FedRAMP Audits

Demonstrate compliance with NIST SP800-53 IA-7, SC-12 and SC-13 cryptography requirements

Supplying cloud-based services to the Federal Government requires compliance with the FedRAMP standards. These cover a host of security issues, but in particular make requirements on cryptography: you have to use FIPS 140-2 validated modules wherever cryptography is needed. Cryptosense Analyzer Platform can make compliance easy: first, by identifying all non-compliant cryptography in an application, and then, after remediation, by providing an audit report showing where compliant cryptography is used.

FIPS Compliance & FedRAMP Audits

Learn about the FedRAMP cryptography requirements and why compliance is not as simple as adding a new crypto provider, particularly when using software cryptography in Java.

Our FIPS Cryptography Cheat Sheet summarizes the requirements on cryptography an application must respect if it is to use only FIPS 140 approved cryptographic modules.

download fips cheat sheet

Simplify Cryptography Compliance

Easily demonstrate compliance with IA-7, SC-12 and SC-13 cryptography requirements using Cryptosense's Analyzer Platform.

request free trial

Popular Compliance Blog Articles

What is Cryptography Lifecycle Management and Why do I need it?

Sam Ross-Gower

Cryptography is an essential enabling technology for modern business: without it we would not be able to protect our sensitive data or carry out authentication. When perfectly implemented and maintained, cryptography provides security we can rely on. However, detailed errors in its usage can lead to total loss of protection, and our increasing reliance on cryptography means that these mistakes now carry significant financial and reputational risks.

READ ARTICLE ->

When Certificates Attack: Shadow Certificates

Jarred McGinnis

Shadow certificates are more likely than you think. It is as if the nails and screws used to build a house end up being what makes the house fall down. Briefly, shadow certificates refer to digital certificates that have been introduced by employees that the DevOps or SecOps teams are unaware of.

READ ARTICLE ->

Which Algorithms Are FIPS 140-3 Approved?

Graham Steel

The new 3rd revision of the FIPS 140 standards for Cryptographic Modules is an effort to align the NIST-managed standard with its ISO counterpart ISO 19790(2012).

READ ARTICLE ->

FedRAMP and FIPS 140-2 Cryptography

Graham Steel

If you want to supply cloud-based services to the US Federal Government, you have to get FedRAMP approval. This certification process covers a whole host of security issues, but is very specific about its requirements on cryptography: you have to use FIPS 140-2 validated modules wherever cryptography is needed...

READ ARTICLE ->
More compliance articles on the blog