Cloud Security

Josef Kamara, CPA, CISSP, CISA · Updated May 6, 2026 · 1 minute read

Inherited Controls

Compliance controls whose implementation responsibility transfers from the customer to the cloud service provider based on FedRAMP authorization, SOC 2 report, or equivalent certification. Customers must document which controls are inherited and verify alignment with their own System Security Plan.

From the library

The full analysis on Inherited Controls.

The article is where the term meets the practitioner. Read how this concept actually shows up in audit, in remediation, and in the boardroom.

Read the analysis →
The Authority Brief

One compliance analysis per week from Josef Kamara, CPA, CISSP, CISA. Federal and private compliance, written for practitioners.