Clik here to view.
Is it time to enforce an Authority-to-Operate (ATO) for Healthcare...
The Change Healthcare security breach has impacted over 94% of hospitals as reported by the American Health Association (AHA). A cascading set of events was unleashed starting with the Feb 21, 2024...
View ArticleContinuous ATO: Going from Authority to Operate (ATO) to Ability to Respond
This white paper explores best practices designed to help reduce the time and cost of ATOs while improving access to risk data using process automation. The post Continuous ATO: Going from Authority to...
View ArticleClik here to view.
Test & Evaluation Techniques for Meeting M-24-10 Mandates to Manage...
Overview The release of the National Institute of Standards and Technology (NIST)’s AI Risk Management Framework (AI RMF) helped put a framework around how testing would enable organizations to manage...
View ArticleManaging Generative AI Risk and Meeting M-24-10 Mandates on Monitoring &...
OMB’s memo M-24-10 (5c. Minimum Practices for Safety-Impacting and Rights-Impacting Artificial Intelligence) is prescriptive (and timebound): No later than December 1, 2024 and on an ongoing basis...
View ArticleClik here to view.
An Analysis of AI usage in Federal Agencies
Existing Regulations As part of its guidance to agencies in the AI Risk Management (AI RMF), the National Institute of Standards and Technology (NIST) recommends that an organization must have an...
View ArticleClik here to view.
How Much Does FedRAMP Compliance Cost?
FedRAMP compliance costs can be broken up into two parts: 1) initial ATO costs and 2) ongoing authorization or continuous monitoring costs. The initial FedRAMP compliance professional services costs...
View ArticleClik here to view.
Adding GenAI to a FedRAMP Authorized Boundary
The FedRAMP PMO announced the Emerging Technology Prioritization Framework (ETPF) to fast-track AI solutions in code generation, image generation, and chatbots. Cloud service providers (CSP) with...
View ArticleClik here to view.
ThreatAlert® on Google Cloud Platform: A Proven Solution for Comprehensive...
Alec Meyer, Sr. Cloud Solutions Specialist As cloud adoption continues its meteoric rise, so too does the complexity of securing diverse environments. At stackArmor, our ThreatAlert® Security Platform...
View ArticleClik here to view.
Accelerating CMMC 2.0 Compliance for Defense Contractors with Microsoft Azure
Microsoft Azure provides a suite of highly integrated security services that provide a cost-effective solution for Defense contractors looking to meet the CMMC 2.0 requirements. The Cybersecurity...
View ArticleClik here to view.
Conducting a CMMC 2.0 Readiness Assessment
The Cybersecurity Maturity Model Certification program gives the Defense Department a mechanism to verify the readiness of defense contractors both large and small to handle controlled unclassified...
View ArticleClik here to view.
Embracing MLSecOps for Secure and Safe AI Systems
The advent of artificial intelligence (AI) is transforming practically every corner of our world. Concurrently, the need for MLSecOps platforms has become fundamental in ensuring the security of AI...
View ArticleClik here to view.
California’s AI RAMP or FedRAMP for AI?
California’s AI RAMP or FedRAMP for AI?: Urgent need for an actionable and enforceable US safety and security framework for AI California State Bill 1047 was passed today by the Assembly where it heads...
View ArticleClik here to view.
A New Way to SSP: The Component Definition Approach to Defining Controls
A New Way to SSP: The Component Definition Approach to Defining Controls Guest Post by Johann Dettweiler, CISO, stackArmor Imagine a world where the “say nothing” narrative implementation statements,...
View ArticleMaking FedRAMP ATOs Great with OSCAL and Components
OMB Memo M-24-15 published on July 24, 2024 directed GSA and the FedRAMP PMO to streamline the FedRAMP ATO process using NIST OSCAL. By late 2025 or early 2026 (18 months after the issuance of the...
View Article