this post was submitted on 17 Nov 2023
1091 points (97.8% liked)
A Boring Dystopia
9552 readers
234 users here now
Pictures, Videos, Articles showing just how boring it is to live in a dystopic society, or with signs of a dystopic society.
Rules (Subject to Change)
--Be a Decent Human Being
--Posting news articles: include the source name and exact title from article in your post title
--Posts must have something to do with the topic
--Zero tolerance for Racism/Sexism/Ableism/etc.
--No NSFW content
--Abide by the rules of lemmy.world
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
What’s a FedRAMP?
It's the authorization a company has to have before their systems can access/store federal government data.
The National Institute of Standards and Technology (NIST) has the 800-53 which is a ~500 page document that's just a list of controls that must be followed, and companies have to get audited once a year to make sure they complied with the controls the previous year.
The fun part is that most of the controls are worded super vaguely, and you're at the mercy of the auditor's interpretation of them.
I know one of the people who is an author of 800-53.
It was funny since an auditor was arguing with her. The auditor said I know this better than you do.
She replied back, I wrote it then showed her named in the credits.
That's pretty great. I had to go full Karen on our auditors to speak to their supervisors because apparently the NIST definition of a term doesn't matter if the auditor feels differently. And it was actually an unambiguous definition.
The worst part is the auditor still claimed they knew it better than the person who wrote it.
We got them removed as that’s a level of arrogance that can’t be tolerated.
What does this auditor gig pay?
I would assume six figures. They were an outside audit firm.