Federal Authorization Services

A comprehensive, compliant approach to gaining FedRAMP authorization

The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. FedRAMP applies a rigorous review process to certify that cloud services meet a strict baseline of security standards.

Compliance with FedRAMP is mandatory for federal agencies and supported by many state and local governments. For Cloud Service Providers (CSP), Independent Software Vendors (ISVs), and solution providers selling commercial-off-the-shelf (COTS) and custom applications, FedRAMP authorization is quickly becoming a requirement to compete and win in an enormous IT market that is increasingly purchasing IT as a service.

The ORock Technologies Difference

ORock has created a comprehensive program to achieve authorization for your application within ORockCloud in only a few short months and at significant savings versus pursuing authorization independently. The program combines a secure, compliant hosting environment with authorization services (provided by an accredited 3PAO and an experienced security consulting firm), along with project management and NOC/SOC services delivered by ORock’s US-based team.

ORockCloud was designed and built to meet the strict security requirements of federal agencies and highly-regulated commercial enterprises. It delivers elastic, scalable, on-demand access to computing, storage, virtualization, networking, performance monitoring, and applications in ORock’s service catalog. It utilizes ORock’s private, carrier-grade fiber network with multiple homogeneous nodes and double encryption to maximize security and performance.

As a Red Hat® Certified Cloud & Service Provider (CCSP), ORock architected ORockCloud as a “pure-play” Red Hat open source environment for enhanced flexibility, modularity, and control. The Red Hat Cloud Suite incorporates: Red Hat Enterprise Linux; Red Hat OpenStack; Red Hat Ceph Storage; Red Hat CloudForms; Red Hat Ansible Tower; Red Hat Satellite; and all associated cloud APIs.

Solutions

ORock Technologies offers distinct programs for Independent Software Vendors (ISVs) and government agencies to accelerate your path to FedRAMP authorization.

ORock FAAS for Independent Software Vendors

ORock’s Federal Application Authorization Services (FAAS) program is a turnkey, compliant, collaborative approach to FedRAMP authorization. FAAS requires authorization from a government customer before initiation. Once you have secured sponsorship, FAAS enables you to achieve authorization (when deployed within the ORockCloud) while reducing time to market and up-front investment.

Successful completion of the FAAS program makes your application available through ORock’s application catalog. The program is customized to your specific requirements and incorporates:

  • Hosting environment in ORockCloud*
  • Application hosting services
  • Security consultant review by Coalfire
  • Third-party assessment by Schellman & Company, an accredited 3PAO
  • Annual 3PAO re-assessments
  • Intra-year re-assessments for major revisions/ releases
  • Addition of your application to the ORockCloud System Security Plan (SSP)
  • Project management to oversee documentation, testing, assessment, and approval
  • US-based NOC and SOC support for management, continuous monitoring, and upgrades/releases
  • Route to market assistance (financing, marketing, contract access)
*  ORockCloud is designated “FedRAMP In Process” at the Moderate Impact Level, with full authorization expected in 2018.

ORock FAAS for Government Agencies

ORock’s Federal Application Authorization Services (FAAS) program is a turnkey, compliant, collaborative approach to FedRAMP authorization. Once you have established sponsorship, FAAS enables you to achieve authorization for applications (when deployed within the ORockCloud) while reducing time to deployment and up-front investment.

Successful completion of the FAAS program makes your application available through ORock’s application catalog. The program is customized to your specific requirements and incorporates:

  • Hosting environment in ORockCloud*
  • Application hosting services
  • Security consultant review by Coalfire
  • Third-party assessment by Schellman & Company, an accredited 3PAO
  • Annual 3PAO re-assessments
  • Intra-year re-assessments for major revisions/ releases
  • Addition of your application to the ORockCloud System Security Plan (SSP)
  • Project management to oversee documentation, testing, assessment, and approval
  • US-based NOC and SOC support for management, continuous monitoring, and upgrades/releases
  • Optional professional services to support application migration and modernization (provided by ORock’s technology partners)
*  ORockCloud is designated “FedRAMP In Process” at the Moderate Impact Level, with full authorization expected in 2018.

To learn more about ORock FAAS, contact us today.

In addition, learn more about ORock solutions for secure cloud and infrastructure as a service, application hosting and migration, and connectivity and mobility.