SchellmanCON is back! Join us for our virtual conference on March 6 & 7, 2025

Contact Us
Services
Services
Crypto and Digital Trust
Crypto and Digital Trust
Schellman Training
Schellman Training
Sustainability Services
Sustainability Services
AI Services
AI Services
About Us
About Us
Leadership Team
Leadership Team
Corporate Social Responsibility
Corporate Social Responsibility
Careers
Careers
Strategic Partnerships
Strategic Partnerships

The Schellman Blog

Stay up to date with the latest compliance news from the Schellman blog.

Blog Feature

FedRAMP | Federal Assessments

By: Matt Hungate
February 15th, 2022

Self-help guru Tony Robbins once said that "the meeting of preparation with opportunity generates the offspring we call luck."

Blog Feature

Cloud Computing | FedRAMP | Federal Assessments

By: Schellman
December 16th, 2021

If you’re a cloud service provider, you’re required to make it through the Federal Risk and Authorization Management Program (FedRAMP) in order to receive Authority to Operate (ATO) in the federal marketplace which allows you to provide your services and products for use by the federal government. There are two different avenues you can take to achieve ATO—through the Joint Authorization Board (JAB) or through an agency.

Blog Feature

FedRAMP | Compliance and Certification | Federal Assessments

By: Matt Hungate
September 15th, 2021

As a Third Party Assessment Organization (3PAO), Schellman has been performing FedRAMP security assessments for Cloud Service Providers (CSPs) since 2014. During this time, we have seen our CSP clients pioneer technologies that provide federal agencies an opportunity to leverage new and innovative cloud services, all while modernizing their approach to building, deploying, and managing applications through containerization. Though this gradual shift to containerizing system components has increased CSPs’ operational efficiency and scale, it has also introduced new security risks to FedRAMP systems.

Blog Feature

Cybersecurity Assessments | FedRAMP | Federal Assessments

By: Douglas Barbin
May 13th, 2021

Yesterday, on May 12th, President Biden issued the “Executive Order (EO) on Improving the Nation’s Cybersecurity.” Given that the Order features 11 sections that include both policy and general provisions among others, its 8,080 words is arguably the equivalent of multiple EOs. Such an effort is, no doubt, purposeful by the President—this is significant, and will certainly impact the security worlds of both the government itself and those companies that provide it with software and services.

Blog Feature

FedRAMP | Penetration Testing | Federal Assessments

By: KENT BLACKWELL
July 8th, 2019

Though Amazon’s Relational Database Services (RDS) can make hosting a database much easier, using them can also present new challenges, including some that crop up when you’re trying to scan against security benchmarks or meet compliance initiatives.

Blog Feature

FedRAMP | Federal Assessments

By: MATT WILGUS
March 14th, 2018

Though vulnerability scanning is only one of the control requirements in FedRAMP, it is actually one of the most frequent pitfalls in terms of impact to an authorization to operate (ATO), as FedRAMP requirements expect cloud service providers (CSPs) to have a mature vulnerability management program. A CSP needs to have the right people, processes and technologies in place, and must successfully demonstrate maturity for all three. CSPs that have an easier time with the vulnerability scanning requirements follow a similar approach, which can be best articulated by breaking down the expectations into three stages.

Blog Feature

FedRAMP | Federal Assessments

By: JORDAN HICKS
October 3rd, 2016

When two alpinists approach the same rock wall, they may both have the goal of reaching the summit, but the process they take to get there likely diverges greatly. Maybe one hikes up the backside while the other opts to climb the rock face directly—it likely depends on their individual skills, their gear, etc.

Blog Feature

Cloud Computing | FedRAMP | Federal Assessments

By: MATT WILGUS
May 25th, 2016

Many cloud service providers (CSPs) are not fully addressing the database scanning requirements for FedRAMP and have questions related to database security and FedRAMP. This article details the issues associated with not meeting the database scanning requirement, the most common reasons why this occurs, what can be done to improve this and what to consider with database security beyond scanning.

{