Securisea Resources

On March 11, 2024 the Cybersecurity Infrastructure Security Agency (CISA), released the final version of its common Secure Software Development Attestation Form. 

If your organization sells software to the US government, this release has some extremely important implications. 

The form is being used by Government agencies to fulfill requirements set forth in recent OMB memorandum requiring those agencies to ensure that the software they use is secure by requiring attestations from software developers. 

“Failure to provide any of the information requested may result in the agency no longer utilizing the software at issue. Willfully providing false or misleading information may constitute a violation of 18 U.S.C. § 1001, a criminal statute.” - CISA

The release of the final Secure Software Development Attestation Form triggered a countdown wherein agencies need to begin collection of the forms within three months for “critical software” and within six months for all other software.

• “Critical Software” Deadline - June 11, 2024
• All other Software Deadline - September 11, 2024

Reference: https://www.whitehouse.gov/wp-content/uploads/2023/06/M-23-16-Update-to-M-22-18-Enhancing-Software-Security-1.pdf

The self-attestation form states that “A third-party assessment must be performed by a Third Party Assessor Organization (3PAO) that has either been FedRAMP certified or approved in writing by an appropriate agency official. The 3PAO must use relevant NIST Guidance that includes all elements outlined in this form as part of the assessment baseline.

Securisea is a FedRAMP 3PAO (Third Party Assessment Organization) with 18+ years’ experience helping organizations certify their ability to meet stringent security standards. In May 2020, A2LA accredited Securisea as the first FedRAMP 3PAO to be certified through a new process that requires organizations to first become accredited by A2LA's Cybersecurity Inspection Body Program, demonstrate compliance with cybersecurity program requirements for a year, and then transitioning to the FedRAMP program. 

Frequently Asked Questions:

1. Has Securisea conducted any CISA Secure Software Development Attestation assessments? Can Securisea evaluate conformance to all elements in this form? Yes - we have conducted CISA Secure Software Development Attestation assessments for other organizations. 
2. As a 3PAO, is Securisea able to use relevant NIST Guidance that includes all elements outlined in this form as the assessment baseline? Yes - we are able to use relevant NIST Guidance in completing this form. 
3. What is Securisea’s process for conducting the assessment? Our process involves interviewing an organization’s software engineers and reviewing the output of their various procedures that address each of the attestation form's requirements.
4. Approximately how long does each attestation take? The overall timeline will depend on how organized and responsive your organization can be throughout the process, but on average can be completed in just a few months.

Why Securisea?

Securisea is one of only a handful of audit firms in the world certified to provide CSA STAR, ISO27001 and 27701, SOC2, SOC1, PCI DSS, FedRAMP/StateRAMP 3PAO, HITRUST & HIPAA assessments all under one roof. Their integrated compliance approach allows clients to leverage existing security controls from other frameworks directly into each engagement, reducing overhead and work duplication. 

• Broadly certified and trusted by clients
• 18+ years of successful engagements 
• Remote presence across the US & Canada
• Capable and experienced technical team
• Strive toward client satisfaction
• Engagement process structured toward maximum simplicity
• Flexibility with existing systems, tools, and with scheduling
• Awarded a seat as a GEAR Advisor by PCI Council

‍

Altair selected Securisea in 2023 to support its ISO/IEC 27001:2022 initial certification audit. Previously, Altair achieved various other compliance certifications, but this was its first foray into ISO 27001. As a global technology company, Altair takes information security seriously and sought achieving ISO 27001 certification to follow the latest global information security frameworks. Additionally, for Altair’s enterprise-level customers, having ISMS certification is becoming more important. In a world where the security boundaries between client and vendor are blurring, an ISMS demonstrates Altair's commitment to information security.
‍

Altair told our team that they had seen many different platform options for assisting with ISO 27001 certification, but they wanted experienced, talented people working on their audit - not just a software platform. They shared that they were looking for collaborative auditors who would both give them a “fair crack of the whip” to drive good business behaviors, but at the same time provide the guidance and feedback they needed to ultimately achieve certification at the end of the process. 
‍

Our team at Securisea thoroughly enjoyed working with Altair. The audit process presented some real logistical and language challenges, which we were able to accommodate with ease. Altair has over 3,000 engineers, scientists and other team members spread across 29 countries. They have experienced, tenured professionals that were prepared, and able to quickly tackle any roadblocks that we discovered along the way. Securisea has personnel on the ground globally, which allows us to quickly adapt to country-specific needs and requests, while remaining agile and moving the certification process forward in a timely manner. 
‍

Despite their rapid growth, many acquisitions, and large global footprint, Altair has a tremendous open and collaborative culture, with some very security-minded controls in place that made this team a pleasure to work with, and we can’t wait to tackle our next project together. 

Firm offers SOC2, ISO + CSA STAR Audits

(Annapolis, MD, May 28, 2024) Securisea, a leading provider of security and compliance services, announced today that they have achieved CSA STAR Attestation (Security, Trust, Assurance and Risk) Auditor Listing from the Cloud Security Alliance. STAR encompasses the key principles of transparency, rigorous auditing, and harmonization of standards outlined in the Cloud Controls Matrix (CCM). Publishing to the registry allows organizations to show current and potential customers their security and compliance posture, including the regulations, standards, and frameworks they adhere to.

