The JD Biggs FedRAMP, FISMA and Risk Management Framework (RMF) methodologies are the strategies developed in accordance with the Federal Cloud Computing Initiative (FCCI), General Services Administration (GSA) guidelines, NIST / FIPS publications and best practices acquired through data-centered assessment activities on the three (3) service models: Infrastructure as a Service (IaaS), Software as a Service (SaaS), Platform as a Service (PaaS)
Cloud computing services encompass the assessment and continuous monitoring on service models within the four (4) deployment models: Private Community Public Hybrid clouds. The primary FedRAMP service offerings include:
- Pre-FedRAMP Assessment
- Security Authorization Package Development
- FedRAMP Compliance Assessment
- Continuous Monitoring
Required Security Authorization Documentation
| ISSO Designation Letter | Rules of Engagement (ROE) | Continuous Monitoring Plan |
| Privacy Impact Assessment | System Security Plan (SSP) | Code Review (SAAS) |
| Business Impact Assessment | IS Contingency Plan (ISCP) | eAuthentication Risk Assessment |
| Control implementation Summary | Contingency Plan Test Results (CPTR) | Assessment Test Cases (17 control families) |
| Control Tailoring Workbook | Incident Response Plan (IRP) | Vulnerability Scans: OS / Web / DB / Virtual Machine |
| Security Assessment Plan | Evidentiary Artifacts (Screen shots, policies, procedures, check lists, scans, etc.) | Penetration Test Report |
| Security Categorization (FIPS 199) | Configuration Management Plan (CMP) | Plan of Action and Milestones (POA&M) |
| Rules of Behavior (ROB) | Interconnection Security Agreement (ISA) | Security Assessment Report |
| Memorandum of Understanding (MOU) |