Strategies and Challenges of Multi-Framework Compliance Application Environments

Maintaining compliance with the requirements of a compliance framework such as FedRAMP or PCI DSS can be challenging on their own.  Adding additional compliance requirements presents a special set of challenges for business system owners. You as a digital agency or development shop are going to be on the front line of not only answering those questions about compliance and how you meet them but also how the overall system meets those controls. While developing the site for this type of system owner, there are several key factors that need to be considered that could impact architectural decisions and how you deal with this data either in transit or at rest. 

This session will provide an overview of the challenges presented by operating in a multi-framework environment, and will outline strategies that can be used in order to alleviate some of these challenges.

After completing this session, attendees will be able to

1. Determine applicable strategies to reduce workload related to multiple compliance frameworks.
2. Reduce duplicated work often associated with supporting multiple compliance frameworks at once.
3. Map evidence across frameworks to reuse documentation.
4. What to prepare for as an digital agency or dev shop that deals with compliance.
5. How and what compliance means to you after the site is deployed.

The presenters of this session are employed by BlackMesh, which maintains environments compliant with FedRAMP Moderate, FISMA Moderate, PCI DSS (including Level 1 merchants and a variety of SAQ merchants), HIPAA, and SOC 2, among others.  They have over 20 years of experience in the hosting, security, and compliance spaces.