wilsonconsultinggroup

  What is FedRAMP? FedRAMP is a U.S. government-wide program that delivers a standard approach to the security assessment, authorization, and continuous monitoring of cloud products and services. Compliance is mandatory for all Cloud Service Providers (CSPs) that hold federal data and are providing or seeking to provide services to federal agencies. Why Do You Need FedRAMP? Cloud Service Providers (CSP) must meet FedRAMP requirements in order to do business with US government agencies as part of the “Cloud first policy”. FedRAMP is designed as a “do once, use many” framework to create efficiency in government procurement of  cloud services . As part of the program, CSPs pursuing FedRAMP are required to be independently assessed by a Third Party Assessment Organization (3PAO). How Can CSPs Achieve FedRAMP Authorization? An accredited and certified Third Party Assessment Organization (3PAO) like the WCG, can perform FedRAMP assessments and assist CSPs and government agencies to ...

  Understanding the Need of Improving Cybersecurity Awareness in Healthcare Many cyberattacks succeed due to mistakes by employees and a lack of awareness of basic aspects of cybersecurity. According to the 2022 Verizon Data Breach Investigations Report, 82% of data breaches in 2021 involved the human element. Improving security awareness of the workforce by focusing on key behaviors will go a long way toward improving security and preventing data breaches. HIPAA and Security Awareness Security awareness training is a requirement for compliance with the HIPAA Security Rule. The administrative safeguards of the HIPAA Security Rule require all HIPAA-regulated entities to train workforce members on internal security policies and procedures, with the 45 CFR § 164.308 (a)(5)(i) standard requiring “a security awareness and training program for all members of its workforce (including management).” HIPAA-regulated entities should adopt a risk-based approach when developing training courses...

These days, many questions arise surrounding the security of data and cloud posture: “How did this happen, why did this happen, and can this happen again?” Fortunately, the Federal Risk and Authorization Management Program (FedRAMP) exists for non-federal organizations that handle sensitive, confidential government data. The Ponemon Institute, in collaboration with IBM Security, examined 550 organizations impacted by data breaches between March 2021 and March 2022. According to their findings, (which extended across 17 countries and regions and in 17 different industries): “. . . 45% of breaches occurred in the cloud. . . ,” which is why cloud protection services today are both a desirous and necessary commodity. Further delving into the research reveals, too, that organizations: “still need a mature cloud security posture, regardless of the cloud model.” (IBM Security®, Cost of Data Breach Report 2022, P. 39). Fortunately, organizations have experienced a reduction in risks and a mini...

Beware all cyber threats; you have new challenges to face! The Federal Risk and Authorization Management Program(FedRAMP) has implemented the new National Institute of Standards and Technology (NIST) 800-53 Rev.5 baseline and security control requirements to address cyber threats. Considered a new “threat-based methodology”, the changes provide guidance to assist Cloud Service Providers (CSPs), FedRAMP Third-Party Assessment Organizations (3PAOs), and Federal Agencies to transition to the new FedRAMP requirements. The Rev. 5 baseline is an innovative approach that helps the government to inform risk management decisions. Additionally, this approach provides CSPs, 3PAOs and Federal Agencies with an opportunity to expedite the authorization process by prioritizing controls that mitigate threats and vulnerabilities posing the most risks to federal systems and data. The NIST 800-53 Rev.5 baseline applies to both FedRAMP security and privacy controls . FedRAMP remains a federally managed pr...

  FedRAMP’s Changes: What Exactly Does It Mean? Everything changes, which means nothing stays the same. The Federal Risk and Authorization Management Program (FedRAMP) has encountered changes , and those changes mean that requirements are not the same for Cloud Service Providers (CSPs) who provide or plan to provide cloud service offerings (CSOs) to U.S. Government agencies. Effective FY 2023, the FedRAMP Joint Authorization Board (JAB) approved the FedRAMP Rev. 5 baselines, which makes U.S. contractors responsible for paying strict attention to the services they offer to government entities; this applies to CSPs because the services they offer codify the FedRAMP Authorization Act (the “Act”). The newly implemented changes include several new security measures such as changes to control totals, the integration of new privacy considerations, notable control families, and guidance not featured in Rev 4; all of which reinforce cloud protective protocols. What is Rev. 5? Rev. 5 refers ...