As part of its FISMA cloud offering for civilian Federal agencies, GovDataHosting delivers a full set of operational, management and technical controls according to NIST Special Publication 800-53 Revision 4 – Security and Privacy Controls for Federal Information Systems and Organizations.
GovDataHosting accelerates the initiation phase by streamlining accreditation. Our team utilizes:
- FedRAMP approved IaaS certified cloud infrastructure and documentation
- Technical personnel experienced in NISTRMF and RMF for DoD
- Personnel experienced in the preparation of the A&A Package
- Proven NISTRMF and RMF for DoD artifact document templates
- Operational, Management, and Technical controls that have been audited by the government
- Data center facilities audited by the government
A streamlined Assessment and Authorization (A&A) process can be viewed by stakeholders as beneficial from a number of perspectives:
- Reduces initial duration by over 50%
- Reduces process cost by more than 50%
- Significant decrease of system deployment risk
- Predictable, manageable, and successful system authorization
FISMA Compliance
In accordance with the Federal Information Security Management Act (FISMA), all federal agencies in the United States must have their IT systems and infrastructure accredited via a continuous monitoring based Assessment and Authorization (A&A) cycle. GovDataHosting provides full FISMA Assessment and Authorization package preparation support for all federal government information systems hosted within its FISMA (NIST and DoD RMF) compliant telecommunications infrastructure.
FISMA lays groundwork for federal agencies to evaluate and understand the security of their information systems, applicable security controls, and security threats, and aids in resolving any deficiencies.
For each information system operated by or for a federal agency, a FISMA compliant cloud documentation package must be generated, including:
- Information on security policies and procedures
- The likelihood and impact of all possible threats
- Evaluation and periodic testing of security policy efficiency
- Evaluation of technical, management, and operational security controls
- Security awareness training and expected rules of behavior for end-users
- Procedures for reporting and responding to incidents
- A process for addressing any reported deficiencies
- Inventory of software and hardware assets
- Contingency plans to ensure continuity of operations in the face of a disaster
- Policies and procedures for detecting, tracking, and resolving vulnerabilities
- Periodic risk assessments
On average, a GovDataHosting team of two consultants experienced in A&A can help our cloud customers achieve accreditation in 3-6 months, though more time may be required depending on a system's risk categorization.
NIST Compliance
GovDataHosting offers a full slate of NIST compliant cloud controls in accordance with NIST Special Publication 800-53 Revision 4 – Security Privacy Controls for Federal Information Systems and Organizations. Operational, management, and technical controls are offered for low, moderate, and high-risk systems.
GETTING STARTED
A standardized set of applicable NIST compliant cloud control requirements can be found in Special Publication 800-53 Revision 4 – Security and Privacy Controls for Federal Information Systems and Organizations, and are grouped by functional areas.
AUTHORIZATION
In preparing a NIST/DOD cloud compliance accreditation package, the following documents are typically required:
- System Categorization
- System Description
- System Boundary Diagram
- Network Design & Data Flow
- Risk Assessment (RA)
- Configuration Management Plan (CMP)
- System Security Plan (SSP)
- System Contingency Plan (CP)
- System Assessment Report (SAR)
- Incident Response Plan (ICP)
DOD Compliance
As part of its FISMA cloud offering, GovDataHosting provides operational, management, and technical controls in accordance with the Department of Defense’s Risk Management Framework (RMF) as referenced on Department of Defense Instruction (DoDI) 8510.01 with the authority in DoD Directive (DoDD) 5144.02
In March of 2014, RMF for DoD IT replaced the former DoD Information Assurance Certification Accreditation Process (DIACAP). Since then, it manages the life-cycle cybersecurity risk for DoD IT and helps to integrate the Federal Risk and Authorization Management Program (FedRAMP), which offers a DoD-approved standardized approach to security assessment and authorization, as well as continuous monitoring. Service is available for IL-2/public facing websites.
The IT-CNP - GovDataHosting Cloud Platform, Hybrid Cloud has demonstrated compliance with the Federal Risk and Authorization Management Program (FedRAMP) High baseline and has been granted a FedRAMP JAB Authorization and a DoD Provisional Authorization (DoD PA). Please contact our customer service for a copy of our DoD PA and to discuss your specific system risk categorization level.
SECURITY IN JUST SIX STEPS
The RMP for DoD framework is composed of six steps:
- Categorize information systems
- Select Security Controls
- Implement Security Controls
- Assess Security Controls
- Authorize Information Systems
- Monitor Security Controls
GovDataHosting is featured on the FedRAMP website as well as on DoD Defense Information Systems Agency (DISA) in the catalog of DoD approved cloud providers.
FedRAMP Compliance
The Federal Risk and Authorization Management Program (FedRAMP) was devised by compliance experts with GSA, NIST, DHS, DoD, NSA, OMB, and the Federal CIO Council to provide government agencies with a central and standardized approach for assessment, authorization, and continuous monitoring for cloud products and services.
Nationwide, only a select few systems have been awarded a Provisional Authority to Operate (PATO) from the FedRAMP Joint Authorization Board (JAB) to provide cloud services for all federal agencies. To date, only 5 High-Impact cloud systems – including ours – have achieved FedRAMP JAB authorization. We're also the only certified cloud platform offering a 100% infrastructure availability Service Level Agreement (SLA), which ensures absolute simplicity and guaranteed results for our clients.
- Fully-managed support on the entire hosting environment for any platform
- State-of-the-art compliance tools
- Supported high performance technologies that meet strict government service requirements
- Managed integration and advanced security assessments
- Affordability and versatility
- Available as FISMA private cloud or FISMA community cloud
Taking Compliance Far Beyond The Cloud
Contact our customer service department today to discuss how our FedRAMP certified cloud service provider and information assurance solutions can help meet your unique requirements and allocated budget.