TRENDING:

Events , Government , Industry Specific

Making Sense of FedRAMP and StateRAMP

Tony Bai of A-LIGN Discusses the Changes, Differences in the Two Standards Mathew J. Schwartz (euroinfosec) • April 27, 2023    
Tony Bai, director, federal practice lead, A-LIGN

Changes to Federal Risk and Authorization Management Program regulations will have a major impact on cloud services providers, compliance and cybersecurity controls, said Tony Bai, director and federal practice lead at A-LIGN. Bai offers insight on navigating the U.S government authorization requirements as well as the State Risk and Authorization Management Program.

The role of A-LIGN is to improve its customers' abilities to obtain the authorization frameworks by helping them understand what the process involves and by identifying their issues of compliance, Bai said.

"Unfortunately, dealing with any level of bureaucracy, there are going to be fits and starts to any project," Bai said, adding that A-LIGN always seeks to be a trusted partner.

In this video interview with Information Security Media Group at RSA Conference 2023, Bai also discusses:

  • Recent and proposed changes to FedRAMP authorization;
  • Differences between FedRAMP and StateRAMP;
  • How A-LIGN helps its government customers gain FedRAMP and StateRAMP authorization.

Bai has over 27 years of IT experience, specializing the last 10 years in cybersecurity. His expertise includes providing risk assessments for government agencies and Fortune 500 companies across multiple industries. Prior to A-LIGN, Bai served as director of federal cybersecurity and IT risk management services at Imagine IT.

Previous
Network and Security Convergence: How It's Evolving
Next
Defending Against Emerging Threats in Mobile Security

About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.



Around the Network

Protecting Medical Devices Against Future Cyberthreats
Protecting Medical Devices Against Future Cyberthreats
Evolving Threats Facing Robotic and Other Medical Gear
Evolving Threats Facing Robotic and Other Medical Gear
Properly Vetting AI Before It's Deployed in Healthcare
Properly Vetting AI Before It's Deployed in Healthcare
Medical Device Cyberthreat Modeling: Top Considerations
Medical Device Cyberthreat Modeling: Top Considerations
Safeguarding Critical OT and IoT Gear Used in Healthcare
Safeguarding Critical OT and IoT Gear Used in Healthcare
How 'Security by Default' Boosts Health Sector Cybersecurity
How 'Security by Default' Boosts Health Sector Cybersecurity
Identity Security and How to Reduce Risk During M&A
Identity Security and How to Reduce Risk During M&A
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
Transforming a Cyber Program in the Aftermath of an Attack
Transforming a Cyber Program in the Aftermath of an Attack
Is It Generative AI's Fault, or Do We Blame Human Beings?
Is It Generative AI's Fault, or Do We Blame Human Beings?

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.com, you agree to our use of cookies.