The JD Biggs FedRAMP, FISMA and Risk Management Framework (RMF) methodologies are the strategies developed in accordance with the Federal Cloud Computing Initiative (FCCI), General Services Administration (GSA) guidelines, NIST / FIPS publications and best practices acquired through data-centered assessment activities on the three (3) service models: Infrastructure as a Service (IaaS), Software as a Service (SaaS), Platform as a Service (PaaS)
Cloud computing services encompass the assessment and continuous monitoring on service models within the four (4) deployment models: Private Community Public Hybrid clouds. The primary FedRAMP service offerings include:
- Pre-FedRAMP Assessment
- Security Authorization Package Development
- FedRAMP Compliance Assessment
- Continuous Monitoring
Required Security Authorization Documentation
- ISSO Designation Letter
- Privacy Impact Assessment
- Business Impact Assessment
- Control implementation Summary
- Control Tailoring Workbook
- Security Assessment Plan
- Security Categorization (FIPS 199)
- Rules of Behavior (ROB)
- Rules of Engagement (ROE)
- System Security Plan (SSP)
- IS Contingency Plan (ISCP)
- Contingency Plan Test Results (CPTR)
- Incident Response Plan (IRP)
- Evidentiary Artifacts (Screen shots, policies, procedures, check lists, scans, etc.)
- Configuration Management Plan (CMP)
- Interconnection Security Agreement (ISA)
- Memorandum of Understanding (MOU)
- Continuous Monitoring Plan
- Code Review (SAAS)
- eAuthentication Risk Assessment
- Assessment Test Cases (17 control families)
- Vulnerability Scans: OS / Web / DB / Virtual Machine
- Penetration Test Report
- Plan of Action and Milestones (POA&M)
- Security Assessment Report