Organizations looking to comply with NIST SP 800-53 or NIST SP 800-171 security requirements for obtaining an Authority-To-Operate (ATO) for FedRAMP, FISMA and DFARS compliance should utilize the Cloud GSS pattern to accelerate compliance. Cloud GSS stands for Cloud General Security System that provides cloud computing based security and management services to NIST compliance requirements. stackArmor’s AWS architects and NIST compliance experts have engineered a Cloud General Security System (GSS) with integrated cloud-native security services that map to technical controls required by NIST SP 800-53 and NIST SP 800-171 along with security control descriptions delivered “out-of-the-box”. Our ATO acceleration solution is called stackArmor ThreatAlertTM which is a Cloud GSS that accelerates the ATO process by up to 40%. stackArmor ThreatAlert is part of the ATO on AWS program and 1 of 8 inaugural launch consulting partners.
Using the AWS FedRAMP accredited cloud services, stackArmor provides an integrated continuous monitoring and compliance solution that includes (1) technical controls, (2) systems security plan documentation and (3) managed services. ISV’s, SaaS providers, Federal Agencies and Government Contractors can dramatically reduce the cost of delivering a FedRAMP, FISMA or DFARS compliant environment using stackArmor ThreatAlert.
stackArmor ThreatAlertTM is hosted on AWS using cloud-native security services and maps to NIST Special Publication 800-53 security requirements. Key features of our Cloud GSS solution for ATO acceleration solution include:
- “In-boundary” deployment within customers’ account
- Full-stack security coverage from code to container to cloud
- Customizable security stack based on organizations’ budget, risk and current installed base of security tools
- Managed services and remediation support based on customer requirements
The infographic below provides a high-level overview of our solution.
The Cloud GSS is deployed “in-boundary” through the stackArmor ThreatAlertTM VPC and delivered as a fully managed service ensuring that all customer data stays within their account. The platform offers a number of integrations and services out of the box including:
- Static code analysis
- Application security testing
- Security operations and continuous monitoring
- Hardened cloud operations
- Governance, risk and compliance
- Incident response and remediation
The stackArmor ThreatAlertTM Cloud GSS is composed of the following components:
- stackArmor ThreatAlert Portal
- stackArmor ThreatAlert Security Rules Engine
- stackArmor OpsAlert for systems operations and cloud cost management
- stackArmor RapidSSP for NIST SP 800-171 and NIST SP 800-53 documentation support
Send us an email at solutions @ stackArmor dot com or contact us to learn more about stackArmor ThreatAlertTM for meeting your cloud operations and security challenges. Learn more about stackArmor ThreatAlertTM by clicking on this link.
https://stackarmor.com/secure-devops-for-fedramp-compliant-cloud-platforms/
Free Consultation
Are you interested in a Free consultation with a stackArmor Solutions Architect on how you take advantage of Container, PaaS using CloudFoundry or Serverless achitecture patterns to accelerate your Developer productivity? We can help review your workload requirements, and also assist with DevOps pipeline implementation. Schedule a a free consultation with a stackArmor DevOps Solutions Architect by sending us an email at solutions at stackarmor.com or fill our contact us form .
