When a business works with the general public, there’s a certain level of risk inherent in the process. We see it time and time again, with companies subject to data breaches and the loss of public information, like what happened to Target in 2013, Equifax in 2017, 23andMe in 2023, and many, many more. While there are security standards in place for private corporations, enforcement is slim, and violations tend to be retroactively applied.

In the world of government operations, information changes hands on a daily basis. Some of that information is public, readily available, and completely open.

The National Institute of Standards and Technology has introduced a new revision of the Special Publication 800-53, revision 5. As with any document change of this scope there are minor and major changes. This paper will provide a high level overview of the significant changes, addressing a redefined focus in control families, accountability, governance, as well as a discussion of new control families, privacy transparency and supply chain risk management.

FedRAMP JAB ATO, P-ATO, and Certification can be a tricky set of requirements to navigate, and the confusion starts early. For example, what are any of those terms, and what do they mean? While some of you already know, everyone has to learn somewhere, so let’s go through and define them, what they mean, and what you need to do to adhere to them. Beyond that, we’ll help you navigate the process and find the best way to get the accreditation status you need.