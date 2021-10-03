Global security pioneer and 3PAO Coalfire introduced the FedRAMP 360 managed service solution

October 2021 by Marc Jacob

From strategy, engineering and deployment to ongoing support, FedRAMP 360 delivers a holistic, interconnected go-to-market methodology for Cloud Service Providers (CSPs), SaaS, PaaS and IaaS providers, looking to enter the federal marketplace.

The traditional approach to FedRAMP Authority to Operate (ATO) can cost more than $2 million and take up to 18 months. FedRAMP 360 compresses this process, accelerating CSPs to an audit-ready state in as few as 60 days, resulting in more than 50% operational expense savings and more than 400% return on investment within the first year of authorization.

The FedRAMP 360 hybrid methodology is a bundled strategy, engineering, and managed service approach leveraging Coalfire’s proven capabilities as the largest and most experienced FedRAMP advisory and assessment firm to the CSP market, having supported over 70% of the FedRAMP marketplace. With insights gained since the founding of FedRAMP almost 10 years ago as one of the first 3PAOs, Coalfire’s FedRAMP 360 solution is a three-phase approach designed to navigate cloud providers seamlessly through the entirety of the FedRAMP process:

Advise

Coalfire advisors engage with officers, engineers, and managers to develop a custom business strategy developed around a mission-critical discovery process:

• What is the company’s purpose in pursuing FedRAMP?

• What are the HR and financial costs, and how long will the process take?

• How will staff and external resources be selected and allocated?

• How can ROI be predicted after achieving ATO?

• How is a federal agency sponsor identified and secured?

• Is it necessary to build separate systems for federal vs commercial customers?

• Should the company choose agency or Joint Authorization Board (JAB) path?

Each organization has unique perspectives regarding technology stack, financial limitations, market opportunities, competitive challenges, and ROI metrics that align through the following deliverables:

• Market opportunity and competitive analysis

• Investment and resource requirements

• Technical requirements and boundary determination

• Gap analysis, project scope, and timelines

Migrate

By utilizing pre-engineered automated modules with Coalfire’s Compliance-as-Code, the cloud engineering team builds, deploys, optimizes, and onboards each organization’s system to expedite FedRAMP-compliant cloud architecture requirements within 10 days. This enhances and simplifies the ability to achieve audit-readiness within an average of 60 days using Coalfire’s proven migration methodology:

• Pre-configuration using Infrastructure-as-Code (IaC) for rapid deployment

• Proven project management practices to ensure delivery efficiencies

• Documentation aligned to FedRAMP requirements

• Consulting services to bridge resource, documentation, and technical gaps

Operate

The FedRAMP journey doesn’t end with authorization. Coalfire’s Cloud Managed Services (CMS) practice shares responsibilities with each organization’s security team for ongoing management, maintenance, and monitoring of FedRAMP security requirements across multi-cloud environments. Ongoing system management and optimization within the FedRAMP boundary enable clients to:

• Offload operational burdens allowing resource allocations to refocus more on business success and less on compliance

• Access required skillsets honed with deep expertise to fulfill technical and compliance needs, reduces costs, and improves risk posture

• Ensure compliance with an integrated success manager and advisory services

• Depend on a dedicated, certified cloud operations support staff serving as an extension of the team