GovDataHosting is a FISMA certified high cloud service provider for the federal government and government contractors. FISMA Cloud is a federal government-dedicated multi-tenant or private cloud platform that enables agencies and government contractors to cost-effectively procure virtualized cloud server, network and security infrastructure resources available at a fixed or consumption-based price.
Building on a decade of providing a FISMA compliant cloud virtual hosting solution, our FISMA Cloud is delivered utilizing FedRAMP JAB certified GovDataHosting Cloud Platform (GCP) cloud national infrastructure, a culmination of modern cloud web hosting technologies dedicated to supporting government defense and civilian agency information systems requiring National Institute of Standards and Technology Risk Management Framework (NIST RMF) Low, Moderate or High risk levels of protection.
Benefits of our FISMA Compliant Cloud
Becoming a customer of our FISMA Cloud is the most cost-effective way of obtaining all necessary cloud, technology and security compliance resources while satisfying government-mandated security controls.
FISMA Cloud Highlights:
- Open only to U.S. agencies and government contractor customers
- Exclusive community of U.S. agency systems hosting government data
- FedRAMP-audited logical separation controls ensure complete tenant separation
- Managed by background U.S. citizens from U.S. locations only
- Eligible for low, moderate or high impact systems
- Public Internet and private agency connectivity options are available
- The fastest and most cost effective way to host a government system in a cloud
U.S. Based Cloud Datacenters and Support
Since FISMA Cloud is a government data-specific cloud solution, our fisma compliant cloud service is only available to government agencies and government contractors hosting federal agency data in the cloud. All FISMA Cloud datacenters (cloud zones) are located within the continental United States and supported by trained U.S. citizen personnel with positively adjudicated criminal background investigation and signed non-disclosure agreements upon hire.
GovDataHosting Cloud Platform leverages enterprise network and server hardware as the foundation of the cloud’s physical layer infrastructure providing customers' virtual servers, processing and memory resources. Disk infrastructure is provided by an enterprise storage platform equipped with software and hardware based FIPS 140-2 certified encryption providing secure and compliant storage for all government data. Our cloud offers a variety of DISA STIG-hardened virtual server operating system images for accelerated compliance with requisite NIST and agency-specific standards.
Fully Managed Cloud Infrastructure
As cloud service providers, our FISMA Cloud offering is based on a fully managed cloud Infrastructure as a Service (IaaS) model allowing customers control over their hosted applications while GovDataHosting certified support personnel fully manage the underlying cloud and security infrastructure, the hypervisor and the operating system. As part of our fully managed cloud service for customers, GovDataHosting provisions and manages all cloud resources including network bandwidth, vCPU, disk and memory resources and rapid elasticity on an as needed basis commensurate with allocated budget and mission requirements.
To comply with demanding government Assessment and Authorization (A&A) process requirements, our FISMA compliant cloud is fully compatible with infrastructure related technical, operational and management controls referenced in NIST Special Publication 800-53 Revision 4 low, moderate and high risk baselines, as well as additional FedRAMP and agency-specific enhanced guidance.
Proactive System Implementation Management
Each customer system deployment within our FISMA Cloud is professionally managed by GovDataHosting Project Management Office (PMO) comprised of PMI-certified and security compliance experienced project management professionals to prevent many common government security compliance implementation mistakes, minimize risks and provide strategic implementation/operation leadership.
IT-CNP assigns a technical project management lead to each new FISMA Cloud implementation as a single point of contact, leadership, resource coordination and oversight for all technical and security compliance planning and implementation activity.
Our approach results in lower system implementation risk, expedited path to obtaining an ATO, enhanced system operational state and increased customer satisfaction.
Technical and Security Compliance Managed Services
GovDataHosting government IaaS cloud offering is bundled with full-service security compliance managed service in support of FISMA, FedRAMP, NIST RMF, DoD RMF, HIPAA and enhanced agency-specific compliance requirements serving Executive, Legislative and Judicial branches of the U.S. Government, state and local government customers.
To augment our customers' internal resources, GovDataHosting has trained and certified personnel providing comprehensive application support services in support of Microsoft, Oracle, Red Hat, Apache, and other leading industry vendors, as well as customized ad-hoc services to meet specific customer technical requirements.
Please contact our customer service to discuss your own unique cloud hosted solution requirements and our trained representatives will be glad to go over the available service options most advantageous to your requirement and allocated budget. As our service philosophy is to provide 100% customer service satisfaction, no project or question is too small or too big for our team to address.
FedRamp Certification Levels:
FedRAMP Low Impact Level
The low impact level is the baseline security standard for cloud systems and data. It is designed to support cloud services and products that are intended for public use and generally considered to be low risk. Any loss in the availability or confidentiality of systems and information at this level would not substantially impact an agency’s mission (nor operations, finances, reputation, and personnel).
With less risk assigned, security documentation is consolidated, and the timeline for approvals is shortened. Low-level systems are secured by 125 controls – the technologies and processes cloud service providers set in place to secure government data stored in the cloud.
FedRAMP Moderate Impact Level
Data that is not publicly available, like personally identifiable information, is considered controlled unclassified information and is subject to the 325 controls of the FedRAMP moderate impact level. These enhanced controls require cloud service providers to automate many management and risk detection functions to better secure systems and data. At this level, data loss or exposure could have direct impact on an agency’s mission. Operations might be disrupted, assets lost, and personnel files exposed.
FedRAMP High Impact Level
Prior to June 2016, when FedRAMP released the high-level security baseline, government agencies were only able to contract cloud service providers for low level and moderate level cloud operations. Now, an agency can outsource the management of high risk systems and data – provided the external environments comply with the 421 controls of the FedRAMP high impact level.
The high impact level is suitable for the federal government’s most sensitive, unclassified information. This generally applies to law enforcement, emergency operations, financial services, and healthcare systems, where a breach could result in significant institutional damage, financial ruin, or loss of life. Extensive security protocols, heightened authentication procedures, and more automation help ensure the integrity, availability, and confidentiality of this high-impact data.