ConMon-as-a-Service
Earthling Security’s ConMon-as-a-Service™ is a bundled and automated solution composed of secure cloud products and customized professional services intended for the federal government. Available in AWS, Google Cloud Platform & Microsoft Azure!
ConMon-as-a-Service is a flexible full cloud stack service offering that is managed by our proprietary dashboard and integrated with Native AWS services, selected open source tools and partner commercial products.
ConMon-as-a-Service includes all the requirements for an organizations software application or a platform to attain a FedRAMP Authority to Operate in order to sell their cloud based services to the government. We offer services covering everything from planning, strategy and design, to sponsorship, security controls, 3PAO preparation, SecOps and Continuous Monitoring.
Over the last few years, cloud computing has been slowly but surely moving towards the federal government. More and more agencies are starting to see the drastic cost and efficiency benefits of the cloud over 'On Premise' or Co-location hosting. Among some of the factors that caused reluctant adoption, security seemed to be the most visible. The FedRAMP Program addresses the new risks and security concerns that are associated with this new technology.
The Federal Risk and Authorization Management Program (FedRAMP) was developed to provide a cost-effective, risk-based approach for the adoption and use of cloud services within the federal space. FedRAMP sets forth guidelines and requirements for agencies and vendors to adequately assess, authorize, and monitor cloud services and products throughout its lifecycle.
Experienced FedRAMP 3PAO
Earthling Security is highly involved in vetting and researching cloud security and compliance in the federal government. We have extensive and unique experience with major players in the Federal Government as well as various Cloud Service Providers.
FedRAMP will use a conformity assessment process to demonstrate that cloud computing services offered by Cloud Service Providers (CSP) meet specified security requirements. This assessment will be conducted in accordance with the latest revision of NIST 800-53 security control standards and the additional FedRAMP controls issued by GSA.
FedRAMP Continuous Monitoring
Earthling Security has established a Continuous Monitoring Program that accounts for all the repeatable processes and reporting per the FedRAMP CONOPS requirements. Standard Operating Procedures are simplified by identifying the NIST SP 800-53A validation points as well as the GSA reporting frequencies.
- Incident Response Testing
- DR/CP Testing
- Comprehensive Reporting
- Annual Assessment Planing
- FedRAMP A & A Maintinence
- Significant Change Management
- Penetration Testing
- 3PAO Management
FedRAMP Advisory & Documentation
In the realm of compliance, there are a lot of little things which are required to provide a complete and accurate package. For example, in order to conduct the testing of the 800-53 controls and the FedRAMP controls, there are various artifacts that will need to be in place in order for the organization to validate compliance with NIST standards.
Earthling Security has developed a method for conducting a Gap analysis on cloud systems deriving from various guidelines and methods, as well as from related experience. Our approach consists of thoroughly reviewing any current documentation in place, including policies and procedures and aligning them according to the latest FedRAMP and NIST standards. Ask about our Gap Analysis Methodology!
FedRAMP requires for all federal agencies and their respective Cloud Providers to submit documentation outlining their cloud computing capability and associated security measures that are implemented. This Assessment and Authorization (A&A) process will include a Security Plan which will provide a description of the system including but not limited to, its purpose, location, and technical capabilities.
Additionally, the Security Plan will also contain implementation statements addressing how the system is compliant with the controls listed within the 800-53. Alongside the Security Plan, the A&A package will also include an organizational Contingency Plan/Disaster Recovery Plan, Configuration Management Plan, Risk Assessment, and Security Assessment Report.
