Article

FedRAMP Low, Moderate, High: Understanding Security Baseline Levels

The Federal Risk and Authorization Management Program (FedRAMP) is a federal program that helps to assure that cloud service providers employ the proper level of information security when pr ...
July 20, 2022
Article

Cloud Security Compliance: 11 Steps on the Stairway to Cloud Services Heaven

Organizations are increasingly turning to cloud-based IT solutions, which makes cloud security compliance standards more important than ever before. The steps to cloud security compliance, h ...
November 22, 2021
Article

What is Continuous Monitoring in Cybersecurity?

Organizations today rely on technology and data to run their business operations. Many also use contract employees and cloud-based technology providers, and — thank you, COVID-19 — have ...
October 29, 2021
Article

How to Create a Plan of Action & Milestones (POA&M)

Cybersecurity risks are always changing, and even with continuous monitoring it can be difficult to know which areas of your IT system need your attention the most. With so many potential we ...
April 13, 2021
Article

What is Assessment and Authorization (A&A)?

As technological innovation continues to evolve, so do the nature and severity of cybersecurity threats. This makes robust information security controls and risk assessment high priorities f ...
March 15, 2021
Article

SOC 2 Data Center Standards for Compliance, Explained

Organizations that use a data center to support their infrastructure and computing needs must consider compliance as part of their overall risk management and IT policy development strategie ...
March 1, 2021
Article

Does FISMA Apply to State Governments?

FISMA, or the Federal Information Security Management Act of 2002, is part of the E-Government Act—a federal law in the United States, enacted by Congress, that provides data security stan ...
February 10, 2021
Article

October 2020: Compliance Certification Roundup

October 2020: Compliance Certification Roundup Each month, Reciprocity highlights companies that have earned compliance certifications for information security frameworks. Here’s our O ...
October 13, 2020
Article

July 2020: Compliance Certification Roundup

Each month, Reciprocity highlights companies that have earned compliance certifications for information security frameworks. Here’s our July 2020 roundup of compliance news from around ...
July 2, 2020
Article

Risk Assessment Checklist NIST 800-171

The National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171 is a subset of IT security controls derived from NIST SP 800-53.  NIST SP 800-53 provides a catalo ...
May 10, 2020
Article

What is NIST Special Publication 800-37 Revision 2?

National Institute of Standards and Technology (NIST) Special Publication (SP) 800-37 revision 2 is a Risk Management Framework for Information Systems and Organizations: A System Lifecycle ...
April 23, 2020
Article

Top Risk Management Issues Facing Higher Education

Institutions of higher education (IHEs) are besieged by risk, especially cybersecurity and information security risk. Risk management for these institutions is critical but also extremely ch ...
December 24, 2019
1 2