FedRAMP Cloud Services

FedRAMP ISVs and Apps

Website FedRAMP Cloud

SharePoint FedRAMP Cloud

CRM FedRAMP Cloud

PPM FedRAMP Cloud

Microsoft FedRAMP ISVs

Salesforce FedRAMP ISVs

 

ISV FedRAMP PROGRAM OVERVIEW:

FedRAMP SaaS Compliant in a Project Hosts' CloudISVs and Solution Providers who want to sell their application as cloud service to U.S. federal and state government agencies must meet the GSA’s FedRAMP program standards at the SaaS level.

Project Hosts is a Cloud Service Provider (CSP) that provides FedRAMP SaaS-level compliant cloud services in Azure for Microsoft  solutions based on Windows, SQL Server, SharePoint, Project Server, Dynamics CRM and a host of ISV applications. 

ISVs with applications that run on these platforms can partner with Project Hosts to deliver their solutions from a FedRAMP SaaS-level compliant cloud on Azure Gov. Project Hosts’ ISV FedRAMP Program includes these essential services: 

A more complete process definition can be found below.

By working with Project Hosts, your software applications can be hosted and tested in our Private Federal Cloud environment. We perform the necessary tests and create the documentation necessary to ensure that your application runs in our Federal Private Cloud environment and continue to meet all of the 325 security controls required for SaaS-level FedRAMP compliance. 

We have a host of ISVs that have worked with us, and are now offering their applications from a FedRAMP SaaS-level compliant cloud.  These include: 

OUR ISV PROGRAM AND PROCESS:

The goal of the ISV FedRAMP program is to ensure that ISV application software, which is an add-on to our existing Federal Private Cloud environment (such as a SharePoint-based application) is deployed and available from our FedRAMP SaaS-compliant cloud.  Throughout this process, we work with our assessor, a certified 3PAO, and the GSA to ensure all necessary tests and activities are performed correctly.  A summary of this process is outlined below. 

Our FedRAMP Add-on Application Process: 

  1. ISV provides us with a high level architecture describing how their application is typically deployed.  
  2. We determine whether adding the application to our Federal Private Cloud would be considered a minor change or a major change. Major changes require a re-assessment by the 3PAO.
  3. We have the ISV sign an agreement that satisfies the required FedRAMP System and Services Acquisition (SA) controls.
  4. We deploy the ISV’s App(s) onto virtual server(s) in our FedRAMP test environment.
  5. We run vulnerability scans on the test environment at the OS, Database and Applications level.
  6. We report findings to the ISV and work with them to correct any issues; if any are found.
  7. We ensure the overall environment meets the total 325 security controls as required by FedRAMP rev4  SaaS-Level Compliance; examples include ensuring FIPS compliance, implementing executable whitelist restrictions, configuring log correlation, and more
  8. If adding the software is considered a major change to the environment by our FedRAMP-certified 3PAO (assessor), we have the environment re-assessed with the ISV software included in it 
  9. We follow our Configuration Change Control process to include the ISV’s App in our FedRAMP-compliant System Security Plan and associated documents.
  10. We work with ISV to create an announcement they can use and get it approved by the GSA’s Director of FedRAMP

WHAT'S THE DIFFERENCE BETWEEN FedRAMP IaaS, PaaS and SaaS COMPLIANCE?

Understanding the differences between IaaS, PaaS and SaaS FedRAMP compliant environments is a critical factor when choosing a Cloud Service Provider (CSP) and selling your application solution to federal and state government agencies.

IaaS and PaaS FedRAMP compliant platforms are just that – they are Infrastructure- and Platform-  as-a-Service offerings. FedRAMP IaaS and PaaS- compliant cloud platforms such as Azure Gov,  are tested and meet the security controls for that (IaaS/PaaS) level of of support. Simply deploying your application on a IaaS/PaaS compliant platform does not make it SaaS-compliant.  To ensure SaaS-level compliance, you must ensure that the 325 FedRAMP security controls are in place, have been tested, documented and been validated by the GSA. 

 


"…many organizations have needs for deep customization, white-glove services, or support for complex models like hybrid hosting. For these customers, Project Hosts' PPM Custom Cloud offers a great option."

Ludovic Hauduc, General Manager of the Microsoft Project Business Unit
Some of Our Clients
Microsoft Partner
Gold Cloud Platform certification
Gold Hosting
Gold Project and Portfolio Management
Silver Collaboration and Content
Silver Data Analytics
Project Hosts twitter    Project Hosts Linkedin    Project Hosts Google+    Project Hosts Blog