Cloud Services

The JD Biggs FedRAMP, FISMA and Risk Management Framework (RMF) methodologies are the strategies developed in accordance with the Federal Cloud Computing Initiative (FCCI), General Services Administration (GSA) guidelines, NIST / FIPS publications and best practices acquired through data-centered assessment activities on the three (3) service models: Infrastructure as a Service (IaaS)Software as a Service (SaaS)Platform as a Service (PaaS)

Cloud computing services encompass the assessment and continuous monitoring on service models within the four (4) deployment models: Private Community Public Hybrid clouds. The primary FedRAMP service offerings include:

Required Security Authorization Documentation

  • ISSO Designation Letter
  • Privacy Impact Assessment
  • Business Impact Assessment
  • Control implementation Summary
  • Control Tailoring Workbook
  • Security Assessment Plan
  • Security Categorization (FIPS 199)
  • Rules of Behavior (ROB)
  • Rules of Engagement (ROE)
  • System Security Plan (SSP)
  • IS Contingency Plan (ISCP)
  • Contingency Plan Test Results (CPTR)
  • Incident Response Plan (IRP)
  • Evidentiary Artifacts (Screen shots, policies, procedures, check lists, scans, etc.)
  • Configuration Management Plan (CMP)
  • Interconnection Security Agreement (ISA)
  • Memorandum of Understanding (MOU)
  • Continuous Monitoring Plan
  • Code Review (SAAS)
  • eAuthentication Risk Assessment
  • Assessment Test Cases (17 control families)
  • Vulnerability Scans: OS / Web / DB / Virtual Machine
  • Penetration Test Report
  • Plan of Action and Milestones (POA&M)
  • Security Assessment Report