It’s the authorization a company has to have before their systems can access/store federal government data.
The National Institute of Standards and Technology (NIST) has the 800-53 which is a ~500 page document that’s just a list of controls that must be followed, and companies have to get audited once a year to make sure they complied with the controls the previous year.
The fun part is that most of the controls are worded super vaguely, and you’re at the mercy of the auditor’s interpretation of them.
That’s pretty great. I had to go full Karen on our auditors to speak to their supervisors because apparently the NIST definition of a term doesn’t matter if the auditor feels differently. And it was actually an unambiguous definition.
What’s a FedRAMP?
It’s the authorization a company has to have before their systems can access/store federal government data.
The National Institute of Standards and Technology (NIST) has the 800-53 which is a ~500 page document that’s just a list of controls that must be followed, and companies have to get audited once a year to make sure they complied with the controls the previous year.
The fun part is that most of the controls are worded super vaguely, and you’re at the mercy of the auditor’s interpretation of them.
Removed by mod
That’s pretty great. I had to go full Karen on our auditors to speak to their supervisors because apparently the NIST definition of a term doesn’t matter if the auditor feels differently. And it was actually an unambiguous definition.
Removed by mod
What does this auditor gig pay?
Removed by mod