FISMA Compliance Requirements Met for Self-Service Cloud Solution

Effectual enabled a Federal Government customer to set up a self-service cloud solution which is secure, compliant, and automated to scale up and down as necessary.

Customer Needs

The Customer wanted to scale out compliant accounts to meet security concerns such as accessing only approved services, protecting centrally managed resources, and ensuring logging and change activity was being captured. The overall issue was ability to consistently provision AWS accounts in a scalable fashion and manage them over time, keeping them up-to-date with newly approved AWS Services. The goal was to provide secure and compliant cloud hosting options while setting up a customer self-service solution.

Our Approach

We assisted the client in creating their entire environment from Infrastructure as Code while implementing a strict change control processes via GitLab. Custom pipelines were created based off the CI/CD framework for structured code. Overall the entire process was automated, eliminating the scalability issue of provisioning accounts. Our resources worked directly alongside the agency resources to document and achieve a FISMA Moderate ATO.

The Benefits

Scalability

The customer was able to quickly provision accounts in a consistent method across multiple geographical locations and regions. The entire environment can be deployed in one hour.

Self-Service

We enabled the customer to securely provision their own infrastructure, standardized methodology, and least-privileged architecture. This methodology ensures security in the cloud for the client.

Management of Resources

The services in AWS monitor both on-premises and AWS cloud environments. The time to provision new accounts was reduced from a month to one minute. The deployments are now consistent and can be saved for later use.