This week, Project Hosts’ FedRAMP SaaS-compliant Federal Private Cloud was granted an agency Authority to Operate (ATO) by Sites.USA.Gov. With this ATO, US Federal and State Government agencies have the added assurance that another agency has reviewed Project Hosts’ Federal Private Cloud and determined that it meets the regulatory and legislative requirements mandated by FISMA and FedRAMP.
A security controls assessment of the sites.usa.gov environment has been conducted at the Federal Information Processing Standards (FIPS) 199 Low Impact level in accordance with National Institute of Standards and Technology (NIST) Special Publication 800-37 Revision 1, “Guide for Applying the Risk Management Framework to Federal Information Systems”, and the General Services Administration (GSA) IT Security Procedural Guide CIO-IT Security-06-30, “Managing Enterprise Risk”.
The system has been assessed by Valiant Solutions using the assessment methods and procedures required by the system’s assessment process as described in CIO-IT Security-6-30 to determine the level of risk associated with operating the system and the effectiveness of the system’s security controls in satisfying the security requirements of the system. A Plan of Action and Milestones (POA&M) has been developed describing the corrective measures implemented or planned to address any deficiencies in the security controls for the information system and to reduce or eliminate known vulnerabilities.
Based on the level of risk described in the results of sites.usa.gov’s security assessment and the planned actions in its POA&M, I recommend authorization of the sites.usa.gov information system.