Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The government doesn’t often move quickly, but when it moves, the changes it makes tend to have long-term and far-reaching ripple effects throughout business and industry. That’s true whether it’s a policy decision, a financial decision, or a restructuring of an organization, and it will always be true at the scale the federal government operates. One recent change in the world of government cybersecurity is a change to how FedRAMP operates.

Cloud service providers looking to work with the government, whether it’s at the state and local level or at the federal level, will have to adhere to certain cybersecurity standards. At the federal level, the program is called FedRAMP: the Federal Risk and Authorization Management Program.

The Cybersecurity Maturity Model Certification, CMMC, is a critical part of ensuring robust and equal information security from top to bottom throughout the Department of Defense’s supply chain. A common misconception about CMMC, stemming from previous pre-CMMC security, is that it primarily applies to prime contractors and big businesses.

Most of the time on the Ignyte blog, we talk about overarching security frameworks like FedRAMP, CMMC, and ISO 27001. Sometimes, though, it’s worth digging deeper into smaller-scale elements of these frameworks. Today’s target is ISO 27017, the ISO/IEC publication focusing on cloud service security. What does this document entail, who needs to use it, and what does compliance involve? Let’s discuss.