Amazon AWS Department of Defense (DoD) Cloud Computing (CC) Security Requirements Guide (SRG) Consulting and Advisory
Arlington provides comprehensive Amazon Web Services (AWS) consulting, advisory, and implementation services for DoD contractors having to comply with the Department of Defense (DoD) Cloud Computing (CC) Security Requirements Guide (SRG). Per a DoD memorandum put forth in December, 2014, “...For more sensitive DoD unclassified data or missions…[the] DoD has developed cloud security requirements and guidance that go beyond FedRAMP…”.
As such, the Cloud Computing (CC) Security Requirements Guide (SRG) outlines the security model by which DoD will leverage cloud computing, along with the security controls and requirements necessary for using cloud-based solutions. The CC SRG applies to DoD-provided cloud services and those provided by a contractor on behalf of the department, i.e., a commercial cloud service provider or integrator.
Corresponding Case Studies
How Arlington Can Help DoD Mission Owners Operating in AWS
Arlington offers the following advisory services for helping DoD mission owners operating within AWS in implementing all required Cloud Computing (CC) Security Requirements Guide (SRG) measures, FedRAMP reporting, and more:
System Architecture Design & Development
As a DoD mission owner leveraging the services of AWS, it's imperative to understand the overall system architecture, design, and development of such an environment, and its impact on your organization. Arlington offers proven services and solutions for helping DoD contractors assess, design - and implement - all required technical cloud based specifications into their AWS environments. From better understanding AWS’ Shared Responsibility Model to helping develop security policy rules - and so much more - Arlington has you covered.
Security Policies and Procedures
Arlington offers customized information security policy writing services for helping DoD mission owners develop all necessary documentation for their AWS environments. A large part of today’s DoD mandated compliance measures require extensive policies and procedures to be in place, and we deliver with our NIST RMF documents that have been developed in accordance with the NIST SP 800 series publications.
Programs, Plans, and other Essential Documentation
DoD mission owners leveraging the services of AWS need to have a wide-range of programs and plan specific documents in place, those that go beyond basic policies and procedures. From incident response programs to business continuity plans, insider threat programs - and more - Arlington has the expertise for developing all required documentation for DoD contractors. What’s more, such documents are also a strict requirement for earning FedRAMP authorization to operate (ATO).
Complete Lifecycle of FedRAMP Services
Arlington offers the following FedRAMP services and solutions for DoD mission owners leveraging AWS: (1). Scoping & gap assessments. (2). Documentation & remediation. (3). System Security Plan (SSP) development. (4). 3PAO RFP services for finding you the best assessor. (4). Complete end-to-end project management for the entire FedRAMP process.
Arlington can both develop and implement a comprehensive, yet highly efficient continuous monitoring program as required for cloud computing compliance requirements. Controls have to be regularly inspected and monitored - and corrected - if deficiencies are found. We have years of experience working with DoD contractors regarding cloud security, along with deep expertise in designing customized continuous monitoring programs for AWS environments.