How to Successfully Plan, Implement and Support DoD IL5 Customers

As DoD agencies continue to migrate sensitive workloads to the cloud, it is important to ensure that those workloads are deployed at Impact Levels 4 and 5 in accordance with the rigorous DoD Cloud Computing Security Requirements Guide (SRG). Systems categorized at Impact Level 5 (IL5) may host non-public unclassified National Security System (NSS) (i.e. U-NSI) system data or non-public unclassified data. Working to support the path to IL5 is facilitated both by stackArmor’s proprietary ThreatAlert® Authority To Operate (ATO) accelerator and the company’s experience in supporting the technical and architectural implementation of IL5 controls. ThreatAlert® ATO Accelerator provides a proven, independently verified secure digital platform that includes (1) a landing zone, (2) an inbound Cloud General Support System (GSS), and (3) DOD IL5 Package/SSP compliance controls (System security plan).

stackArmor provides our customers with a set of implemented security controls, evidence and artifacts, and necessary continuous monitoring reports that support the successful completion of a system’s authorization and assessment phase. This pre-packaged solution results in a significant reduction in the time and effort associated with deploying a compliant FedRAMP High IL5 system and achieving its ATO.

IL-5 and data isolation requirements

When stackArmor is asked to implement a FedRAMP+ DoD IL5 environment for DoD customers, we prioritize two key primary technical requirements required for IL5 scope – compute and memory isolation. These isolation requirements, detailed in Section 5 (Security Requirements) of the Cloud Computing SRG, are met using the tested and hardened StackArmor architecture built on top of the AWS GovCloud infrastructure.

StackArmor also ensures the security and compliance of our customers’ IL5 environments by supporting the system with personnel who are US citizens and have passed full background checks.
In addition, all virtual instances within the IL5 environment are configured as “dedicated instances”, ensuring that the hosts and the storage running on the hosts operate in a physically and virtually segmented operating environment, separating the data from all other tenants within of the CSP data is isolated Center.

Continuous monitoring and IL5

stackArmor provides continuous monitoring (ConMon) and managed services for customers’ DoD IL5 environments through complex system alerts, customer-centric dashboards, and the performance of planned and unplanned monitoring activities. These activities include but are not limited to; weekly audit log correlation analysis, daily technical work sessions, bi-weekly security and compliance review meetings, and weekly vulnerability scanning on all components of the platform. The technical work sessions are collaborative meetings that give the customer the opportunity to discuss details of application and platform development activities. The security and compliance meetings are conducted in close coordination with our client’s cybersecurity department. Vulnerabilities discovered during the ConMon process are documented as service tickets. Resources and priorities are assigned to these tickets to ensure they are mitigated within the required timeframe of IL5. Cybersecurity and operational alerts are configured within the environment to automate critical severity alerts that have pre-defined workflows and playbooks to ensure a fast and effective response for our customers.

ThreatAlert® security platform with support for IL5

A key component that drives operational efficiencies and provides a single view of our customers’ security and compliance is stackArmor’s ThreatAlert® security platform. ThreatAlert® provides a unified security platform to address the complex security and compliance requirements of FedRAMP+ DOD IL5. The fully managed platform is deployed inbound and provides direct access to critical security services for border protection, access controls, continuous monitoring such as security information and event management (SIEM), host-based security system (HBSS) and incident response, reporting, vulnerability scanning and web application scanning. stackArmor’s continuous monitoring and security operations team uses these tools on a daily basis to support its customers’ DoD IL5 environments. The platform supports the implementation of a true continuous ATO (cATO) function, including the use of a hardened CI/CD pipeline with integration for automated execution of critical compliance activities.

*** This is a Security Bloggers Network syndicated blog from Blog – stackArmor, written by stackArmor. Read the original post at: