Laura Stanton, Assistant Commissioner for the Office of…
Management of basic customer networking components to include virtual local area network (VLAN) and virtual/physical network interface card (NIC) setup, assignment and configuration of private/public IP addresses and customer Internet connectivity or private connection setup.
GovDataHosting edge and internal enterprise Firewall Service acts as the first layer of defense against un-authorized connections. To minimize vendor-dependent vulnerabilities, GovDataHosting enterprise Firewall Service is delivered utilizing multi-vendor firewalls. Management of inherited or dedicated network firewalls includes setup of deny all/allow by exception firewall traffic filtering rules based on port, protocol and service. All customer firewall configuration changes are required to be authorized by customer prior to implementation.
Encrypted virtual private network (VPN) remote access connectivity with 2-factor RSA authentication for privileged and basic users requiring administrative access to virtual servers utilizing GovDataHosting enterprise VPN access devices and the latest government FIPS approved encryption protocol with proper encryption key length. Customers do not have to have a dedicated VPN device to provision this service and can leverage the GovDataHosting VPN remote access infrastructure as a cost-effective alternative to a dedicated solution. Service is limited to utilization of GovDataHosting Cloud Platform enterprise VPN infrastructure. Customer-dedicated remote access VPN support requires a custom scope of work and on-going support. Additional shipping charges will apply for RSA token shipments to more than 3 customer geographic user locations per information system.
Managed Reverse Proxy Service provides basic self-defending reverse proxy, traffic load-balancing and web application firewall (WAF) service utilizing GovDataHosting enterprise reverse proxy infrastructure. This IP rule-based service serves as a cost-effective alternative to dedicated reverse proxy/load balancing/WAF solutions. Service is limited to utilization of GovDataHosting Cloud Platform enterprise reverse proxy infrastructure. Customer-dedicated reverse proxy/load balancer/WAF support requires a custom scope of work and on-going support.
Managed Domain Name System Security Extensions (DNSSEC) service provides customer-system oriented domain name resolution services through GovDataHosting Cloud Platform redundant DNS server architecture. The purpose of this service is to provide protection against common vulnerabilities in the DNS protocol.
This service provides GovDataHosting customers with a peace of mind that their data is periodically backed up and available for a restore if needed utilizing GovDataHosting Cloud Platform backup infrastructure. Depending on operating system utilized by the customer, our backup infrastructure is capable of restoring single files instead of having to restore an entire server to recover a single file. Managed backup and restoration services is available with a variety of incremental and full back up retention options.
Service supports Microsoft Windows Server and Red Hat Enterprise Linux operating systems based on customer provisioned CPU, memory and disk resources. Service is limited to managing up to 10 privileged user or service accounts. Charges may apply for management of additional user/service accounts.
Database installation, configuration, security compliance benchmark hardening and quarterly patching service. Support is available for Microsoft SQL Server, Oracle and MySQL database management systems. DISA STIG and CIS database hardening benchmarks are available. Database administration tasking outside of the standard definition of Basic and Advanced Database Administration service type is not included in the scope of support, but may be available as a customer-specific support scope.
Install vendor-provided patches for most of vendor supported and government authorized applications and open source products such as Microsoft, Red Hat Enterprise Linux, Oracle, Apache and many more. Basic service offering includes installation of Microsoft or RHEL operating system patches, while the advanced offering includes patch installation for over 250+ applications.
Patches are installed during a customer-approved maintenance window. GovDataHosting personnel provides an email notification in the beginning and end of the maintenance window so customers are aware when their system is being patched.
Mission critical customer systems designed with redundant functional components for high availability and load balancing purposes generally do not experience a service interruption for their customers as GovDataHosting’s systems patch each component of the information system separately from its high availability pier thus preserving service.
Basic and advanced set of computing resource, storage, database, and application performance monitoring services to accommodate the most demanding enterprise application performance requirements.
Initial installation and ongoing management of SSL certificate and related intermediary files. This service includes the provisioning of an SSL certificate through IT-CNP’s commercial partner SSL certificate authority, logistics associated with getting the SSL certificate request issued and installed on customer and IT-CNP infrastructure tools, including customer’s web servers, application servers and GovDataHosting Managed Reverse Proxy service.
Government customers that have their own certificate authority (e.g. U.S. Department of Defense) can provide their own SSL certificates and intermediary files for management by GovDataHosting.
Drupal core application installation and on-going Drupal core administration service including monthly health checks and quarterly security patches. This service includes applying zero-day critical security patches as soon as possible following customer approval.
Drupal content related services such as Drupal content publication, content management, theme design, module development, graphics/multi-media design, web visitor trend analysis and custom programming are not covered by this service, but are available from GovDataHosting as a bundle through our partner network.
