ThreatAlert Gov Landing Zone for FedRAMP, FISMA/RMF and CMMC ATO Acceleration
The ThreatAlert(R) Gov Landing Zone on AWS is a purpose built authorization boundary that is 100% self-contained to meet NIST SP 800-53 security controls for compliance with FedRAMP, FISMA and CMMC requirements. The ThreatAlert(R) Gov Landing Zone (GLZ) ensures separation of network, application & data, management and security functions. The ThreatAlert Landing Zone is a multi-account implementation that includes a comprehensive suite of common security services that deliver critical compliance services to the application zone. The application zone is optimized for supporting dedicated, hybrid and shared software deployment models as well as multi-product offerings for ISV with multiple offerings. The ThreatAlert Gov Landing Zone is an AWS vetted solution and meets FedRAMP, FISMA, CMMC and DOD CC SRG requirements. The information security levels supported by the ThreatAlert Gov Landing Zone include:
– FedRAMP High, Moderate and Low
– FISMA High, Moderate and Low
– DOD IL-2, IL-4 and IL-5
– CMMC Level 3, Level 4 and Level 5
The diagram below provides an overview of the ThreatAlert Gov Landing Zone:
NIST SP 800-53 for FedRAMP and FISMA – security controls are generally applicable to Federal Information Systems, “…operated by an executive agency, by a contractor of an executive agency, or by another organization on behalf of an executive agency.” These are typically systems that must go through a formal assessment and authorization process to ensure sufficient protection of confidentiality, integrity, and availability of information and information systems, based on the security category and impact level of the system (low, moderate, or high), and a risk determination. Security controls are selected from the NIST SP 800-53 Security Control Catalog, and the system is assessed against those security control requirements.
NIST SP 800-171 for CMMC – is generally applicable to Nonfederal Information Systems that store or process federal Controlled Unclassified Information (CUI), but must appropriately protect the confidentiality of the CUI data in accordance with CUI Federal Acquisition Regulation (FAR). These are typically businesses, educational institutions, and research organizations that legitimately store and process federal CUI on their own systems. NIST SP 800-171 and DFARS requires DOD and US Federal contractors and sub-contractors to meet 110 security controls. FedRAMP Moderate accredited cloud services can help accelerate compliance requirements at a reduced cost. Click here to learn more and download our Free eBook.
The DoD Cloud Computing Security Requirements Guide (SRG) provides security requirements and guidance for the use of cloud services by DoD mission owners. It provides security controls implementation guidance for cloud service providers (CSPs) that wish to have their cloud service offerings (CSOs) accredited for use by DoD components and mission owners. In August 2014, AWS became one of the first CSPs to be granted a Provisional Authorization to Operate (P-ATO) to store and process DoD Impact Level 4 data. DoD mission owners that operate their workloads on AWS can use our P-ATO as part of the supporting documentation that their authorizing official (AO) uses to grant the workload a system Authorization to Operate (ATO).
Are you interested in a free consultation with a stackArmor Solutions Architect on how we can help accelerate your FedRAMP, FISMA or CMMC project? We can help review your workload requirements, and also assist with your A&A package preparation including the SSP, and associated document. Contact us by submitting the form below: