Federal Authorization Services

A comprehensive, compliant approach to gaining FedRAMP authorization

The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. FedRAMP applies a rigorous review process to certify that cloud services meet a strict baseline of security standards.

Compliance with FedRAMP is mandatory for federal agencies and supported by many state and local governments. These agencies face the daunting task of moving legacy government off-the-shelf (GOTS) applications to the cloud and gaining authorization in a timely, cost-effective manner.

For Independent Software Vendors (ISVs) and solution providers selling commercial-off-the-shelf (COTS) and custom applications, FedRAMP authorization is quickly becoming a requirement to compete and win in an enormous IT market that is increasingly purchasing IT as a service.

The ORock Technologies Difference

ORock has created a comprehensive program to achieve authorization for your application in only a few short months and at significant savings versus pursuing authorization independently. The program combines a secure, compliant hosting environment (FedRAMP Moderate) with authorization services (provided by an accredited 3PAO and an experienced security consulting firm), along with project management and managed services delivered by ORock’s US-based Network Operations Center (NOC) and Security Operations Center (SOC).

ORockCloud was designed and built to meet the strict security requirements of federal agencies and highly regulated commercial enterprises. It delivers elastic, scalable, on-demand access to computing, storage, virtualization, networking, performance monitoring, and applications in ORock’s service catalog. It utilizes ORock’s private, carrier-grade fiber optic network with no upstream CSP to maximize security and performance.

As a Red Hat® Premier Certified Cloud & Service Provider (CCSP), ORock architected ORockCloud as a “pure-play” Red Hat open source environment for enhanced flexibility, modularity, and control. The Red Hat Cloud Suite incorporates: Red Hat Enterprise Linux; Red Hat OpenStack; Red Hat Virtualization; Red Hat Ceph Storage; Red Hat CloudForms; Red Hat Ansible Tower; Red Hat Satellite; and all associated cloud APIs.

Solutions

ORock Technologies offers distinct programs for Independent Software Vendors (ISVs) and government agencies to accelerate the path to FedRAMP authorization.

ORock FAAS for Independent Software Vendors

ORock’s Federal Application Authorization Services (FAAS) program is a turnkey, compliant, collaborative approach to FedRAMP authorization. FAAS requires authorization from a government customer before initiation. Once you have secured sponsorship, FAAS enables you to achieve authorization while reducing time to market and up-front investment.

Successful completion of the FAAS program makes your application available through ORock’s application catalog. The program is customized to your specific requirements and incorporates:

  • Hosting environment in ORockCloud (FedRAMP Moderate)
  • Application hosting services
  • Security consultant review by Coalfire
  • Third-party assessment by Schellman & Company, an accredited 3PAO
  • Annual 3PAO re-assessments
  • Intra-year re-assessments for major revisions/ releases
  • Addition of your application to the ORockCloud System Security Plan (SSP)
  • Project management to oversee documentation, testing, assessment, and approval
  • US-based NOC and SOC support for management, continuous monitoring, and upgrades/releases
  • Route to market assistance (financing, marketing, contract access)

ORock FAAS for Government Agencies

ORock’s Federal Application Authorization Services (FAAS) program is a turnkey, compliant, collaborative approach to FedRAMP authorization. Once you have established sponsorship, FAAS enables you to achieve authorization for applications while reducing time to deployment and up-front investment.

Successful completion of the FAAS program makes your application available through ORock’s application catalog. The program is customized to your specific requirements and incorporates:

  • Hosting environment in ORockCloud (FedRAMP Moderate)
  • Application hosting services
  • Security consultant review by Coalfire
  • Third-party assessment by Schellman & Company, an accredited 3PAO
  • Annual 3PAO re-assessments
  • Intra-year re-assessments for major revisions/ releases
  • Addition of your application to the ORockCloud System Security Plan (SSP)
  • Project management to oversee documentation, testing, assessment, and approval
  • US-based NOC and SOC support for management, continuous monitoring, and upgrades/releases
  • Optional professional services to support application migration and modernization (provided by ORock’s technology partners)

To learn more about ORock FAAS, contact us today.

In addition, learn more about ORock solutions for secure cloud and infrastructure as a service, application hosting and migration, and connectivity and mobility.