FedRAMP, DOD, FISMA/RMF and CMMC ATO Acceleration

ThreatAlert® ATO Accelerator reduces the time and cost of FedRAMP, FISMA/RMF, DOD and CMMC ATO projects by 40%.  The ThreatAlert® ATO Accelerator is vetted by AWS to rapidly configure and deploy a dedicated authorization boundary, NIST compliant security services and the complete ATO documentation package including policies, procedures and plans. ThreatAlert® supports FedRAMP High, Moderate, Low; DOD CC SRG IL-2, IL-4,  IL-5, and CMMC Level-3, Level-4 and Level-5 baselines including CUI.  The ThreatAlert® ATO Accelerator is “in-boundary” within the customers cloud accounts and covers all major NIST control families including – code analysis, boundary protection, FIPS compliance, SIEM, MFA, vulnerability management, and auditable events monitoring amongst other services. All ThreatAlert® services cover the entire ATO lifecycle including gap assessment, preparation, assessment and post-ATO continuous monitoring.

The ThreatAlert® ATO Accelerator solution is optimized for AWS GovCloud and AWS US Commercial regions that provide FedRAMP and DOD CC SRG accredited AWS services.  The Gov Landing Zone provides a pre-defined deployment architecture for NIST and DOD required security, management and operational services to securely host multiple applications and their data. Common security and management services are encapsulated in the Gov Security System (GSS) to meet stringent FISMA, FedRAMP, DOD CC SRG security requirements for boundary protection, logging, monitoring, alerting, incident response, vulnerability management and security incident event management (SIEM) amongst others. Given the standardized architecture and associated security services stack, a pre-filled suite of documentation and control descriptions with coverage for over 2/3 of the controls is included in the ThreatAlert® Compliance Docs package. The documentation package includes policies, procedures, plans and control descriptions to help jumpstart the ATO project and reduce costs. stackArmor’s cloud and compliance experts provide assistance in filling out the complete package tailored to client organization’s concept of operations that includes assistance with selecting a 3PAO or C3PAO. Our assessment support includes providing evidentiary information, supporting queries and providing clarifications during the penetration testing and authorization calls with the Agency sponsor or the FedRAMP PMO. After the ATO is granted, ThreatAlert® Continuous Monitoring services are provided for executing the required weekly, monthly and annual activities such reporting and POAM management.

ThreatAlert® ATO Accelerator is a unique “in-boundary” solution that encapsulates the experiences, best practices collected from over 100 cloud ATO’s since 2009. stackArmor’s engineers and architects were responsible for the migration of Recovery.gov and Treasury.gov as the first government wide systems to receive a Cloud ATO in 2010. The solution helps ISV’s, SI’s, Large Enterprises and Small Businesses doing business with Government reduce the time and cost of an ATO by 40%. Also, the internal organizational burden is reduced by removing the need for license procurement, managing third-party technical support and documentation management support. There are a number of flexible deployment models that allow for tailoring the architecture, security services and software services to comply with client specific requirements or corporate standards.

Key use cases supported by ThreatAlert™ include:

1. FedRAMP P-ATO Acceleration for Startups, ISV’s, Small Businesses, and Commercial organizations requiring to meet FedRAMP Low, Moderate, High, or DOD CC SRG IL-2, IL-4 or IL-5 baselines. Click here to request a free briefing.

2. FISMA/RMF ATO Acceleration for Government Program Managers migrating applications to AWS or AWS GovCloud and requiring security services, controls, and SA&A package for Authority To Operate (ATO). Click here to schedule a free capability briefing and let us show you how we helped the Department of Education’s MyFAFSA system obtain an ATO in less than 60 days.

3. CMMC/CUI Level 3 and Level 5 compliance for Government contractors, Educational institutions, and Federally funded organizations requiring backoffice hosting, communication & collaboration services. Click here to schedule a free briefing on how we have helped a number of small businesses and large contractors get ready for CMMC with ThreatAlert®.

4. FTI and ITAR compliance for Government agencies and contractors requiring compliance with IRS publication 1075. Click here to schedule a free briefing on how we have helped a number of agencies and large contractors get ready for FTI and ITAR compliance with ThreatAlert®.

In addition to our primary use cases, we also support PCI-DSSHIPAA, and SOC2 compliant environments for security-focused organizations looking to implement security best practices and protecting their data. Schedule a free consultation to see if we can perform cybersecurity risk assessment, penetration testing, or vulnerability scans for your system.

Benefits of ThreatAlert® ATO Acceleration Solution for FedRAMP, FISMA and CMMC

Rapid deployment of landing zone and security services

ThreatAlert® is deployed “in-boundary” using Infrastructure-as-Code (IaC) automation and includes rapid installation, configuration, and integration with tenant applications, data, and user services. All security services for SIEM, IDS/IPS, VPN, Anti-Virus, HBSS, Vulnerability Scanning, MFA, and Monitoring are deployed in a single sprint and help save time and money in expensive engineering services. This is especially important when meeting tight assessment deadlines and contract milestones.

40% reduction in ATO cost with included documentation package

Our unique ATO accelerator provides a “pre-fab” security stack that is accompanied by a complete set of documentation templates with pre-filled security control descriptions. We are the only ATO acceleration solution provider that transparently shares the controls matrix meeting more than 60% of the controls for FedRAMP, DOD CC SRG, and CMMC compliance.

Post-ATO support and managed services

Post-ATO continuous monitoring, POAM reporting, and managed services support delivered as an integrated package with flexibility and customization of roles & responsibilities tailored to client requirements. This includes tailored ConMon reports developed from the ThreatAlert® Cloud Log Aggregation Warehouse (CLAW).

Tailored Delivery Model

ThreatAlert® is uniquely designed to provide a comprehensive and tailored service that accommodates specific client requirements around tools, integrations, and hybrid team models. The service includes the entire range of FedRAMP advisory services and is priced as well as delivered in modular components that allow the customer to pick and choose specific components that best meet their needs. Further, we provide highly simplified and streamlined pricing based on micro, small, medium or large environments that include virtual machines, containers, or serverless components. Contact us to schedule a free consultation and see if we can assist in your FedRAMP ATO acceleration efforts.

The pricing model is flexible and is based on the size of the environment as follows:

1. stackArmor Security and Compliance Platform (Dedicated Deployment Model)

  • Full-stack alerting and monitoring Small environment with less than 10 instances: $96,000 Annual Subscription
  • Full-stack alerting and monitoring Medium environment with between 10-50 instances: $192,000 Annual Subscription
  • Please send us an email to solutions@stackarmor.com for large environments.

2. stackArmor Security and Compliance Platform (Shared Deployment Model)

  • Full-stack alerting and monitoring Small environment with less than 25 instances: Annual Subscription benchmarked to AWS spend
  • Full-stack alerting and monitoring Medium environment with between 25-100 instances: Annual Subscription benchmarked to AWS spend
  • Please send us an email to solutions at stackArmor dot com for large environments

Contact us for a free consultation!