Google’s $500 million acquisition of Israel-based startup Siemplify is supposed to help the company bolster its own cloud security initiative, Chronicle, according to a report from Reuters. In a blog post announcing the deal, Google describes Siemplify as a security orchestration, automation, and response (SOAR) organization and plans to integrate its capabilities into Chronicle.“SIEMPLIFY… Read more

A frequently asked compliance question among government contracts firms is whether they are required to register under the International Traffic In Arms Regulations (“ITAR”). ITAR are the State Department controls that regulate defense products, technical data and services.  Under ITAR 22 CFR §122.1, parties that manufacture, export or temporarily import “defense articles” or furnish “defense services” are required to register with the Directorate of Defense Trade Controls (“DDTC”) within the State Department. … Read more

I often encounter misconceptions about the International Traffic in Arms Regulations (ITAR). Among the biggest sources of confusion is registering as a Manufacturer, Exporter or Broker under the ITAR. Let’s clear up the confusion and shed some light on the matter.… Read more

The FedRAMP PMO fields a number of questions about impact levels and the security categorization of cloud services. Federal Information Processing Standard (FIPS) 199 provides the standards for categorizing information and information systems, which is the process CSPs use to ensure their services meet the minimum security requirements for the data processed, stored, and transmitted on them.… Read more