Events , Government , Industry Specific

Making Sense of FedRAMP and StateRAMP

Tony Bai of A-LIGN Discusses the Changes, Differences in the Two Standards
Tony Bai, director, federal practice lead, A-LIGN

Changes to Federal Risk and Authorization Management Program regulations will have a major impact on cloud services providers, compliance and cybersecurity controls, said Tony Bai, director and federal practice lead at A-LIGN. Bai offers insight on navigating the U.S government authorization requirements as well as the State Risk and Authorization Management Program.

The role of A-LIGN is to improve its customers' abilities to obtain the authorization frameworks by helping them understand what the process involves and by identifying their issues of compliance, Bai said.

"Unfortunately, dealing with any level of bureaucracy, there are going to be fits and starts to any project," Bai said, adding that A-LIGN always seeks to be a trusted partner.

In this video interview with Information Security Media Group at RSA Conference 2023, Bai also discusses:

  • Recent and proposed changes to FedRAMP authorization;
  • Differences between FedRAMP and StateRAMP;
  • How A-LIGN helps its government customers gain FedRAMP and StateRAMP authorization.

Bai has over 27 years of IT experience, specializing the last 10 years in cybersecurity. His expertise includes providing risk assessments for government agencies and Fortune 500 companies across multiple industries. Prior to A-LIGN, Bai served as director of federal cybersecurity and IT risk management services at Imagine IT.

About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.