FISMA/FedRAMP. Secure. Compliant.c1advantage’s cloud security practice delivers an in-depth, holistic approach. Our detailed understanding of the stringent framework and control sets mandated by the federal government. c1advantage and its federal partners were the first to certify for one of the most important milestones for both cloud and compliance. It’s time to look at your IT infrastructure and assess how you can gain the cost savings and increased flexibility of a virtual environment. Compliance is not an obstacle; redundancy and scalability in the cloud are important opportunities.

c1advantage’s experience and proven methodologies to assist government agencies and cloud service providers (CSP) to manage the comprehensive Federal Information Security Management Act (FISMA) mandate and associated NIST 800 series of controls. We are positioned to assist CSPs and agencies with Federal Risk and Authorization Management Program (FedRAMP) Security Package Development requirements and preparing FedRAMP applicants for the rigors of the accreditation process. c1advantage offers the following FISMA and FedRAMP consulting services:

Security Development:

  • Hardware/Software Inventory
  • Security Program/Control Gap Assessment
  • FIP-199 Categorization
  • Control Tailoring Workbook Development
  • Control Design and Implementation Oversight (NIST 800-53R3)
  • System Security Plan and other required package Security Control Documentation
  • Incident Response Plan
  • Configuration Management Plan
  • Continuity Plan Development and Stress Test
  • On-going Security Package Management

Risk Assessment & Testing:

  • Security Assessment Planning (SAP development)
  • Define test cases to be executed
  • Define Rules of Engagement
  • Execute Security Vulnerability and Penetration Testing of in-scope assets
  • Complete Security Control Test Cases using NIST 800-53a
  • Assessment Results Report Development
  • Remediation Plan Development