Nonprofit organization StateRAMP will open membership next month, according to GCN.
StateRAMP, which will provide state and local governments with cloud security verification services, hopes to standardize and improve efficiency of cloud service providers and other similar agencies. The organization will have six security statuses, while a StateRAMP Marketplace will include a list of providers with FedRAMP authorization, CSPs that have a StateRAMP security status and third-party assessment organizations approved by StateRAMP.
“I think what it offers us in state government is this collective approach, both within our state through this uniformity at the agency level or at the contract level, but then across the country, by putting states on this very solid footing with respect to CSPs and all of the cyber risk management concerns that flow from those relationships,” said Ted Cotterill, state chief privacy officer in Indiana and StateRAMP board member.
Jill Aitoro leads editorial for SC Media, and content strategy for parent company CyberRisk Alliance. She 20 years of experience editing and reporting on technology, business and policy.
Washington, D.C.'s Department of Insurance, Securities and Banking has disclosed that 800GB of data claimed to have been stolen by the LockBit ransomware operation was obtained from an attack against third-party software provider Tyler Technologies following the ransomware gang's threats to expose 1GB of the exfiltrated data to coerce the agency into providing the demanded ransom, reports The Record, a news site by cybersecurity firm Recorded Future.
Organizations could have their sensitive information compromised through a high-severity vulnerability in Google Cloud, Azure, and Amazon Web Services command line interface tools dubbed "LeakyCLI", The Hacker News reports.