SchellmanCON is back! Join us for our virtual conference on March 6 & 7, 2025

Contact Us
Services
Services
Crypto and Digital Trust
Crypto and Digital Trust
Schellman Training
Schellman Training
Sustainability Services
Sustainability Services
AI Services
AI Services
About Us
About Us
Leadership Team
Leadership Team
Corporate Social Responsibility
Corporate Social Responsibility
Careers
Careers
Strategic Partnerships
Strategic Partnerships

The Schellman Blog

Stay up to date with the latest compliance news from the Schellman blog.

Blog Feature

Federal Assessments | StateRAMP

By: Jon Coffelt
July 9th, 2024

For those wanting to acquaint themselves with StateRAMP, we’ve put together answers to some of the most frequently asked questions we receive as an experienced Third-Party Assessment Organization (3PAO).

Blog Feature

Federal Assessments

By: Schellman
May 28th, 2024

Now that the deadline for the CISA Secure Software Development form is quickly approaching, organizations are working to ensure they get their attestation in order—that includes FedRAMP Cloud Service Providers (CSPs).

Blog Feature

Federal Assessments

By: Douglas Barbin
May 14th, 2024

With the deadlines for the newly incorporated Cybersecurity Infrastructure and Security Agency (CISA) Secure Software Development Attestation Form looming, organizations supplying government-used software must get their ducks in a row to ensure compliance with these requirements.

Blog Feature

Federal Assessments | IRAP

By: Doug Stonier
May 2nd, 2024

In a rapidly transforming digital landscape, private organizations aren’t the only ones attempting to protect themselves from evolving cyber threats—governments are too. In the United States, FedRAMP and StateRAMP have risen to prominence as “gatekeeper” frameworks to doing work with those levels of American government, and on the opposite side of the globe, Australia has IRAP.

Blog Feature

Federal Assessments

By: Charles Turnbow
March 26th, 2024

If you’re considering undergoing a FedRAMP High Assessment, you must understand that this is the most rigorous baseline among the standard FedRAMP options, making it a daunting—if necessary—endeavor. What would likely help is knowing what’s coming in more detail so that you can better prepare.

Blog Feature

Federal Assessments

By: Austin Bentley
February 22nd, 2024

When FedRAMP issued Revision 5 in May 2023, the changes included a new requirement for a red team exercise in addition to the already-mandated penetration test. Now that Rev 5 is officially being enforced as of 2024, organizations pursuing FedRAMP Authorization must get this new obligation right.

Blog Feature

Federal Assessments | CMMC

By: Todd Connor
December 19th, 2023

In the latest revision of documents pertinent to the ongoing CMMC countdown, NIST SP 800-171 R3 has been released. Though there were only a handful of changes in this new version, there were some significant ones regarding the assessment practices and their presentation that those monitoring the progress of CMMC should know.

Blog Feature

Federal Assessments | CMMC

By: Schellman
November 20th, 2023

With the introduction of the Cybersecurity Maturity Model Certification (CMMC) program, contractors working with the U.S. Department of Defense (DoD) will be required to meet a certain level of cybersecurity maturity ensuring the protection of the involved sensitive information and data, specifically controlled unclassified information (CUI) and federal contract information (FCI).

{