The Most Experienced, Technically-Expert Cloud Advisory Team.
“It does not matter how slowly you go as long as you do not stop .” – Confucius
US Federal Government a potential buyer for your cloud-offering? However you’re unsure where to start? Or are you looking to expand your footprint in the FedRAMP Marketplace?
Partner with the most experienced consultants to CSP’s who know how to navigate all the nuances of FedRAMP authorization. bladestack.io Samurai’s have led FedRAMP Assessment and Advisory engagements since the program’s inception.
Our cyber-samurais are equipped and credentialed with the top industry recognized certifications. We are prepared to cut, slice and dice through the cyber fog of war to ensure you come out on top.
Gap Assessment
The Federal Risk and Authorization Management Program (FedRAMP) Gap Assessment provides an overview of FedRAMP, identifies showstoppers and security control issues that will delay your progress. Take the first step to understand your next steps in a manageable FedRAMP Authorization process.
Gap Assessment Overview
- Overview of the FedRAMP Program- including understanding FedRAMP Connect, the stages of FedRAMP Ready, In-process, and Authorized and the role of Third Party Assessment Organizations (3PAO).
- Quick-hit process to identify roadblocks that could prevent a FedRAMP authorization
- Boundary review and validation
- Initial review of the implementation status for each security control in the pre-defined baseline
- Overall cost-effective way to obtain a FedRAMP roadmap for authorization
Advisory
FedRAMP is a detail oriented and nuanced process. Preparing your environment for assessment is something that your team may not be prepared for. bladestack.io can step-in and help you execute a program to develop the necessary artifacts for FedRAMP assessments.
FedRAMP Advisory Overview
- Preparation activities to identify gaps and implement remediation actions
- Develop FedRAMP security package, including (but not limited):
- System Security Plan
- Contingency Plan
- Configuration Management Plan
- Incident Response Plan
- Additional boundary review and validation throughout the package development process
- Turn-key program development to ensure cloud service offering is ready for a 3PAO to assess it
Assessment
Want to ensure your organization and Cloud Service Offering (CSO) is ready for prime time? Bladestack.io will perform a mock assessment of your cloud service for FedRAMP requirements and help prepare your organization and stakeholders for the real deal!
Assessment Overview
- Comprehensive independent assessment of the defined boundary for the cloud service offering
- Assessment consists of the following activities:
- Security Assessment Plan, Security Assessment Report
- Control Assessment (based on the FedRAMP baseline)
- Vulnerability Scans (operating systems, web applications, network devices, and databases)
- Penetration Test
- Assessment results are then used to make updates and train/prepare for the actual 3PAO assessment
Continuous Monitoring
FedRAMP does not stop with a successful assessment and authorization. Requirements for continuous monitoring are in place to maintain authorization and ensure the security posture of the system which bladestack.io can help you meet.
ConMon Overview
- Process for maintaining the authorization once the authorization has been granted
- Includes various weekly, monthly, quarterly, and annual checkpoints
- Control assessments and penetration tests to be performed annually or more frequently if introducing a significant change request
- Vulnerability scans to be performed monthly, with reporting provided to the FedRAMP PMO each month based on the results of those scans
- Requires meticulous oversight and proper staffing levels to ensure the security posture of the offering is not negatively impacted over time
Why choose bladestack.io as your Aibō (Partner)?
No other cyber-company brings our level of technical expertise to the FedRAMP and cloud security compliance challenge.
FedRAMP is the world’s most demanding cybersecurity compliance standard. Achieving FedRAMP compliance often requires changes to business operation. Additionally, maintaining continuous accreditation means avoiding compliance pitfalls in the drive towards technical innovation.
Absurdly Technical
Dedicated Senior-Level technical engineers to Navigate Modern Business and Compliance Challenges. FedRAMP advisory requires senior, technically experienced support, to engineer creative, enduring cloud security and compliance solutions. We guarantee our clients dedicated, senior-level expertise. BSIO's core team of Senior Advisors have been architecting secure, compliant clouds for the US federal government since before FedRAMP launched. We’ve worked with diverse technical configurations, across every cloud model, from hyperscale cloud providers to the smallest startups, domestic and internationally.
Compliance & Technical Blade Mastery
There isn’t an engineering or development team anywhere on earth that gets excited about an outside compliance team telling them how to build. Neither do we.
