ThreatAlert Gov Landing Zone for FedRAMP, FISMA and CMMC ATO Acceleration

The ThreatAlert(R) Gov Landing Zone (GLZ) on AWS is a purpose built application and data hosting architecture that meets NIST SP 800-53 security controls to ensure compliance with FedRAMP, FISMA and CMMC requirements. The ThreatAlert Gov Landing Zone (GLZ) is a application hosting pattern that ensures separation and segregation of network, application, data, operational and security functions. The ThreatAlert GLZ is a multi-account implementation that includes a Virtual Data Center Security Stack (VDSS) that acts as boundary used for protection of mission owner applications. Traffic routing is controlled using AWS Transit Gateway that acts as a hub that controls how traffic is routed among all the connected networks  in the form of a DMZ.  The Virtual Data Center Management Stack (VDMS) includes capabilities such as Host Based Security System (HBSS), Assured Compliance Assessment Solution (ACAS), authentication systems, and other common services.  A separate application hosting environment is provided that allows for mission owners to limit access to just the data and mission applications. All communications to and from the
application environment is controlled through the DMZ and monitored by the security services stack. Typical multi-tier mission workloads use Elastic Load Balancing, AWS Auto Scaling Groups and multiple Availability Zones for high availability and scalability. Logging services are immutable and separated from operational environments.

The ThreatAlert Gov Landing Zone is an AWS vetted solution and meets FedRAMP, FISMA, CMMC and DOD CC SRG requirements. The information security levels supported by the ThreatAler Gov Landing Zone include:

– FedRAMP High, Moderate and Low
– FISMA High, Moderate and Low
– DOD IL-2, IL-4 and IL-5
– CMMC Level 3, Level 4 and Level 5

The diagram below provides an overview of the ThreatAlert Gov Landing Zone:

ThreatAlert Landing Zone (TLZ)

The ThreatAlert Gov Landing Zone is compliant with the following security standards.

NIST SP 800-53 for FedRAMP and FISMA –  security controls are generally applicable to Federal Information Systems, “…operated by an executive agency, by a contractor of an executive agency, or by another organization on behalf of an executive agency.” These are typically systems that must go through a formal assessment and authorization process to ensure sufficient protection of confidentiality, integrity, and availability of information and information systems, based on the security category and impact level of the system (low, moderate, or high), and a risk determination. Security controls are selected from the NIST SP 800-53 Security Control Catalog, and the system is assessed against those security control requirements.

NIST SP 800-171 for CMMC – is generally applicable to Nonfederal Information Systems that store or process federal Controlled Unclassified Information (CUI), but must appropriately protect the confidentiality of the CUI data in accordance with CUI Federal Acquisition Regulation (FAR). These are typically businesses, educational institutions, and research organizations that legitimately store and process federal CUI on their own systems. NIST SP 800-171 and DFARS requires DOD and US Federal contractors and sub-contractors to meet 110 security controls. FedRAMP Moderate accredited cloud services can help accelerate compliance requirements at a reduced cost. Click here to learn more and download our Free eBook.

The DoD Cloud Computing Security Requirements Guide (SRG) provides security requirements and guidance for the use of cloud services by DoD mission owners. It provides security controls implementation guidance for cloud service providers (CSPs) that wish to have their cloud service offerings (CSOs) accredited for use by DoD components and mission owners. In August 2014, AWS became one of the first CSPs to be granted a Provisional Authorization to Operate (P-ATO) to store and process DoD Impact Level 4 data. DoD mission owners that operate their workloads on AWS can use our P-ATO as part of the supporting documentation that their authorizing official (AO) uses to grant the workload a system Authorization to Operate (ATO).

Free Consultation

Are you interested in a free consultation with a stackArmor Solutions Architect on how we can help accelerate your FedRAMP, FISMA or CMMC project? We can help review your workload requirements, and also assist with your A&A package preparation including the SSP, and associated document. Contact us by submitting the form below: