In accordance with the Federal Information Security Management Act (FISMA), all federal agencies in the United States must have their IT systems and infrastructure accredited via a continuous monitoring based Assessment and Authorization (A&A) cycle. GovDataHosting provides full FISMA Assessment and Authorization package preparation support for all federal government information systems hosted within its FISMA (NIST and DoD RMF) compliant telecommunications infrastructure.
As part of its FISMA cloud offering for civilian Federal agencies, GovDataHosting delivers a full set of operational, management and technical controls according to NIST Special Publication 800-53 Revisions 3 – Recommended Security Controls for Federal Information Systems and Organizations, as well as NIST Special Publication 800-53 Revision 4 – Security and Privacy Controls for Federal Information Systems and Organizations. Service is offered for Low, Moderate and High Risk systems.
In March of 2014, RMF for DoD IT replaced the former DoD Information Assurance Certification Accreditation Process (DIACAP). Since then, it manages the life-cycle cybersecurity risk for DoD IT and helps to integrate the Federal Risk and Authorization Management Program (FedRAMP), which offers a DoD-approved standardized approach to security assessment and authorization, as well as continuous monitoring. Our DoD Provisional Authorization (PA) provides the means to obtain authorizations to operate Federal DoD cloud computing systems.
This government-wide program provides a standardized approach to security assessment, authorization and continuous monitoring for cloud computing. The FedRAMP Joint Authorization Board (JAB) has formally issued a Provisional Authorization to Operate (P-ATO) for GovDataHosting Cloud Platform (GCP) Infrastructure as a Service (IaaS) offering. To date, only 27 government cloud hosting systems – including ours – have achieved this status.
Swift, Successful Accreditation
GovDataHosting streamlines accreditation by accelerating its initiation phase. To do so, our team utilizes:
FedRAMP approved IaaS certified cloud infrastructure and documentation
Technical personnel experienced in NISTRMF and RMF for DoD
Personnel experienced in the preparation of the A&A Package
Proven NISTRMF and RMF for DoD artifact document templates
Operational, Management, and Technical controls that have been audited by the government
Data center facilities audited by the government
A streamlined A&A process can be viewed by stakeholders as beneficial from a number of perspectives:
Reduces initial duration by over 50%
Reduces process cost by more than 50%
Significant decrease of system deployment risk
Predictable, manageable, and successful system authorization