“Protecting and Delivering U.S. Government Data and Applications Every Day.”
Question & Comments: Email us at: fedhive@hrtec.net
FedHIVE provides a Federal High Impact Virtualized Environment provision within a physical and logical boundary designed to provide Federal clients an Infrastructure as a Service (IaaS) solution that meets or exceeds the FIPS PUB 199 System Security Level of High (sensitive but unclassified information) security controls in which to implement organizational Software as a Service (SaaS) applications. The FedHIVE secure cloud service provides agencies a compliant, scalable, and secure infrastructure capability enabling and supporting platforms or software required for their business or mission success. FedHIVE implements over 400 High Baseline security controls within the boundary to support Federal cloud services requirements for protecting CUI and PII per agency application level ATO security requirements and is currently providing service to multiple Government Agencies (including DoD and TSA) and supporting vendor customers.
“It’s About the Data”
FISMA; FIPS; NIST; FedRAMP what do they all mean? In 2002, the Federal Information Security Management Act (FISMA) was signed into law. FISMA compels each federal agency to build and implement programs to ensure the security (confidentiality, integrity, and availability) of the agency’s information. FISMA relies on the security categorizations and definitions provided by FIPS (199, 200) to fulfill its goal of ensuring confidentiality, integrity and availability of federal information. In support of FISMA, NIST developed the Risk Management Framework, which attempts to define all FISMA-related security standards and guidance to facilitate the creation of a broad and balanced information security program at each agency. All federal agencies must meet the minimum-security requirements defined in FIPS 200 using the security controls defined in NIST SP 800-53. NIST Special Publication 800-53 provides guidelines for selecting security controls. This document also defines the risk assessment, security assessments, physical and environmental security, maintenance, access control, accountability, audit, etc. NIST uses the “Trustworthiness” model to satisfy the security requirements of the controls.
The effectiveness of the security control depends, in large part, on whether they are implemented correctly. For this reason, the Federal Risk and Authorization Management Program (FedRAMP) was developed and implemented in 2012. FedRAMP is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services.
“Secure Hosting & Storage Compliance”
Secure hosting and storage compliance takes on several levels of security control management. FedRAMP defines these levels as Impact Baselines.
- High Impact Baseline –Requires 421 NIST 800-53 Security Controls
- Moderate Impact Baseline – Requires 325 NIST 800-53 Security Controls
- Low Impact Baseline – Requires 125 NIST 800-53 Security Controls
FedHIVE is intentionally designed to meet and exceed the FedRAMP High Impact Baseline and DoD Cloud Computing Security Requirements Guide security, privacy and control, and compliance requirements specifically for:
-
Infrastructure Isolation
-
Storage Scalability
-
Data Encryption
-
Privacy Protection
-
Network Connectivity
-
Data Management
-
Identity Management
-
Continuous Monitoring
FedHIVE is assessed by a FedRAMP Authorized Third-party Assessor Organization (3PAO). The independent 3PAO provides the FedRAMP with a detailed assessment on the commercial provider’s compliance with the appropriate Impact Baseline security controls.
“The FedHIVE Journey”
For over 30 years HRTec has served the Armed Forces Community, Federal Agencies, Non-Profits, and private industry with secure worldwide human resources telecommunications networks and hosted services. We have continuously maintained an unusually robust, flexible intranet services that providing fast, reliable linkages around the world. HRTec provides comprehensive technical and security support to our clients. Customer support is our number one priority. We consistently receive accolades for providing high quality support for the systems connected to our worldwide network.
Always mindful of the importance of protecting our U.S. Government customers data, we have a long history of implementing DoD and other agency security policies and controls within our datacenters and our applications, from DoD DIACAP to FISMA then NIST RMF and now FedRAMP.
In 2017, HRTec launched its Federal High Impact Virtualized Environment (FedHIVE). FedHIVE is a Cloud Service Offering (CSO) for Infrastructure-as-a-Service (IaaS). FedHIVE is now a FedRAMP Ready CSO meeting High Impact Baseline security controls and includes additional enhancements beyond the 421 required security controls. The FedHIVE team is actively engaged with the FedRAMP PMO and in the process of obtaining a FedRAMP Joint Authorization Board (JAB) Provisional Authority to Operate (P-ATO) at the High Impact Baseline. This is significant as only four other offerings have received this level of authorization for IaaS and PaaS. FedHIVE is likely to be the first non-leveraged Small Business single stack offering. The FedHIVE Secure Cloud Offering provides agencies with a customer service focused, agile, and compliant offering for any agency need outside of national security needs.