Cloud Services

The JD Biggs FedRAMP, FISMA and Risk Management Framework (RMF) methodologies are the strategies developed in accordance with the Federal Cloud Computing Initiative (FCCI), General Services Administration (GSA) guidelines, NIST / FIPS publications and best practices acquired through data-centered assessment activities on the three (3) service models: Infrastructure as a Service (IaaS)Software as a Service (SaaS)Platform as a Service (PaaS)

Cloud computing services encompass the assessment and continuous monitoring on service models within the four (4) deployment models: Private Community Public Hybrid clouds. The primary FedRAMP service offerings include:

Required Security Authorization Documentation

ISSO Designation LetterRules of Engagement (ROE)Continuous Monitoring Plan
Privacy Impact AssessmentSystem Security Plan (SSP)Code Review (SAAS)
Business Impact AssessmentIS Contingency Plan (ISCP)eAuthentication Risk Assessment
Control implementation SummaryContingency Plan Test Results (CPTR)Assessment Test Cases (17 control families)
Control Tailoring WorkbookIncident Response Plan (IRP)Vulnerability Scans: OS / Web / DB / Virtual Machine
Security Assessment PlanEvidentiary Artifacts (Screen shots, policies, procedures, check lists, scans, etc.)Penetration Test Report
Security Categorization (FIPS 199)Configuration Management Plan (CMP)Plan of Action and Milestones (POA&M)
Rules of Behavior (ROB)Interconnection Security Agreement (ISA)Security Assessment Report
Memorandum of Understanding (MOU)