Instead, our cyber-samurai's embed with your engineering and development teams. We understand why they work the way they do. And we help them appreciate the technical security reasons that underpin the more stringent compliance requirements.
Eventually, even the most compliance-weary technical teams quickly learn to trust and respect our guidance as, working together, we chart a course towards a compliant, secure cyber-future.
Our C-suite friendly Senior Advisors combine technical expertise with decades of experience in complex business and government environments. Where possible, we help you efficiently shape existing processes and security programs to achieve compliance. When not, we work with your team to build and present business cases, advise budgets, support go-to-market strategies and maximize your return on investment in FedRAMP compliance.
Our approach is tailored to meet client-specific objectives. Some clients just require a basic gap analysis and staff augmentation support. Others want to outsource their entire security compliance and continuous monitoring programs. We work with every major FedRAMP IaaS provider, including AWS, Google Cloud Platform (GCP), Microsoft Azure, IBM, VMware and Oracle.
We’re also known across the FedRAMP ecosystem, from the Joint Authorization Board (JAB), to the US Cabinet Agencies and across the US Department of Defense. We understand what these organizations look for when assessing, accrediting and choosing Cloud Service Providers. Based on your chosen path to compliance, we can anticipate objections and avoid roadblocks to provide a smooth transition to FedRAMP compliance.
Planning is Essential
FedRAMP is not a low-cost endeavor. If a cloud service provider attempts to jump right into FedRAMP without a preliminary understanding, they may be burdened with undue costs and time delays. Therefore, we always recommend a gap assessment up front, to quickly identify the major items that could hinder a successful assessment.
Establish a ConMon Strategy Early
The key to maintaining a FedRAMP authorization is to have a comprehensive continuous monitoring strategy. This strategy includes maintaining the proper staffing levels, ensuring vulnerability scans are being performed and analyzed on a frequent basis, and closely monitoring all plan of action and milestones on an ongoing basis.
All FedRAMP Firms Are Not The Same
The FedRAMP Marketplace annotates how many assessments a 3PAO has performed and not the number of advisories. Ensure you are working with a 3PAO team that is well-versed in engineering FedRAMP environments of similar scope and complexity of your cloud service offering.
Ensure Federal Mandates Are Met
While there is an extensive set of security requirements in order to achieve FedRAMP authorization, there are core federal mandates that must be fully met to achieve a FedRAMP authorization. The FedRAMP Readiness Assessment Report (RAR) process outlines these requirements are federal mandates. Ensure these federal mandates are in place prior to progressing your authorization.
Why is FedRAMP Important?
In order to sell a cloud service offering to a Federal Agency, the specific offering must obtain a FedRAMP authorization. FedRAMP allows the adoption of the cloud by creating a process with associated standards and templates to document, assess, and authorize cloud service offerings. These offerings are then leveraged across the US Government to eliminate duplicative assessment and authorization efforts that have existed since FISMA became a law.
Why should my organization care?
FedRAMP can, and will, open many doors to your organization. While it may take 2-3 authorizations from Agencies to reap the initial return on investment, it should be noted that the vast majority of cloud service providers have 3 or more authorizations for their offering. There are over 40 providers who have at least 10 authorizations. The benefit of FedRAMP is that the assessment is leveraged across all of these authorizations, both reducing the time to authorization at each agency, as well as the internal time needed to support multiple security assessments living up to FedRAMP’s ‘do once, use many’ framework.
Unsheathe your BLADES.
Contact us to get started. The first step is a one hour introductory and readiness session, to understand your business landscape and gather technical details, while also making sure that we’re a mutual fit. We also offer unbilled follow up calls if you have any additional questions or need consulting advice as you gear up for the FedRAMP marathon.
Following our initial meetings, formal proposals and pricing are submitted within approximately one week. We can kick-off with a dedicated senior-level team within two to three weeks of contract signature.
All Kinds Of Cyber-Blades
Our most advanced team of cyber-samurai’s will provide you the cyber-blades against viruses, ransomware, malware, the latest threats, vulnerabilities and more.
M
4 Million vulnerabilities uncovered each year.
+
Industry-Recognized Certifications
%
Speed & Security. Secure compliant environments in 75% less time
%