Short Answer: Our naming convention reflects our unique, high-impact approach to cybersecurity and compliance, but we understand it can be confusing at first glance.

Detailed Explanation:

• We use samurai-themed terminology (e.g., bladeRAMP, HANZO, and GENJI) to highlight our “cyber-samurai” mindset—dedication, precision, and mastery in tackling complex security challenges.
• While these names may seem whimsical, they each represent well-defined services with specific focus areas.
• Rest assured: our naming style doesn’t affect transparency or clarity in what we deliver—just ask us about any service, and we’ll be happy to break it down in simple terms.

Our offerings fall into three distinct categories:

• Advisory: Consultative and strategic guidance with no direct system changes.
• Implementation: Hands-on engineering to architect, deploy, or fix systems.
• Operations: Ongoing management, monitoring, and support to maintain your security posture over time.

Absolutely. We offer a modular approach:

• Mix & Match: Opt for full bladeRAMP or pick tailored services.
• For example, if you only need continuous monitoring, you can select GENJI; if you need only security operations support, HANZO is available.
• For ad-hoc engineering support, our Bitstream Merc service is a flexible option.

bladeRAMP is our “in-boundary” accelerator for FedRAMP compliance. It bundles two key components:

• HANZO for security operations (SecOps)
• GENJI for continuous monitoring (ConMon)
  This integrated approach provides a robust, all-in-one solution for your compliance and security needs.

We offer three main categories of services: Advisory, Implementation, and Operations.

1. Advisory Services
   • What It Is: Strategy, planning, and consultation without hands-on implementation.
   • When You Need It: Early-stage FedRAMP planning, refining security approaches, or documenting your environment without configuring systems directly.
   • Examples: FedRAMP readiness review, documentation “build,” compliance roadmaps, policy creation, and general guidance.
2. Implementation Services
   • What It Is: Hands-on technical and engineering work—everything from system configuration to remediating vulnerabilities and setting up new tools.
   • When You Need It: You’re ready to “do the work” and need technical experts to architect, deploy, or fix things alongside your team.
   • Examples: Infrastructure setup, security tool deployment, performance optimization, environment hardening, or any on-the-ground engineering support.
3. Operations/Managed Services
   • What It Is: Ongoing support, monitoring, and maintenance (for instance, the “ops” side during or after an audit).
   • When You Need It: 24/7 security monitoring, continuous compliance (ConMon), incident response, patch management, or monthly/annual FedRAMP updates.
   • Examples: Managed SIEM, vulnerability scanning, POA&M maintenance, real-time threat hunting, and alert management.

• bladeRAMP
  • Our flagship “in-boundary” solution designed to accelerate FedRAMP (and other frameworks) compliance and deployment.
  • Offers a one-stop platform for FedRAMP readiness, documentation, and operational monitoring.
  • Essentially our full suite combining both HANZO (SecOps) and GENJI (ConMon) under bladeRAMP.
  • Complete coverage that ensures you have robust security operations and continuous compliance monitoring all in one package.
• HANZO (Hyper Accelerated Network & Zone-Security Operations)
  • A SecOps-focused service for security monitoring, patching, incident response, threat hunting, and more.
  • Ideal if you have your own ConMon capabilities but want to bolster security operations.
• GENJI (Globally Enhanced Joint Intelligence)
  • A ConMon-centric service providing continuous monitoring, documentation updates, agency management, and compliance reporting.
  • Perfect for organizations needing FedRAMP oversight without taking on the day-to-day tasks themselves.

Short Answer: No.

Longer Answer:

• If you don’t want our “all-in-one” bladeRAMP solution, you can still get ad-hoc engineering support through our “Bitstream Merc” service (time-and-materials basis).
• bladeRAMP is best for organizations that want a streamlined path to FedRAMP with a pre-built environment, tooling, and integrated workflows.
• Bitstream Merc is ideal if you prefer a more piecemeal approach or already have a partial environment set up but need additional engineering muscle.

• Advisory (“Build”)
  • We help create the FedRAMP documentation package, refine your security approach, and guide you on achieving compliance.
  • We do not configure or directly implement technology; we provide strategic guidance, best practices, and documentation creation.
• Assessment (Audit) Support
  • Once your environment is ready for FedRAMP assessment, we help you navigate the 3PAO (Third Party Assessment Organization) process.
  • This includes clarifying control implementations, collecting evidence, bridging communication with auditors, and responding to any findings.
  • If you also need system changes or direct hands-on fixes mid-audit, then that falls under Implementation Services (ad-hoc engineering) or bladeRAMP.

• Ops During Audit
  • Involves a heightened focus on supporting the formal FedRAMP assessment or security audits.
  • Activities might include generating logs, evidence gathering, real-time fixes, or addressing auditor requests on-the-fly.
• Ongoing Ops
  • Day-to-day security management post-authorization: patching, incident response, threat monitoring, ConMon reporting, inventory management, etc.
  • Ensures you maintain compliance even after the initial FedRAMP stamp of approval.
  • Typically provided through our GENJI (Globally Enhanced Joint Intelligence) service, A ConMon-centric service providing continuous monitoring, documentation updates, agency management, and compliance reporting.

Short Answer: Each tool is chosen based on proven performance, FedRAMP readiness, and your unique compliance requirements.

Detailed Explanation:

• Splunk & CrowdStrike: We often deploy these for their robust threat detection and incident response capabilities. “Hybrid” here means parts of the solution may reside in your environment (on your own instances) while still leveraging cloud-based or SaaS functionality.
  • Agents are deployed in-boundary thus, hybrid deployment.
• PagerDuty: Primarily used for alert orchestration and on-call management. While not fully FedRAMP authorized, we can tailor its usage depending on your compliance tolerance and environment.
• Self-Hosted AD: Sometimes recommended to maintain tighter control over identity and access management within your FedRAMP boundary, though we can adjust if you prefer a different IAM approach.

• Potentially, yes. Licensing costs for certain commercial security tools can fluctuate as you scale. We aim to secure the best pricing and will collaborate with you on which tools are essential vs. optional.
• If you already have equivalent solutions, we can integrate those into our approach to minimize extra licensing costs.

• “Black” Tier: Typically our most comprehensive package, often including the full bladeRAMP stack with HANZO + GENJI. It’s designed for minimal internal overhead—ideal if you want everything handled by us.
• “Gold” or “Platinum”: Lighter services or fewer integrated tools, letting you keep some tasks in-house.
• Key Point: We can tailor the level of service to align with your budget, internal capabilities, and compliance roadmap. If you don’t need ongoing Ops, you’re not forced to buy it.

• Purely Advisory: Yes, we can remain purely “consultative” and guide you through the FedRAMP documentation without being hands-on.
• Full Package & Build: If you want engineering, implementation, or day-to-day operational support, we can do that, too—either through bladeRAMP or on a T&M basis (Bitstream Merc).

• Yes. bladeRAMP includes HANZO (SecOps) and GENJI (ConMon) as an all-in-one suite, previously branded under the name SENTREE OVERWATCH.
• For a complete “top-tier” solution—covering everything from continuous vulnerability management to real-time compliance updates—bladeRAMP (previously known as SENTREE OVERWATCH) wraps it all in one package.

• You can engage us in specific areas—advisory, documentation “build,” a slice of engineering, or targeted operations support—without purchasing the entire bladeRAMP platform.
• Our offerings are modular, so you only pay for the pieces that make sense for you.

• Think of the “samurai suite” (bladeRAMP + HANZO + GENJI) as the ‘all-inclusive resort’: You get everything needed for FedRAMP from one source, fully integrated.
• Think of “Bitstream Merc” as ‘on-demand engineering’: You tap our experts when you need them, at hourly or T&M rates, without a full managed service.
• Advisory-Only: Perfect if you already have an internal engineering/security team but just want our strategic guidance and FedRAMP expertise,

We’re here to help. If you need additional clarification or want to explore a customized package of services to meet your specific FedRAMP and cybersecurity needs, please get in touch. Your success is our top priority, and we’re ready to support you every step of the way.

That’s right—we’re the only advisory-only 3PAO on the FedRAMP Marketplace, and it’s by design. At bladestack.io, we focus solely on technical advisory, rolling up our sleeves to dive deep into implementation, system engineering, and strategic guidance without any conflicts of interest from performing assessments. This pure focus means you get a partner committed to your unique cybersecurity needs, while we refer assessment work to our trusted partners. Simply put, we do what we do best—advising—so you can have the full confidence of hands-on technical expertise without compromise.