Microsoft Exchange farm application installation and on-going farm administration service including Exchange administration feature settings, monthly health/performance log checks, issue troubleshooting and applying security patches on quarterly basis. This service includes applying zero-day critical security patches as soon as possible following customer approval.
Microsoft Exchange daily management tasking such as user account management, password resets, user helpdesk, user-specific configuration and related services are not covered by this service, but are available from GovDataHosting as a bundle through our partner network.
Basic Microsoft SharePoint farm application installation and on-going farm administration service including monthly health checks and quarterly application and security patches.
GovDataHosting utilizes lessons learned from hundreds of prior successful application migrations to ensure that customers leverage the latest best practices while managing risk associated with migrating their applications to the cloud.
This service includes a centrally managed enterprise cloud anti-virus/anti-malware protection, including policy-driven Host Based Intrusion Detection System (HBIDS) per NIST SP 800-83 and application whitelisting.
Basic and advanced security compliance documentation service to establish the minimally required initial system documentation by successfully completing system Assessment and Authorization (A&A) process, as well as maintaining on-going authorization through documenting the required periodic recurring tasks (documenting continuous monitoring activities).
GovDataHosting Disaster Recovery Service offers customers a cost effective disaster recovery strategy utilizing virtual server replication technologies and transmitting encrypted copies of virtual servers and data to an alternate GovDataHosting datacenter to provide failover coverage in the event of a man-made or natural catastrophe. We offer a number of flexible disaster recovery options to satisfy the most demanding government disaster recovery requirements and NIST Contingency Planning family of controls. Alternate GovDataHosting cloud geographic zones currently available are Maryland, Ohio and Texas.
As a component of GovDataHosting Continuous Monitoring Program, our network-based intrusion detection system (IDS) monitors all network or system traffic for malicious activity or policy violations.
As a component of GovDataHosting Continuous Monitoring Program, our cloud log aggregation service collects and centralizes system logs from customer’s virtual servers and stores them for a minimum of the FedRAMP-mandated retention period.
As a component of GovDataHosting Continuous Monitoring Program, our Vulnerability Scanning Service includes a collection of industry’s leading and custom vulnerability scanning tools to ensure periodic identification of customer server vulnerabilities and compliance benchmark configuration validation. The results are always analyzed by GovDataHosting SOC personnel, recorded in customers’ system-specific Plan of Actions and Milestones (POAM) tracking tool and distributed to the customer for review and resolution. If GovDataHosting manages the customer’s component, it would be our responsibility to resolve any open findings in a timely manner.
Our Incident Response and Tracking Service is fully compliant with NIST Special Publication 800-61 Revision 2 – Computer Security Incident Handling Guide, FedRAMP incident response guidelines and agency-specific tailored incident response procedures to ensure that every customer system has access to GovDataHosting SOC Computer Security Incident Response Capability (CSIRC).
GovDataHosting provides all the necessary tools and services to enable our cloud customers to fully comply with each federal government agency’s demanding continuous monitoring requirements without excessive up-front budgetary investments.
GovDataHosting provides the necessary tools and services to enable our cloud customers to fully comply with each federal government agency’s configuration management requirements.
GovDataHosting provides the necessary tools and services to enable our cloud customers to fully Tracking and documentation of customer information system assets including network devices, servers, appliances and major installed components (e.g. databases). This service is critical for compliance with federal government continuous monitoring program requirements.
GovDataHosting offers an option to perform system security assessment service based on customer security compliance framework to establish the current information security state and provide recommendations towards closure of any gaps identified during an assessment.
GovDataHosting offers a number of digital forensics service options to accommodate the most demanding law enforcement forensic investigations and cyber defense analysis for computer related activities.
ServiceDesk Portal Service provides an electronic service request and change request tracking capability for GovDataHosting Cloud Platform customers. The service is configured for customer requestors to submit new service requests and initiate new change requests. Service requests include requests for additional resources, assistance in troubleshooting technical issues and reporting of technical malfunctions (incidents). GovDataHosting tracks each request individually with emphasis of expedient request assignment for request resolution and high quality of service performed.
GovDataHosting provides a comprehensive software license provisioning service to ensure that customers can take advantage or leading software vendors’ offerings and features approved for use by the government as a simple one-time fee or a fixed monthly fee.
GovDataHosting ensures that all new and existing customer system changes and major efforts and guided by an experienced project manager to ensure coordination between the technical and security compliance management teams.
GovDataHosting technical engineering and security compliance personnel assist customers and federal/state government agencies in the design phase of their information systems in accordance with technical best practices combined with security compliance considerations unique to customer requirements and government agency guidance.
As a cloud infrastructure provider, GovDataHosting performs cloud readiness assessment services based on real-life enterprise government information system experience to ensure that customer stakeholders are provided with an actionable strategic report assessing their cloud migration readiness status.