“Protecting and Delivering U.S. Government High Impact Applications and Data Every Day”
FedHIVE provides a Federal High Impact Virtualized Environment provision within a physical and logical boundary designed to provide Federal clients an Infrastructure as a Service (IaaS) / Platform as a Service (PaaS) solution that meets or exceeds the FIPS PUB 199 System Security Level of High (sensitive but unclassified information) security controls in which to implement organizational Software as a Service (SaaS) applications. The FedHIVE secure cloud service provides agencies a compliant, scalable, and secure infrastructure capability enabling and supporting platforms or software required for their business or mission success. FedHIVE implements over 425 High Baseline security controls within the boundary to support Federal cloud services requirements for protecting CUI and PII per agency application level ATO security requirements and is currently providing service to multiple Government Agencies (including DoD and TSA) and supporting vendor customers.
“It’s About the Data”
FISMA; FIPS; NIST; FedRAMP what do they all mean? In 2002, the Federal Information Security Management Act (FISMA) was signed into law. FISMA compels each federal agency to build and implement programs to ensure the security (confidentiality, integrity, and availability) of the agency’s information. FISMA relies on the security categorizations and definitions provided by the Federal Information Processing Standards – FIPS (199, 200) to fulfill its goal of ensuring confidentiality, integrity and availability of federal information. In support of FISMA, NIST developed the Risk Management Framework, which defines all FISMA-related security standards and guidance to facilitate the creation of a broad and balanced information security program at each agency. All federal agencies must meet the minimum-security requirements defined in FIPS 200 using the security controls defined in NIST Special Publication 800-53. NIST SP 800-53 provides guidelines for selecting security controls.
The effectiveness of the security controls depends in large part, on whether they are implemented correctly. For this reason, the Federal Risk and Authorization Management Program (FedRAMP) was developed and implemented in 2012. FedRAMP is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services.
“Secure Hosting & Storage Compliance”
Secure hosting and storage compliance takes on several levels of security control management. FedRAMP defines these levels as Impact Baselines.
- High Impact Baseline – Requires 426 NIST 800-53 Security Controls
- Moderate Impact Baseline – Requires 325 NIST 800-53 Security Controls
- Low Impact Baseline – Requires 125 NIST 800-53 Security Controls
FedHIVE is intentionally designed to meet and exceed the FedRAMP High Impact Baseline and DoD Cloud Computing Security Requirements Guide security, privacy and control, and compliance requirements specifically for:
FedHIVE is assessed by a FedRAMP Authorized Third-party Assessor Organization (3PAO). The independent 3PAO provides the FedRAMP PMO with a detailed assessment of FedHIVE compliance with the appropriate Impact Baseline security controls.
“The FedHIVE Journey”
For over 36 years HRTec has served the Armed Forces Community, Federal Agencies, Non-Profits, and private industry with secure worldwide human resources telecommunications networks and hosted services. We have continuously maintained an unusually robust, flexible hosting service that provides fast, reliable linkages around the world. HRTec provides comprehensive technical and security support to our clients. Customer support is our number one priority. We consistently receive accolades for providing high quality support for the systems connected to our worldwide network.
Always mindful of the importance of protecting our U.S. Government customers data, we have a long history of implementing DoD and other agency security policies and controls within our datacenters and our applications, from DoD DIACAP to FISMA then NIST RMF and now FedRAMP.
In 2017, HRTec launched FedHIVE as a Cloud Service Offering (CSO) for IaaS/PaaS. FedHIVE is assessed as FedRAMP Ready at the High Impact Baseline and can be found in the FedRAMP Marketplace as a FedRAMP High Impact Baseline Cloud Service Offering. The FedHIVE team is actively engaged with the FedRAMP PMO and has received First Quarter 2019 Prioritization for FedRAMP Joint Authorization Board (JAB) Provisional Authority to Operate (P-ATO). This is significant as only four other offerings have received High Baseline authorization for IaaS and PaaS. FedHIVE will be the first non-leveraged Small Business full stack offering with a FedRAMP JAB P-ATO. The FedHIVE Secure Cloud Offering provides agencies with a customer service focused, agile, and compliant offering for any agency need outside of national security needs.