Webcast: Building trust and transparency through SOC 2 reporting
If you are doing business with the Federal Government, the opportunity is huge, but so are the multiple compliance requirements which must be met. Understanding the shifting landscape of Federal IT legislation, including the Federal Information Security Management Act (FISMA) and the Federal Risk and Authorization Management Program (FedRAMP) is critical. Navigating regulation and controls the first time can be challenging. However, done correctly, it can pave the way to significant business for your company.
Compliance with the Federal Information Security Management Act (FISMA) is required of all federal agencies and all commercial entities that provide services to the Federal Government. Companies must have a control environment that meets FISMA requirements, which include required documentation. Additional federal regulations beyond FISMA may also be applicable.
With deep federal regulatory, compliance, and controls experience, PwC’s Federal Regulatory Assurance team can be the right partner for you. As federal compliance is often part of broader compliance challenges, we partner with PwC’s Integrated Compliance team to maximize our value to clients.
Roughly 25% -- or $20B of federal IT spending is earmarked for cloud computing migration as per the Cloud First mandate.
Commercial cloud service providers (CSPs) must meet Federal Risk and Authorization Management Program (FedRAMP) requirements. FedRAMP standardizes the approach to cloud-related security assessments, authorizations, and ongoing monitoring.
PwC is an accredited FedRAMP 3PAO (Third Party Assessment Organization), enabling us to perform cloud security assessments. Our FedRAMP team includes cloud security, federal regulatory, and controls professionals. Partnering with PwC’s Cloud Assurance team, you will be well-prepared to meet federal cloud compliance requirements.
Define security needs
Determine NIST SP 800-53 control requirements
Create required documentation
Monitor and sustain compliance
Develop a federal regulatory roadmap and compliance framework
Tailor your offering to FedRAMP requirements
Understand the relationship of NIST SP 800-53 control requirements to your environment
Perform self-assessments and gap analyses
Develop and execute a comprehensive, continuous monitoring program
Produce documentation to support assessments
Generate awareness and develop training programs
PwC’s Cloud Assurance practice applies a cloud lifecycle approach using the customer’s cloud services. This approach enables comprehensive cloud security and risk management across the enterprise’s own business workflow.
The world of computing has changed, and executives have begun to realize that shadow cloud activity cannot be ignored. At the same time, realizing the benefits of the cloud with more confidence about the risks and rewards depends on knowing how to prudently say “yes” to the cloud.
SOC Reporting Framework for fintech organizations.