email us here

https://www.einpresswire.com/article/646297318/securitybricks-launches-fedramp-accelerator-on-servicenow-platform

Unveiling FedRAMP Revision 5

Posted on 12-Jun 202312-Jun 2023 by Sarah Lange

Recently, the Federal Risk and Authorization Management Program (FedRAMP) released its highly anticipated Revision 5 guidance, marking a significant milestone in cloud security compliance. With the release of FedRAMP Revision 5 (Rev 5), CSPs listed on the FedRAMP Marketplace are required to complete a delta assessment. This assessment ensures that existing CSPs align with the new control requirements by September 1st, 2023. Additionally, by October 1st, 2023, shared control information provided by cloud providers must be updated to adhere to the latest guidance.

What is new in FedRAMP Rev 5?

Expanded Control Set: FedRAMP Revision 5 introduces an expanded control set with 156 controls for Low, 323 controls for Moderate, and 410 controls for High impact systems. The testing of the Rev 5 controls is more threat based with a Risk Management approach. In Rev 5, there is a greater emphasis on aligning controls with the identified threats and risks that are relevant to the cloud service being assessed. This approach helps to ensure that the controls implemented by the cloud service provider (CSP) are designed to address the threats and vulnerabilities associated with their environment.

New Controls and Enhancements: Revision 5 brings forth 20 new base controls and 17 existing controls with enhancements. These additions include controls focused on privacy, such as PII data handling, data residency, and software supply chain management. These new controls reflect the growing emphasis on safeguarding privacy and mitigating risks associated with data breaches and unauthorized access. An example of these changes is the addition of supply chain risk management requirements. CSPs must implement controls to assess vendors, validate software integrity, and monitor the supply chain continuously. This includes ensuring software integrity and verifying the authenticity of hardware and software components as well as continuous monitoring of the supply chain to identify and mitigate potential risks and vulnerabilities. An updated list of inherited controls from cloud providers like AWS, Azure will also be released soon.

Transition Timelines – 09.01.2023 and 10.02.2023

CSP’s ATO Journey	Delta Assessment Requirements	Annual or New Assessment	Deliverables to Agency or JAB

Starting ATO Process	None	Testing will be against Rev 5 unless CSP testing and package submission is completed by September 2023.	Rev 5 FedRAMP Package

Engaged with JAB or 3PAO for ATO Assessment	A delta assessment needs to be performed with testing schedules by a 3PAO.	Complete current ATO assessment in flight using Rev 4 base lines and templates if package will be submitted to the PMO no later than September 2023.	Document implementation and testing schedules for delta between Rev 4 and Rev 5 including plans to leverage shared controls. SSP and POA&M documents need to be updated with the implementation plans for Rev 5. Implementation of the Rev 5 controls must be completed by the next Annual Assessment to support testing of the control implementation.

CSPs with ATO Listed on Marketplace	By 09.01.2023 or prior to issuance of ATO (whichever is latest), a delta assessment needs to be performed with testing schedules by a 3PAO. By 10.02.2023, CSPs need to update shared controls implementation plans.	CSPs whose reassessment is between Jan. 1st, 2023 – July 3rd, 2023, have one year from last assessment date to complete implementation of Rev 5 controls. For customers with annual reassessment from July 4th, 2023, to Dec. 15th, 2023, will need to complete all Rev 5 implementations no later than their next scheduled annual assessment in 2023/2024.	Standard FedRAMP package for annual assessment with Rev 5 updates SSP and POA&M monitoring the status of the Rev 5 implementation. Delta Assessment report and POA&M.

These milestones and activities are essential for successfully transitioning from Rev 4 to Rev 5 and ensuring compliance with the updated FedRAMP requirements.

Conclusion: FedRAMP Revision 5 represents a significant step forward in the realm of cloud security compliance. With an expanded control set, new controls and enhancements, and a focus on continuous monitoring and documentation, CSPs have a short timeline to complete delta assessments and implementation of new Rev 5 controls.

Contact

Let us hear from you