Making Sense of FedRAMP and StateRAMPTony Bai of A-LIGN Discusses the Changes, Differences in the Two Standards
Changes to Federal Risk and Authorization Management Program regulations will have a major impact on cloud services providers, compliance and cybersecurity controls, said Tony Bai, director and federal practice lead at A-LIGN. Bai offers insight on navigating the U.S government authorization requirements as well as the State Risk and Authorization Management Program.
The role of A-LIGN is to improve its customers' abilities to obtain the authorization frameworks by helping them understand what the process involves and by identifying their issues of compliance, Bai said.
"Unfortunately, dealing with any level of bureaucracy, there are going to be fits and starts to any project," Bai said, adding that A-LIGN always seeks to be a trusted partner.
In this video interview with Information Security Media Group at RSA Conference 2023, Bai also discusses:
- Recent and proposed changes to FedRAMP authorization;
- Differences between FedRAMP and StateRAMP;
- How A-LIGN helps its government customers gain FedRAMP and StateRAMP authorization.
Bai has over 27 years of IT experience, specializing the last 10 years in cybersecurity. His expertise includes providing risk assessments for government agencies and Fortune 500 companies across multiple industries. Prior to A-LIGN, Bai served as director of federal cybersecurity and IT risk management services at Imagine IT.