Securisea is one of only a handful of audit firms in the world certified to provide CSA STAR, ISO27001 and 27701, SOC2, SOC1, PCI DSS, FedRAMP/StateRAMP 3PAO, HITRUST & HIPAA assessments all under one roof. Their integrated compliance approach allows clients to leverage existing security controls from other frameworks directly into each engagement, reducing overhead and work duplication. 

Founded in 2006, Securisea provides audit support for organizations of all sizes, from startups to some of the world’s most security-minded technology companies. Their customers rely on them to continue to evolve to meet an ever-changing security and compliance landscape, while maintaining a high level of expertise, responsiveness, and customer service to every unique engagement. 

“We are thrilled to be able to add STAR Attest Audit services to our expanding portfolio of security and compliance offerings,” said Josh Daymont, CEO of Securisea.

“Our clients choose us again and again because of the efficiencies they can achieve with multiple assessments through a single auditor. Expanding our offerings to include STAR Attestation Audits, in combination with our strong team of experts, will fuel our growth in the years ahead.”

About Securisea 

Securisea is a leading provider of security and compliance services, helping companies secure their sensitive data and systems. With a personalized approach to customer service and a deep understanding of the unique needs of large enterprise companies, Securisea has built a reputation for delivering reliable, effective, and efficient security and compliance solutions.

For more information, please visit http://www.securisea.com.

Contact Information:
Josh Daymont, CEO
sales@securisea.com
1 877-563-4230

San Francisco, CA (PRWEB) March 25, 2023 -- Securisea, a leading provider of security and compliance services, is proud to announce that it has become an approved HITRUST External Assessor. As a HITRUST External Assessor service provider, Securisea can now offer its clients a more comprehensive range of security and compliance services, including assessment and audit services associated with the HITRUST Assurance Program and the HITRUST CSF comprehensive security framework.

"We are extremely proud to have become an authorized HITRUST External Assessor," - Josh Daymont, CEO of Securisea.

Founded in 2006, Securisea has a wealth of experience in helping companies secure their sensitive data and systems. With a personalized approach to customer service and a deep understanding of the unique needs of large enterprise companies, Securisea has built a reputation for delivering reliable, effective, and efficient security and compliance solutions.

The HITRUST authorization demonstrates Securisea's commitment to providing its clients with the highest security and compliance standards. HITRUST is a leading healthcare information security framework and one of the industry's most widely recognized and respected security standards. The authorization ensures that Securisea has the knowledge, experience, and resources to help its clients meet the complex security and compliance requirements of the healthcare sector.

"We are extremely proud to have become an authorized HITRUST External Assessor," said Josh Daymont, CEO of Securisea.

"This is a testament to our team's hard work and dedication, and we believe that it will help us better serve our clients and meet their evolving security and compliance needs."

Adding HITRUST authorization to Securisea's portfolio of services enhances their team's ability to help security and technology executives at large enterprise companies ensure that their sensitive data is protected. With its commitment to providing personalized, high-quality security and compliance services, Securisea is well-positioned to help its clients navigate the rapidly changing security and compliance landscape.

About Securisea

Securisea is a leading provider of security and compliance services, helping companies secure their sensitive data and systems. With a personalized approach to customer service and a deep understanding of the unique needs of large enterprise companies, Securisea has built a reputation for delivering reliable, effective, and efficient security and compliance solutions.

For more information, please visit http://www.securisea.com
Josh Daymont, Securisea, http://www.securisea.com,
1 877-563-4230, sales@securisea.com

In June of 2018, A2LA initiated a new system for third-party assessment organizations (3PAOs) seeking to become FedRAMP accredited. Under this system, any organization seeking to become an accredited 3PAO must first become accredited to A2LA’s Cybersecurity Inspection Body Program. Organizations accredited to this program will spend approximately one year demonstrating their adherence to the requirements of the cybersecurity program before opting to transition to the FedRAMP program. This two-step process serves to first establish a level of more generalized technical competence in the cybersecurity field before organizations are considered for the more specialized FedRAMP program. We are pleased to announce that San Francisco-based information security company Securisea is the first company to achieve FedRAMP accreditation through this newly implemented A2LA process. 

Securisea is an information security company that provides a diverse array of consulting and training services. They gained their initial accreditation under the cybersecurity program in July of 2019, and thanks to promptness and diligence on their part they achieved FedRAMP 3PAO accreditation just under a year later. Securisea made the decision to pursue accreditation to A2LA’s cybersecurity program shortly after it was launched in 2018, and many other organizations have now also achieved accreditation. Several companies not seeking to become 3PAOs are also now accredited through the cybersecurity program, as it provides confirmation from an independent third party that the organization is competent and compliant, which serves as a valuable competitive advantage in their field. 

For those organizations like Securisea who are pursuing FedRAMP 3PAO accreditation, the newer two-phase approach streamlines and clarifies their overall process, in addition to supporting the stringent FedRAMP requirements. Accreditation to A2LA’s Cybersecurity Inspection Body Program establishes an organization’s competence in the cybersecurity field based on the requirements of ISO/IEC 17020, the international standard for inspection bodies, as well as the relevant program specific requirements. Maintaining this accreditation involves continuous monitoring that supports an organization’s readiness to move forward with the more stringent FedRAMP accreditation requirements. 

For more information about Securisea and the services they provide, please visit securisea.com. To learn about A2LA’s Cybersecurity Inspection Body Program and the FedRAMP 3PAO Accreditation Program, visit A2LA.org or contact us directly through our online contact form.