Contact Us
Services
Services
Crypto and Digital Trust
Crypto and Digital Trust
Schellman Training
Schellman Training
Sustainability Services
Sustainability Services
AI Services
AI Services
About Us
About Us
Leadership Team
Leadership Team
Corporate Social Responsibility
Corporate Social Responsibility
Careers
Careers
Strategic Partnerships
Strategic Partnerships

Blog

The Schellman Blog

Stay up to date with the latest compliance news from the Schellman blog.

Blog Feature

FedRAMP | Federal Assessments

By: Nick Rundhaug
March 26th, 2025

As more government agencies move sensitive data to the cloud, ensuring security and compliance is of paramount importance. As such, the FedRAMP (Federal Risk and Authorization Management Program) assessment and authorization process is a critical framework to ensure that cloud environments meet federal security standards.

Blog Feature

FedRAMP | Federal Assessments

By: Matt Hungate
March 25th, 2025

Recent changes to FedRAMP® have sparked conversations about the program’s future, but one fact remains clear: FedRAMP is here to stay. Recognized as a critical program by the General Services Administration (GSA), it plays a key role in ensuring the security of cloud services used by federal agencies. That said, as the program evolves, notable changes are imminent.

Blog Feature

FedRAMP | Federal Assessments

By: Matt Hungate
March 10th, 2025

Cybersecurity is no longer just a best practice—it’s a necessity, a foundational pillar of our national security. For over a decade, FedRAMP, or the Federal Risk and Authorization Management Program, has set the gold standard for securing the federal government’s cloud infrastructure, saving time, resources, and taxpayer dollars. But today, we stand at a crossroads. The challenges in front of us - bureaucratic roadblocks, inefficiencies, and budget constraints - threaten to unravel years of progress. The question is clear: Will we rise to the occasion, modernizing FedRAMP without sacrificing its integrity? Or will we allow short-term obstacles to drag us backward into an era of duplication, inconsistency, and increased vulnerability?

Blog Feature

FedRAMP | Payment Card Assessments | PCI DSS

By: Ken Van Allen
March 6th, 2025

Given today’s continually evolving threat landscape, strengthening access controls is an essential element and growing priority of any robust security program. As such, it’s no surprise multi-factor authentication (MFA) has become a widely adopted compliance requirement by a significant number of security standards across industries. That said, it can be difficult to understand the intricacies of the MFA regulations for each compliance framework.

Blog Feature

FedRAMP | Penetration Testing | Red Team Assessments

By: Clint Mueller
December 16th, 2024

Since the beginning of 2024, FedRAMP Revision 5 has mandated that organizations not only perform traditional penetration tests, but also undergo comprehensive red team engagements. This new requirement reflects a broader emphasis on assessing not just technical vulnerabilities, but also the effectiveness of an organization’s overall security posture, including it’s response to sophisticated and realistic threats. Over the past year, we’ve conducted many red team exercises, each tailored to different organizational environments and threat landscapes. These engagements have varied significantly in scope and complexity, offering us a wealth of insights into both our successes and the challenges we’ve faced.

Blog Feature

FedRAMP | Federal Assessments

By: Tim Walsh
September 3rd, 2024

Looking back, December 2023 was a big month for the Department of Defense (DoD). Not only did they release the 32 CFR Part 170 - Cybersecurity Maturity Model Certification (CMMC) Proposed Rule, but they also published a memorandum titled Federal Risk and Authorization Management Program (FedRAMP) Moderate Equivalency for Cloud Service Provider’s (CSP) Cloud Service Offerings (CSOs). The latter, in a huge development, clarified requirements for CSOs that are currently (or will be) storing, processing, or transmitting Covered Defense Information (CDI)—more commonly referred to as Controlled Unclassified Information (CUI)—although there are some nuances that must be understood.

Blog Feature

FedRAMP | Federal Assessments

By: Marci Womack
November 10th, 2023

On October 27, 2023, the Office of Management and Budget (OMB) released a draft memorandum titled Modernizing the Federal Risk Authorization Management Program (FedRAMP). Savvy readers may have noticed the parallelism of the 2011 and 2023 FedRAMP memorandums to those for FISMA in 2002 and FISMA 2014—for FISMA, the latter memo focused on "Modernization" in comparison with the former one regarding "Management."

Blog Feature

FedRAMP | Federal Assessments

By: Andy Rogers
October 3rd, 2023

To become FedRAMP authorized, you must pass the initial, rigorous FedRAMP assessment. But in the following years, you’ll also need to complete Annual Assessments performed by a third-party assessment organization (3PAO) if you’re interested in maintaining that compliance.

{