The 38North Security Podcast

GovRAMP: Why It’s a Smart Growth Move for Cloud Providers

7 min · 16 de may de 2025
Portada del episodio GovRAMP: Why It’s a Smart Growth Move for Cloud Providers

Descripción

This is Part 2 of the GovRAMP Mini-Series. In this episode, we’re digging into the big question: Why would a cloud provider pursue GovRAMP in the first place?  We’re joined by Jeremiah Thompson, 38North Security's VP of IT and Cloud Solutions. We also have Matt Strasburg, Manager of our Cloud Security Advisory practice. Jeremiah’s been in the compliance world for years and brings a pragmatic, strategic lens to why GovRAMP is gaining traction—not just for security reasons, but for smart market growth. Matt, on the other hand, has been pivotal in standing up similar federal programs in past years.

Comentarios

0

Sé la primera persona en comentar

¡Regístrate ahora y únete a la comunidad de The 38North Security Podcast!

Empezar

2 meses por 1 €

Después 4,99 € / mes · Cancela cuando quieras.

  • Podcasts exclusivos
  • 20 horas de audiolibros / mes
  • Podcast gratuitos

Todos los episodios

6 episodios

Portada del episodio FedRAMP 20x Is Here: The Six Changes That Matter Most

FedRAMP 20x Is Here: The Six Changes That Matter Most

With FedRAMP's Consolidated Rules for 2026 being final, FedRAMP 20x is officially here.  That changes how cloud service providers enter FedRAMP, define scope, prove security, maintain certification, and work with federal agencies. In this episode, Ingrid Velasquez-Woodley speaks with Sam Leestma, Vice President of Solutions Engineering, and Spence Witten, Principal Consultant at 38North Security, about the six parts of CR26 most likely to affect cloud providers and agencies. Topics include: * How the new certification classes differ from the Rev. 5 impact levels * Whether Minimum Assessment Scope will actually reduce cost and complexity * Why Key Security Indicators may provide better assurance than point-in-time evidence * Whether the Security Decision Record could become the next oversized compliance document * What VDR and VER require before the December 7, 2026 deadline * Why existing Rev. 5 providers may struggle with vulnerability automation * How ongoing certification differs from continuous validation * Whether annual assessments should become less burdensome * Why CR26 limits agencies from creating their own parallel FedRAMP requirements * What the major CR26 transition dates mean for providers * What CSPs considering 20x—and those already holding Rev. 5 certifications—should do now The discussion also covers where FedRAMP got the model right, where the final rules still create uncertainty, and how implementation by agencies, assessors, and providers will determine whether CR26 actually reduces duplication and improves security visibility. Important dates discussed: June 24, 2026 — CR26 becomes final July 4, 2026 — Optional early adoption begins July 28, 2026 — FedRAMP Ready becomes a legacy designation August 3, 2026 — Class A applications open August 10, 2026 — Limited Rev. 5 Class B and C transition pathways open August 31, 2026 — 20x Class B and C applications open December 7, 2026 — VDR and VER become mandatory January 1, 2027 — Broader mandatory CR26 adoption begins June 11, 2027 — FedRAMP stops accepting new Rev. 5 certification applications Explore more FedRAMP 20x insights from 38North Security:  https://38northsecurity.com/fedramp-20x/   Explore 38North Security’s FedRAMP services: https://38northsecurity.com/security-compliance/north-america/fedramp/ #FedRAMP #FedRAMP20x #cloudsecurity #cybersecurity #govtech  #38NorthSecurity #federal #cloudsecuritypodcast

2 de jul de 20267 s