All Episodes
Displaying 1 - 20 of 71 in total
Episode 1 — Navigate the FedRAMP Landscape
FedRAMP—short for the Federal Risk and Authorization Management Program—is the U.S. government’s standardized approach to security assessment, authorization, and conti...
Episode 2 — Essential Terms: Plain-Language Glossary
Clarity with core terminology speeds every step of a FedRAMP effort. This episode defines the terms you will hear in meetings, read in templates, and see on exam quest...
Episode 3 — Clarify Roles and Authorizations
Understanding who authorizes, who assesses, and who operates the system is foundational to planning and communication. This episode explains the responsibilities of th...
Episode 4 — Build Your Audio Study Plan
A focused study plan turns a sprawling topic into a manageable sequence that builds confidence. In this episode, you will structure your prep around recurring FedRAMP ...
Episode 5 — Trace the SAF Lifecycle
The Security Assessment Framework (SAF) describes how a cloud system moves from preparation through authorization to ongoing compliance. This episode traces that lifec...
Episode 6 — Differentiate JAB and Agency
This episode explains the practical differences between pursuing a Joint Authorization Board (JAB) Provisional Authorization to Operate and working with a single feder...
Episode 7 — Clarify Shared Responsibility Matrix
This episode focuses on building a defensible Shared Responsibility Matrix (SRM) that prevents gaps between a cloud service provider, the underlying platform, and fede...
Episode 8 — Map Authorization Boundaries Effectively
Here we establish what belongs inside your authorization boundary, what lies outside, and how to depict trust relationships so assessors can understand exposure and co...
Episode 9 — Classify Data with FIPS 199
This episode explains how to perform impact categorization using Federal Information Processing Standards Publication 199 and why that categorization drives almost eve...
Episode 10 — Select Appropriate Security Baselines
In this episode, we show how to select and tailor the correct control baseline for your system’s categorized impact level, then connect that selection to FedRAMP’s spe...
Episode 11 — Apply FedRAMP Tailored for SaaS
FedRAMP Tailored provides a streamlined authorization path for low-impact Software as a Service offerings that meet specific criteria, such as not storing personally i...
Episode 12 — Leverage Inheritance and External Services
Inheritance allows a cloud system to reuse implemented controls from another authorized environment, reducing duplication while maintaining traceability. This episode ...
Episode 13 — Quick Recap: Getting Oriented
This recap episode consolidates the groundwork covered so far—landscape awareness, terminology, roles, frameworks, and baseline logic—into a cohesive mental model. We ...
Episode 14 — Master the SSP Structure
The System Security Plan, or SSP, is the centerpiece of every FedRAMP authorization package. This episode explains its purpose as both a technical specification and a ...
Episode 15 — Write Clear Control Implementations
Clarity and precision in control implementation statements determine how smoothly assessments proceed. In this episode, we define the qualities of a strong control nar...
Episode 16 — Apply FedRAMP Control Parameters
FedRAMP control parameters are the adjustable settings that translate broad NIST control intent into precise, testable requirements for your system. This episode expla...
Episode 17 — Define System Environment Details
Environment details ground your authorization story in concrete reality by describing where the system runs and how its components behave under normal operations. This...
Episode 18 — Document Interconnections and Dependencies
Interconnections and dependencies explain how your system exchanges data and relies on other services, which is central to evaluating exposure and shared risk. This ep...
Episode 19 — Assemble Required SSP Attachments
Attachments turn narrative claims into tangible evidence by collecting diagrams, inventories, agreements, and supporting records that reviewers can examine independent...