SchellmanCON is back! Join us for our virtual conference on March 6 & 7, 2025

Contact Us
Services
Services
Crypto and Digital Trust
Crypto and Digital Trust
Schellman Training
Schellman Training
Sustainability Services
Sustainability Services
AI Services
AI Services
About Us
About Us
Leadership Team
Leadership Team
Corporate Social Responsibility
Corporate Social Responsibility
Careers
Careers
Strategic Partnerships
Strategic Partnerships

Blog

The Schellman Blog

Stay up to date with the latest compliance news from the Schellman blog.

Blog Feature

Federal Assessments

By: Doug Stonier
December 6th, 2024

When deciding to take on a new compliance initiative, one question that often gets asked is whether or not work done for prior assessments can be leveraged to save time or money. For those who have pursued FedRAMP Authorization and now wish to go through IRAP—both frameworks that must be adhered to as a means to do business with two different governments—the good news is that your experience with FedRAMP will provide a solid foundation for IRAP.

Blog Feature

Cybersecurity Assessments | Federal Assessments

By: JEFF SCHIESS
November 14th, 2024

In today’s ever-evolving cyber threat landscape, maintaining robust cybersecurity isn’t just a regulatory requirement—it’s a business imperative, and there are multiple avenues organizations can take to do so.

Blog Feature

Federal Assessments

By: JEFF SCHIESS
October 28th, 2024

While the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) is technically just a set of guidelines, best practices, and standards intended to improve your infrastructure so that organizations can better manage and reduce cybersecurity risk, it’s possible to go through a five-step assessment process to make sure you really are adhering to those standards and provide independent assurance to your customers.

Blog Feature

Federal Assessments

By: Jon Coffelt
September 17th, 2024

When organizations opt to pursue a new compliance initiative, aside from cost and necessary resources, the first thought is usually regarding what to expect. That’s true for StateRAMP as well, and though many may—correctly—assume that there are some similarities between it and the more popular FedRAMP, there are several very clear deviations by the former from the latter that you know about going in.

Blog Feature

Penetration Testing | Federal Assessments

By: Christian Underkoffler
September 13th, 2024

The release of FedRAMP’s Revision 5 has raised many questions, including those regarding the addition of a red team exercise requirement for those seeking FedRAMP authorization. As the #1 provider of FedRAMP assessments on the Marketplace who have extensive experience in offensive security, we have insight to offer.

Blog Feature

FedRAMP | Federal Assessments

By: Tim Walsh
September 3rd, 2024

Looking back, December 2023 was a big month for the Department of Defense (DoD). Not only did they release the 32 CFR Part 170 - Cybersecurity Maturity Model Certification (CMMC) Proposed Rule, but they also published a memorandum titled Federal Risk and Authorization Management Program (FedRAMP) Moderate Equivalency for Cloud Service Provider’s (CSP) Cloud Service Offerings (CSOs). The latter, in a huge development, clarified requirements for CSOs that are currently (or will be) storing, processing, or transmitting Covered Defense Information (CDI)—more commonly referred to as Controlled Unclassified Information (CUI)—although there are some nuances that must be understood.

Blog Feature

Federal Assessments

By: Chris Lepotakis
August 22nd, 2024

Now that the DoD Cloud Computing Security Requirements Guide (SRG) v1r4 has been officially retired, cloud service providers (CSPs) will need to familiarize themselves with the two new documents that have replaced those requirements—the latest DoD CSP SRG v1r1 and DoD Mission Owner (MO) SRG—to maintain compliance with applicable mandates.

Blog Feature

Federal Assessments | CMMC

By: Tim Walsh
August 13th, 2024

Looking back, December 2023 was a big month for the Department of Defense (DoD), as they released the both memorandum titled Federal Risk and Authorization Management Program (FedRAMP) Moderate Equivalency for Cloud Service Provider’s Cloud Service Offerings, as well as the 32 CFR Part 170 - Cybersecurity Maturity Model Certification (CMMC) Proposed Rule.

{