FedRAMP compliance?

Hello CS leaders!

I'm doing some research on FedRAMP compliance, trying to understand how much of a lift it would be and what kind of timeline is needed for a company to become compliant.

If you/your company has worked on this, I'd love to chat, please reach out!

Alex

Find more posts tagged with

Technology

Comments

Alex Thebert

Thanks, Jeremy! A customer was asking about this and I was trying to understand the scope. The below sg on cost was very illuminating!

For anyone that is looking for info on this, here's the quick overview i've pieced together:
tl;dr: All cloud services holding federal data require FedRAMP authorization. So, if you want to work with the federal government, FedRAMP authorization is an important part of your security plan.

Who's compliant rn: https://marketplace.fedramp.gov/#!/products?sort=productName&status=In%20Process;Compliant

Jeremy Mulder

Hi Alex - Thinking of getting into B2G? My experience (including working at a startup in the governance, risk, and compliance space): it's a significant lift. It's not my world anymore, but you might check out Reciprocity as a place to get started; they have a team of GRC experts over there and they know their stuff and make it digestible and actionable. And if it's not them, I bet they could point you in the right direction.

Best,