The Federal Risk and Authorization Management Program (FedRAMP) is a complex and resource consuming process. Most companies seeking FedRAMP certification lack the experience, persistence and focus to navigate the formidable requirements to meet compliance.
The FedRAMP Security Assessment Framework (SAF) applies to all cloud computing deployment and service delivery models. For companies that want to offer their cloud-based solutions to government agencies, the long, drawn-out FedRAMP process timeframe can kill a company’s opportunity window.
It’s All Included
The Anitian developed Sherlock Compliance Automation (SCA) is the fastest way to acquire a compliant FedRAMP Moderate-baseline environment for a client’s Cloud Service Offering (CSO). SCA FedRAMP provides a complete “assessment-ready” environment with everything: architecture, software licenses, templates, and more.
All you need to do is migrate your apps and data, fill out some documents, and you are ready for a
3PAO to perform an independent assessment.
We provide a FedRAMP Document Stack and Template Stack of all Security Authorization Package deliverables to help guide your CSO through the FedRAMP Authorization process. Additionally, we can provide in-depth training sessions to facilitate documentation of FedRAMP deliverables or we can author those documents as an add-on service.
COMPLIANT CLOUD ENVIRONMENT
The SCA FedRAMP solution is a cloud compliant architecture deployed on the Amazon Web Services (AWS) GovCloud environment. Our SOC team configures all settings of the FedRAMP solution to meet 3PAO assessment-ready compliance requirements.
STACK MANAGEMENT & MONITORING
Anitian manages configuration and supports clients with the Continuous Monitoring (ConMon) requirements for their Cloud Service Offering. This includes monthly submission of the FedRAMP Plan of Actions & Milestones (POA&M) requirement and weekly engagements to discuss vulnerability and remediation activities.
1) SCA FedRAMP Stack: Automated deployment, software licenses, and application onboarding from Anitian.
2) Managed Professional Services: Everything in the SCA FedRAMP stack plus management, advanced compliance guardrails, and 24x7 continuous monitoring.
3) Customized SCA FedRAMP Stack: Everything in the SCA FedRAMP stack to include a tailoring of the environment to accommodate clients specific needs for resizing and complexity.
SCA FedRAMP takes the guess work out of compliance. The entire environment is pre-configured and pre-populated for compliance. Access rights, password policies, security controls, etc. – all configured to meet those requirements.
FULLY AUTOMATED SETUP
The SCA FedRAMP stack is up and running, in a fully configured state, in about three hours.
Your Anitian FedRAMP Stack includes:
1. TECHNICAL STACK
– Complete FedRAMP reference architecture: VPCs, networks, access controls, KMS, firewall, and more
– Hardened active directory prepopulated with accounts, policies, etc
– Hardened operating systems
– Deep security endpoint protection (AV, IDS/IPS, FIM, etc.)
– Vulnerability Management
– FIPS 140-2 compliant multi-factor authentication
– Web application firewall
– Everything is pre-configured for FedRAMP Moderate-baseline requirements
2. DOCUMENT STACK
– Complete library of required policies, procedures and supporting plans (configuration management, contingency, security, continuous monitoring, and incident response)
– Set of FedRAMP artifacts, a template stack comprising of all Security Authorization Package deliverables, necessary to pursue a 3PAO Assessment of your CSO
3. SUPPORT STACK
– Onboarding support
– Technical support
– Compliance Guardrails
– Continuous Monitoring
Managed security and compliance
Continuous compliance was a pain. We fixed that.
Managed Security and Compliance (MSC) goes beyond MDR to offer continuous monitoring and remediation for our Compliance Automation (CA) environments.
With the powerful combo of CA and MSC, setup and ongoing support are fast, simple, and automated.
Advances in Cloud Security
Automation and Orchestration
in the Cloud