Earthling Security’s ConMon-as-a-Service™ is a bundled and automated solution composed of secure cloud products and customized professional services intended for the federal government. Available in AWS, Google Cloud Platform & Microsoft Azure!
ConMon-as-a-Service is a flexible full cloud stack service offering that is managed by our proprietary dashboard and integrated with Native AWS services, selected open source tools and partner commercial products.ConMon-as-a-Service includes all the requirements for an organizations software application or a platform to attain a FedRAMP Authority to Operate in order to sell their cloud based services to the government. We offer services covering everything from planning, strategy and design, to sponsorship, security controls, 3PAO preparation, SecOps and Continuous Monitoring.
Over the last few years, cloud computing has been slowly but surely moving towards the federal government. More and more agencies are starting to see the drastic cost and efficiency benefits of the cloud over 'On Premise' or Co-location hosting. Among some of the factors that caused reluctant adoption, security seemed to be the most visible. The FedRAMP Program addresses the new risks and security concerns that are associated with this new technology.
The Federal Risk and Authorization Management Program (FedRAMP) was developed to provide a cost-effective, risk-based approach for the adoption and use of cloud services within the federal space. FedRAMP sets forth guidelines and requirements for agencies and vendors to adequately assess, authorize, and monitor cloud services and products throughout its lifecycle.
Experienced FedRAMP 3PAO
Earthling Security is highly involved in vetting and researching cloud security and compliance in the federal government. We have extensive and unique experience with major players in the Federal Government as well as various Cloud Service Providers.
FedRAMP will use a conformity assessment process to demonstrate that cloud computing services offered by Cloud Service Providers (CSP) meet specified security requirements. This assessment will be conducted in accordance with the latest revision of NIST 800-53 security control standards and the additional FedRAMP controls issued by GSA.
Preparing for the FedRAMP 3PAO Audit
Kick off with FedRAMP JAB or Sponsoring Agency
Orientation with FedRAMP 3PAO
Management of Technical & Operational Controls
FedRAMP Continuous Monitoring
Earthling Security has established a Continuous Monitoring Program that accounts for all the repeatable processes and reporting per the FedRAMP CONOPS requirements. Standard Operating Procedures are simplified by identifying the NIST SP 800-53A validation points as well as the GSA reporting frequencies.
- Incident Response Testing
- DR/CP Testing
- Comprehensive Reporting
- Annual Assessment Planing
- FedRAMP A & A Maintinence
- Significant Change Management
- Penetration Testing
- 3PAO Management