So you're here because you need a federal assessment or you want to pursue a federal assessment and you're not sure where to start. There are a myriad of options. So today we're going to discuss what those options are to hopefully better define your roadmap and determine what makes sense for you and your organization. Hi, I'm Marci Womack. I'm a federal services practice leader here at Schellman. We've been doing federal assessments, going on 10 years and do hundreds of these annually. We often talk to organizations who are either in the federal space or want to pursue opportunities in the federal space. And there are many assessment and compliance opportunities that they don't know which one makes sense for their organization. Our goal today is to outline what some of those frameworks are and what the options you have depending on the services that you provide to your customers or the types of data that you're handling on behalf of your customers. So the few different options of federal services or federal assessments that are available to you, one of the hot topics is:

One of the most worrying things that can happen during an assessment is scope creep. The name even sounds scary. In this video, we're going to talk about:

Many organizations want to understand how they can pursue a CMMC certification. They're really interested in the standard or they know it's very important to their line of business. And today we're going to talk about the ways that CMMC certification can happen right now. And what we expect in the future.

If you are a software developer and you want to be assessed against the PCI-DSS, maybe the secure software lifecycle under the SSF is a better choice for you. Let's talk about why.

Critical security control failure. It's a whole lot of words. What does this mean? How does this apply to your organization? Well, we here at Schellman are well aware of these requirements. Stay tuned.

So you're interested in having a penetration test performed and you're wondering, is one enough for five years? Do I have to do it weekly or monthly? In this video, we'll talk about how frequently you should have a test performed.

You're a cloud service provider and you want to do work for the federal government. In order to do that though, you need to be FedRAMP authorized and you've been told by the government agency that you're trying to sell to that, you need to be FedRAMP authorized. In this short video, we're going to walk you through what the process is, what the journey is to get to the point where you have that authorization, you've been approved, and you can go and sell work to your federal agency customers.