Schellman

AI agents are changing the industry -- but until now, there hasn’t been a clear way to independently verify their risk. That changes today. Schellman is now the first accredited auditor for AIUC-1, the security standard built specifically for AI agents. Why this matters: 🔷 Moves AI assurance beyond policies to how agents actually behave 🔷 Creates a common, auditable benchmark for agentic AI 🔷 Gives enterprises and AI builders a shared, credible trust signal For enterprises: clearer vendor evaluation, less procurement friction. For AI builders: proof of enterprise-readiness that helps deals move. 🔗 Full announcement in comments 🔗 #AI #AgenticAI #AIAssurance #AIUC1 #Cybersecurity #TrustworthyAI

FedRAMP is rewriting the playbook for federal cloud authorization. For over a decade, cloud providers with strong commercial compliance programs couldn't crack federal because FedRAMP required starting over. Even if you had SOC 2, ISO 27001, or HITRUST, you faced 400+ controls, agency sponsorship bottlenecks, and no way to demo your solution. FedRAMP's proposed updates change that. 🔷 Your existing compliance work now maps to FedRAMP 20X requirements. 🔷 Level 1 authorization lets agencies pilot your solution for 12 months. 🔷 Rev 5 removes the sponsorship requirement entirely. The work you've already done opens a market that was previously out of reach. These changes are in public comment, but the direction is clear. Federal is expanding who can participate. Our Federal Practice Leader Matt Hungate and National Managing Partner Doug Barbin explain what this means for cloud providers. ▶️ Watch the full video here: https://lnkd.in/g5J_h9My #FedRAMP #CloudSecurity #FederalCompliance #CloudComputing

It's #DataPrivacyWeek, and 2026 is shaping up to be the year privacy compliance gets real. The education phase is over. Regulators worldwide are shifting from guidance to enforcement, and they're expecting more than policies on paper. They want evidence: automated data maps, AI risk assessments, privacy-by-design workflows, and proof your controls actually work. Organizations building mature privacy programs now are positioning themselves for competitive advantage. Here's what's changing fast: 🔷 New privacy laws across the U.S., APAC, LATAM, and Africa are taking effect 🔷 AI governance and privacy requirements are converging 🔷 Cross-border data transfers face tighter scrutiny → Consent standards are getting stricter 🔷 Third-party risk management is now table stakes The organizations that will thrive in 2026 are building privacy programs that are data-driven, risk-based, AI-aware, and globally adaptable. Our latest article breaks down the 7 privacy trends defining 2026 and what to do about them: https://lnkd.in/gTu2AFh4 #DataPrivacy #AIGovernance #GRC

AI governance might look good on paper, but the real test is what happens when auditors and regulators ask for proof. Our Principal Danny Manimbo is speaking at the Opal Group Corporate Governance & Ethics Conference next week on "Inside the Audit: How AI Governance Holds Up Under Scrutiny." This isn't about crafting better policies. It's about what happens when someone walks in and starts asking for evidence. Danny's bringing real assurance perspective to answer those questions. If you're in the D.C./VA/MD area and responsible for AI governance, you won't want to miss this session. #AIGovernance #CorporateGovernance #AI #Audit #RiskManagement

Proud moment for the CrowdStrike team — congratulations on achieving ISO 42001 certification! Thank you for trusting us to be part of this journey. We're honored to work with organizations setting the standard for responsible AI in cybersecurity.

CMMC certification becomes a contract reality in 2026. Are you ready?   Schellman is proud to sponsor CUI-CON 2026, and our team will be on-site February 11-13 in Orlando to help DoD contractors navigate what's ahead.   Marci Womack, Managing Director from our Federal Practice, joins the "Lessons from the Assessors" panel on February 13 at 11:00 AM. This is the inside perspective you don't get anywhere else: what actually happens during assessments, where organizations get stuck, and honest answers to the CMMC questions keeping contractors guessing. Register with our discount code and see the full agenda here: https://cui-con.com/   Our team will be there all three days -- find us and ask the hard questions. See you in Orlando!   #CUICON #CMMC #CUI #NISTSP800171 #DoD

Last call! If CMMC is on your radar in 2026, you won't want to miss today's session. CMMC certification is more than checking boxes. It requires clear scoping, disciplined implementation, and understanding how assessments actually work. Schellman and risk3sixty are going live today to cover: 🔹 Framework essentials: Requirements, levels, timelines 🔹 Implementation: Practical steps and what to avoid 🔹 Certification: What assessors look for and common pitfalls CMMC on your 2026 roadmap?👉 Register now: https://lnkd.in/gJrJCfJj

FedRAMP® just signaled one of the biggest shifts in federal cloud authorization in years.   Last week's Requests for Comment (RFCs) aren't just proposals. They're a roadmap, and cloud service providers need to pay attention now.   Top three takeaways from what's being proposed:  🔹 There's a new fast lane to the federal market: "FedRAMP Validated Level 1" would let agencies pilot low-risk services if you already have SOC 2 Type II, ISO 27001, HITRUST, or other qualifying assessments. It's time-limited and not full authorization, but it gets your product in front of agencies much earlier.   🔹 For Rev 5, the bottleneck could shift from sponsorship to readiness: FedRAMP is proposing a sponsor-free path, with complete packages due by December 16, 2026. No extensions. The tradeoff? Higher expectations: full assessments, machine-readable packages, and continuous monitoring. If you're ready, this could be your opening.   🔹One-size-fits-all is over: FedRAMP is moving toward faster, more targeted, data-driven authorizations. Automation and reuse are the future. Providers who adapt early will have a real advantage.   Our Federal Practice Leader, Matt Hungate, breaks down what this means for CSPs in the video below. Ready to explore your FedRAMP roadmap? Learn more at https://lnkd.in/gp-ygXKr   #FedRAMP #CloudSecurity #Compliance #CloudComputing #GRC

"The time is always right to do what is right." - Dr. Martin Luther King Jr. Today we honor Dr. King's legacy and reflect on his enduring call to action. His vision of justice, equality, and community wasn't just about changing laws, it was about transforming hearts, minds, and systems. As we pause to reflect, we also recommit. Progress doesn't happen by accident. It requires intention, action, and each of us doing our part.

Do you have questions about FedRAMP 20x? You've come to the right place! Tap below for an explanation of the changes and how they impact CSPs who are either pursuing FedRAMP authorization or already have it. 📝: Matt Hungate 🔗: https://hubs.ly/Q03-MLVm0