Understanding FedRAMP Compliance
Full Episode - The Other F Word
FedRAMP for many cloud service providers is the other F-word. Hear from experts in FedRAMP about the FedRAMP Programs, recent changes to the programs, how to get your company ready for a FedRAMP assessment and what benefits there are to utilizing advisory services as you prepare for your 3PAO assessment.
MindPoint Group's Director of GRC and FedRAMP, Gabriela Smith Sherman, is joined by Earthling Security's Joshua Marpet and Michael McPherson to discuss the ever-changing world of FedRAMP and the federal compliance landscape.
MindPoint Group: https://www.mindpointgroup.com
MindPoint Group Governance, Risk and Compliance: https://www.mindpointgroup.com/grc/grc-services-overview
MindPoint Group FedRAMP services: https://www.mindpointgroup.com/grc/fedramp-and-3pao
MJM Growth: https://mjmgrowth.com/
FedRAMP: https://fedramp.gov/
Highlights:
4:39 What is a 3PAO?
7:54 What is FedRAMP?
9:12 What is FedRAMP about?
12:09 FedRAMP is law - what does that mean for you?
14:27 Sponsorship and the path to make services FedRAMP-ready
21:08 EO 14028 and the importance of cybersecurity in future federal contracting
26:01 3PAO roles: advisory & audit
33:12 Shared security environment and authorization
36:49 Controls and NIST framework
44:00 Additional requirements for secure sectors
46:21 Challenges for implementing unfunded mandates
51:00 FedRAMP and FISMA
53:20 Expected timeframe for FedRAMP readiness
57:20 Benefits of readiness reports