A Summary of FedRAMP Rev. 5 Baselines
By Chor-Ching Fan The Federal Risk and Authorization Management Program (FedRAMP) Joint Authorization Board has approved the Rev. 5 baselines, aligning them with [...]
Get Ready: NIST SP 800-171 Revision 3 Evolves to Enhance Cybersecurity Measures
By Chor-Ching Fan NIST SP 800-171 is a publication by NIST that provides security requirements for safeguarding Controlled Unclassified Information (CUI). The guidelines [...]
Rizkly 800-171 Rev 3
By Chor-Ching Fan & Dave Trout Proposed Changes to NIST SP 800-171 Revision 3 Enhance Cybersecurity Measures NIST SP 800-171 is a publication [...]
FedRAMP Authorization Act Now Codified
FedRAMP Authorization Act Codified Big news—the FedRAMP Authorization Act has been passed! What exactly does this mean? The FedRAMP Authorization Act is part of [...]
CMMC Waiver Process & May 2022 Updates
By Chor-Ching Fan & David Trout Contractors awaiting an update from the DoD rulemaking process to firm up CMMC requirements recieved some insight [...]
Do or Delegate…Achieving Compliance in a Shared Responsibility World
By Chor-Ching Fan & David Trout Businesses can relieve many security and compliance burdens by using cloud services provided by Amazon AWS or [...]
Common Core Controls – A Strategy Rizkly Supports
By Chor-Ching Fan When facing a tight compliance deadline, you might not want to think about anything but satisfying the security controls that [...]
The Compliance Advisory Cost Conundrum
By David Trout & Chor-Ching Fan Today, businesses of all sizes face growing challenges from compliance requirements. Staying in compliance requires more skill, experience, and knowledge than ever before. [...]
DoD CMMC 1.0 Spec Released! What are My Options?
DoD CMMC 1.0 Spec Released! What are My Options? By Chor-Ching Fan and David Hall The DoD Cybersecurity Maturity Model Certification (CMMC) intends to be the new best way [...]
CMMC Says Goodbye to POAMs
By Chor-Ching Fan Under NIST SP 800-171, Department of Defense (DoD) contractors were considered compliant if they could demonstrate a plan for meeting security requirements at a future date. [...]