I'm trying to understand why I would choose a regular AWS endpoint over FIPS. I know why and when I have to use FIPS. Given that I have a subset of customers that require it, why not just use it for all customers? One would hope if the ciphers in FIPS are good enough for the government, they're good enough for regular use.

#InfoSec #FIPS #FedRamp #AWS

Don't wait for your 3PAO audit to find out you're non-compliant.
We've built a FedRAMP Requirements Checklist specifically for containerized environments. It covers:
• The new 30-day scanning window
• Hardened base image requirements
• Continuous Monitoring (ConMon) automation
Download the checklist and start your pre-assessment today.
https://go.anchore.com/fedramp-vulnerability-scanning-checklist-containers/

#FedRAMP #DevSecOps #SBOM #NIST #Cybersecurity #PublicSectorIT

"Weeks versus the more typical months."
That's how Cisco Umbrella accelerated their FedRAMP Agency ATO using Anchore on AWS.
By automating vulnerability scanning and utilizing our built-in FedRAMP policy packs, they tackled four compliance hurdles in parallel:
🔹 FedRAMP
🔹 STIG
🔹 FIPS
🔹 EO 14028
Check out the full case study to see how they did it. https://anchore.com/blog/how-cisco-umbrella-achieved-fedramp-compliance-in-weeks-blog/

#FedRAMP #DevSecOps #SBOM #NIST #Cybersecurity #PublicSectorIT

In 2024, the industry learned what an SBOM was. In 2026, the Public Sector is demanding we use them effectively.
Under EO 14028, every container needs a clear pedigree. But managing thousands of SBOMs can become a data nightmare.
Anchore makes it seamless:
✅ Automated generation (Syft)
✅ Continuous vulnerability scanning (Grype)
✅ Drift detection between build and runtime
Visit top 10 SBOM blogs: https://anchore.com/blog/the-top-ten-list-the-2025-anchore-blog/

#FedRAMP #DevSecOps #SBOM #NIST #Cybersecurity #PublicSectorIT

Stop translating NIST 800-53 controls into manual checks. 🛑
For teams deploying containers in Federal environments, compliance often feels like a bottleneck. It doesn't have to be.
Anchore Enterprise's FedRAMP Policy Packs automate the validation of your container images against NIST 800-53 Rev 5 and NIST 800-190 controls before they ever hit production.
Pass/fail signals integrated directly into your CI/... https://docs.anchore.com/current/docs/compliance_management/policy_packs/fedramp/

#FedRAMP #DevSecOps #SBOM #NIST #Cybersecurity #PublicSectorIT

RE: https://mastodon.social/@arstechnica/116251396219143666

Microsoft is actively hiding and suppressing this article from Bing search results. Try searching for "fedramp microsoft site:arstechnica.com" (without quotes!). This also impacts search engines such as DuckDuckGo.

Copilot also seems to be blocking anything related to "Microsoft" "FedRAMP" and "certification", although this could be an issue on my end with failing Cloudflare bot checks.

#Microsoft #Bing #FedRAMP #DuckDuckGo #InfoSec

Federal Cyber Experts Thought Microsoft’s Cloud Was “A Pile Of Shit.” They Approved It Anyway.

https://fed.brid.gy/r/https://www.techdirt.com/2026/04/01/federal-cyber-experts-thought-microsofts-cloud-was-a-pile-of-shit-they-approved-it-anyway/

FedRAMP is moving faster than ever. With the new "FedRAMP 20x" initiative and the shift toward Rev 5, the days of manual spreadsheets and quarterly reviews are gone.
If you're managing containerized workloads, the 30-day scanning window isn't just a suggestion—it's a requirement for your ATO.

Are you prepared for the new pace of federal compliance?

We've compiled the most common questions into our FedR... https://anchore.com/fedramp/fedramp-overview/
#FedRAMP #DevSecOps #SBOM #NIST #Cybersecurity #PublicSectorIT