Federal Authorization Services
A comprehensive, compliant approach to gaining FedRAMP authorization
The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. FedRAMP applies a rigorous review process to certify that cloud services meet a strict baseline of security standards. Compliance with FedRAMP is mandatory for federal agencies and supported by many state and local governments.
For Independent Software Vendors (ISVs) and solution providers selling commercial-off-the-shelf (COTS) and custom applications, FedRAMP authorization is quickly becoming a requirement to compete and win in an enormous IT market that is increasingly purchasing IT as a service.
The ORock Technologies Difference
ORock has created a comprehensive program to achieve authorization for your application faster and at significant savings versus pursuing authorization independently. The program combines a secure, compliant, FedRAMP Moderate hosting environment (ORockCloud) with authorization services (provided by an accredited 3PAO and an experienced security consulting firm), along with project management and managed services delivered by US citizens in ORock’s US-based Network Operations Center (NOC) and Security Operations Center (SOC).
ORockCloud was designed and built to meet the strict security requirements of federal agencies and highly regulated commercial enterprises. It delivers elastic, scalable, on-demand access to computing, storage, virtualization, networking, performance monitoring, and applications in ORock’s service catalog. It utilizes ORock’s private, carrier-grade fiber optic network to maximize security and performance.
As a Red Hat® Premier Certified Cloud & Service Provider (CCSP), ORock architected ORockCloud as a “pure-play” Red Hat open source environment for enhanced flexibility, modularity, and control. The Red Hat Cloud Suite incorporates: Red Hat Enterprise Linux; Red Hat OpenStack; Red Hat Virtualization; Red Hat Ceph Storage; Red Hat CloudForms; Red Hat Ansible Tower; Red Hat Satellite; and all associated cloud APIs.
ORock Technologies offers distinct programs for Independent Software Vendors (ISVs) and government agencies to accelerate the path to FedRAMP authorization.
ORock FAAS for Independent Software Vendors
The ORock FAAS program is a turnkey, compliant, collaborative approach to Fed RAMP authorization for Independent Software Vendors (ISVs). FAAS requires authorization from a government sponsor before initiation. Once you have secured sponsorship, FAAS enables you to achieve Fed RAMP authorization for your commercial-off-the-shelf Software as a Service (SaaS) offering (when deployed within the ORockCloud environment) while reducing time to market and up-front investment.
Successful completion of the program makes your solution available to government customers as a FedRAMP-authorized SaaS offering in the FedRAMP online marketplace (with your own FedRAMP Security Package number) and via ORock’s service catalog. FAAS is customized to your specific requirements and incorporates:
- Hosting – FedRAMP Authorized environment (Moderate Impact Level) and hosting services
- US-based Managed Services (US citizens) – NOC and SOC support (Levels 1 and 2) with a single point of contact for management, support, incident response, and continuous monitoring of the Saas offering and required upgrades/releases
- Security Consultant Review – SSP evaluation by Coalfire
- Third-Party Assessment – Performed by an accredited 3PAO (Schellman) for initial authorization
- 3PAO Re-assessments – Completed annually and intra-year for major revisions and releases
- System Security Plan (SSP) – Inherit ORockCloud’s security controls and receive an SSP that is specific to your offering
- FedRAMP Marketplace Listing – Your own Saas listing and FedRAMP Security Package number on the FedRAMP web site
- Disaster Recovery as a Service – Integrated DRaaS solution for FedRAMP compliance
- Project Management – Provided by ORock staff to oversee documentation, testing, assessment, and approval
- Route to Market Assistance – Financing, contract access, and marketing via ORock’s distributors