Description | ISV Partner | Project Hosts |
Ensure that any ISV Partner personnel that will be accessing the environment to install, update or configure application software (tasks marked with an asterisk below) have training, authorization, and network access to be able to access the environment | R,A | C |
Review Source code (source code static + dynamic analysis) | R,A | I |
Package application for deployment and make available | R,A | I |
Develop installation / configuration instructions | R,A | C |
Develop system architecture documentation | C | R,A |
Document resource requirements (Servers, PaaS services, etc.) | R,A | C |
Develop and deliver training on the application | R,A | R,A |
Set up virtual machinesand Azure PaaS services | C | R,A |
Set up and maintain access control and firewall rules | C | R,A |
Set up, install, harden and maintain servers(OS and middleware) | C | R,A |
Set up, configure, harden and maintain database | C | R,A |
Install and configure application* | R,A | C |
Set up and configure SSO/SAML authentication | C | R,A |
Modify deployment to achieve the most secure configuration consistent with operational requirements | R | R,A |
Identify security vulnerabilities by monthly application scanning | C | R,A |
Apply updatesand fixes to servers/OS/database | C,I | R,A |
Develop fixes to application vulnerabilities | R,A | C,I |
Apply application fixes* | R,A | C,I |
Manage changes and maintain change ticket audit records | C | R,A |
Implement DR procedures when necessary | C,I | R,A |
Implement Incident Response when necessary | C,I | R,A |
Communicate Incident information to End Customers | R,A | C |
Create HITRUST Policies and Procedures | C,I | R,A |
Answer End Customer compliance questions and provide requested artifactual evidence | C,I | R,A |
Maintain HITRUST certification of the underlying PaaS | I | R,A |
Onboard new End Customers* | R,A | R |
Apply End Customer-specific configuration settings(e.g. account level options, branding, logos, templates, etc.)* | R,A | R,C |
Provision new ISV Partner users | A | R |
Provision new End Customer users | A | R |
Monitor server/PaaS resource usage | I | R,A |
Provide URLs for application monitoring | R,A | I |
Monitor application uptime | C,I | R,A |
Monitor resource usage | I | R,A |
Customer Support (Level 1)* | R,A | R,A |
Application support (Level 2 and 3)* | R,A | C,I |
System support (Level 2 and 3) | C,I | R,A |
There is a growing need for FedRAMP authorized applications for federal agencies and the DoD. With this growing need, more consultants have entered the world of FedRAMP by assisting software vendors with their authorization. Unfortunately for the software vendors, this route is expensive and leaves them with the heavy-lifting of maintaining continuous compliance after getting authorization. The good news is that there are other options.
Project Hosts, a FedRAMP authorized CSP, has been getting software vendors compliant and authorized since FedRAMP became mandated by the federal government. Software vendors can inherit compliance by leveraging our FedRAMP certified Azure platform. Project Hosts carries a 100% success rate in getting software vendors authorized, and has the list on the FedRAMP marketplace to prove it. We have more ATOs (19 active) than any other platform claiming to provide similar services.
What are your options?
Consultants incorporate tools to help your SaaS become FedRAMP compliant. But those tools are not FedRAMP authorized, so they have to be incorporated into your authorization. Project Hosts provides a FedRAMP-authorized PaaS that covers 80% of FedRAMP controls, so the additional amount for an auditor, agency, and FedRAMP to authorize your application is very small.
Model:
You don’t want to be responsible for maintaining 3rd party tools in your environment when there is a turnkey solution available to you. Do you want to be responsible for passing an audit and navigating the agency ATO process, or would you rather we do it for you, leveraging our relationships with the dozens of agencies that have already granted ATOs to our PaaS and the SaaS solutions on top of it?
Consultants are expensive. Some, such as Coalfire have a better-than-average success rate. Do you want to pay that price? Do you want to be responsible for the audit or have Project Hosts take care of it – acting as your compliance department on behalf? Others present a great sales pitch, but leave their customers without authorization after more than two years in the process. Be sure to talk to their customers and pay close attention their success rate. Project Hosts’ pricing is straightforward and transparent.
Success: Project Hosts’ PaaS is FedRAMP authorized. Visit our listing on FedRAMP.gov to see the “Dependent Products”. These ISVs have obtained their own FedRAMP authorization.
We will get you a FedRAMP authorization within nine months with transparent costs and no surprises.