Question about FedRAMP for small companies who have federal clients, how hard is it to handle?

old.reddit.com / @/u/kwirl, https://old.reddit.com/user/kwirl

So, we are a small company (<20 full time, plus a few contractors for software development, but we have clients all over the country that operate at various state and federal levels. A few clients have started asking about StateRAMP, but i don't really want to go that route, since we also work with government clients from time to time.

What is the process like for a single person (hi, its me) who is going to be overseeing pushing our software through the Li-SaaS baseline? Where do I start? I'm currently working on getting us CSA qualified, and i've already told the C-team that eventually we are going to have to pay for external audits and this will require ongoing support, so I'm undoing a lot of bad practices and want us to move forward the right way.

Am i wrong for thinking that I can handle the process of getting us started? I won't be doing the development, i'm just going to handle assessments and policy.

Thanks for any feedback!

submitted by /u/kwirl
[link] [comments]

published 4 months ago


Previous

The next SOX (2002) is coming. There's stuff going on BIGGER than Enron. It's about to go down!
published 5 months ago

Next

Tool for diagramming ABD and more.
published 4 months ago
See all items from the same source