Secureframe

Friday FAQ 🤔

It’s official: FedRAMP® has selected all the participants for the 20x Phase 2 Pilot, and Secureframe is proud to be one of them! 🏛️ Building on our success as one of the first to achieve FedRAMP 20x Low Authorization, we are now pursuing Moderate. This is a critical step in our mission to support our customers who need a streamlined, automated path to CMMC, FedRAMP, and other rigorous federal standards. By participating in Phase 2, we aren’t just helping shape the future of automated federal compliance. We’re also gaining and applying insights directly to our solution to help our customers in the public and defense sector get compliant faster and with less manual effort. We are honored to be part of this small, innovative cohort and want to congratulate our fellow participants, including Confluent, Filevine and Persona on their selection! 🤝 Read more about the Phase 2 pilot and participants here: https://hubs.li/Q03-T16C0

Another prediction: Phishing emails in 2026 will look nothing like the emails of the past. 🎭⚠️ As AI-powered social engineering becomes indistinguishable from legitimate communication, IT leaders are being forced to rethink their entire defense strategy. Our VP of Information Security, Marc R., highlights how IT leaders are being forced to rethink their entire defense strategy due to AI-powered social engineering. Traditional detection, identity verification, and training isn't enough when attackers can clone voices and generate deepfake executive videos in seconds. Discover all the major challenges facing IT leaders this year via CIO Online: https://lnkd.in/dj8ByBFD

🤖 One of our predictions this year: 2026 will be the end of "vibe coding" and the start of AI governance enforcement. As organizations race to integrate AI coding assistants, many are inadvertently trading long-term security for short-term speed. Our founder and CEO, Shrav Mehta, warns that 2026 will be a year of reckoning for companies that fail to implement AI-specific governance frameworks now. Check out this and other bold predictions from leaders compiled by Inc. Magazine: https://lnkd.in/edJ55s3t

Your risk surface is no longer confined to your own walls. 🏢💻 With 1 of 3 breaches now linked to third-party access and global regulations like DORA and NIS2 raising the bar for operational resilience and supply chain security, third-party risk management is no longer optional. To ensure you understand this strategic imperative, we’ve compiled over 100 essential TPRM statistics and trends for 2026. Check out the list here: https://lnkd.in/eUpzwwvn

Friday FAQ 🤔

🎉 We are thrilled to announce that our customer North Star Carbon & Impact | Certified B Corp has officially obtained their SOC 2 Type II report after completing an audit with Sensiba LLP. By achieving this milestone, North Star Carbon & Impact is proving that the easiest-to-use carbon management software is also among the most secure. Congratulations to the entire team on demonstrating your unwavering commitment to protecting the sensitive ESG data of enterprises worldwide. We look forward to our continued partnership in 2026!

"Can we just get a waiver for CMMC?" It’s the question many subcontractors are asking, but the answer for most is no. Northrop Grumman recently clarified the reality of CMMC to their supply chain in a letter explicitly stating: “Neither contracting officers nor prime contractors may waive or deviate from CMMC requirements.” What this means: Waivers are not a lifeline for subs that have delayed CMMC certification. They are rare exceptions reserved for mission-critical emergencies. So if you're playing the "wait-and-see" game, you are risking your eligibility for existing or new contracts and leaving national security data at risk. We’re breaking down the 7 biggest misconceptions about CMMC waivers and why immediate and proactive preparation for Level 2 (C3PAO) is the only path forward: https://lnkd.in/dr7SR-_m

Think you can continue to delay CMMC readiness until Phase 2 of the CMMC rollout? Think again. Under the DoD DFARS final rule, prime contractors are now contractually required to flow down CMMC requirements to every subcontractor handling sensitive unclassified data on their behalf. That means: primes aren't just responsible for their own compliance, but their entire supply chains. That's why Northrop Grumman, Lockheed Martin, Boeing, Raytheon, and Elbit Systems have already: ✅ Updated supplier portals and website pages ✅ Sent out supplier questionnaires asking about CMMC status ✅ Issued supplier updates explaining minimum CMMC requirements Find a complete breakdown of how these primes are enforcing CMMC compliance and the actual supplier notices: https://hubs.li/Q03ZDlM20

Insights from Secureframe's Cybersecurity and Compliance 2026 Benchmark Report were featured in Government Technology's Top 26 Security Predictions for 2026. This second installment completes the comprehensive annual look at the global cybersecurity landscape, bringing together industrywide security predictions, forecasts, and trends to ensure you're prepared for this year. Stay ahead of the curve by reading key insights from our report and others compiled by Dan Lohrmann here: https://lnkd.in/dyB6crF4