Speed Time to ATO With FASTTR

Meeting government security requirements is a strenuous, costly, and time-consuming obligation for enterprises providing mission-critical solutions to defense and government agencies as well as customers in other highly regulated industries.

Organizations need a method for meeting FedRAMP, CMMC or FISMA requirements that is fast and efficient without costing millions of dollars to implement. To solve this problem, stackArmor developed the Faster ATO with Splunk, Telos and ThreatAlert® for Regulated Markets (FASTTR) program.

The ThreatAlert® ATO Accelerator, offered via FASTTR on AWS, reduces the time and cost to achieve FedRAMP, FISMA and CMMC Authority to Operate by 40%.
FASTTR on AWS brings together three innovative cybersecurity solutions to benefit independent software providers and regulated defense contractors that are required to comply with complex government security regulations, such as FedRAMP, FISMA, CMMC and soon, StateRAMP.
    • Continuous Monitoring

      ThreatAlert® includes post-ATO continuous monitoring services covering all required weekly, monthly and annual activities such as POAM reporting. End-to-end continuous monitoring support includes, without limitation:

      • Cloud configuration scanning
      • Code vulnerability analysis
      • Compliance reporting
      • Container vulnerability scanning
      • IDS/IPS monitoring
      • Incident management
      • SIEM integration
      • User and data monitoring
      • Web vulnerability scanning
      • Web application scanning
    • ATO

      The ThreatAlert® ATO Accelerator supports FedRAMP High, Moderate, and Low; DOD CC SRG IL-2, IL-4, and IL-5; and CMMC Level 3, Level 4 and Level 5, including CUI. A key part of the solution includes assistance with understanding the ATO framework, including Agency ATO, FedRAMP P-ATO and DoD P-ATO as part of the DOD Cloud Computing Security Requirements Guide (SRG). Getting listed on the FedRAMP marketplace is critical for commercial ISVs and organizations looking to provide their cloud service offering to government customers. The solution also includes support for the emerging StateRAMP ATO.

    • Assessment Support

      Ensuring the success of an ATO project is of paramount importance. That’s why ThreatAlert includes assessment support activities such as availability for PMO interviews, support for 3PAO and C3PAO audits and evidentiary information in support of the ATO, and more.

      The solution relies on reports and artifacts from Splunk and Telos Xacta, amongst other services, to deliver supporting evidence required during an assessment.

    • Compliance Documentation

      The ThreatAlert® compliance documentation package includes a pre-filled suite of policies, procedures, plans and control descriptions to speed time to ATO and reduce advisory costs. Documentation package management is highly simplified using Xacta® 360, the cyber risk management and compliance automation solution from Telos that features AWS control inheritance and Open Security Controls Assessment Language (OSCAL) data exchange capabilities.

    • NIST Security System

      ThreatAlert® is a fully NIST-compliant General Support System for the cloud. It covers all major NIST security control families, including, and not limited to:

      • Alerting
      • Authentication
      • Antivirus/Malware
      • Boundary protection
      • Cloud monitoring
      • Compliance reporting
      • Centralized logging
      • Hardening
      • Multifactor access
      • Privileged access management
      • Security information and event management (SIEM)
      • Threat intelligence
      • Vulnerability management

      Splunk is an integral part of the security system, providing logging, monitoring and alerting services in compliance with auditability, configuration management and continuous monitoring control families.

    • Government Authorization Boundary

      The ThreatAlert® ATO Accelerator is deployed “in-boundary” within customers’ cloud accounts using AWS Landing Zone. The purpose-built authorization boundary ensures separation of network, application and data, systems management and security functions. All security services are NIST compliant and deployed in a single sprint to help save time and money.

    • Government Standards

      The ThreatAlert® ATO Accelerator is designed from the ground up to be compliant with government security standards such as FIPS, CIS benchmarks and DISA STIGs.

    • AWS

      FASTTR brings together three innovative cybersecurity solutions to benefit independent software providers and regulated defense contractors that are required to comply with complex government security regulations, like FedRAMP, FISMA, CMMC and soon, StateRAMP. The ThreatAlert® ATO Accelerator is optimized for AWS GovCloud and AWS US Commercial regions (East/West) that offer FedRAMP and DOD-accredited cloud services and cloud-native security services.

FASTTR Together
  • stackArmor ThreatAlert® ATO Accelerator reduces time and cost of FedRAMP, FISMA/RMF and CMMC ATOs by 40%
  • Telos’ Xacta® – automated compliance solution with AWS control inheritance capabilities and OSCAL integration
  • Splunk® Security Analytics – quickly detect, triage and automate compliance and monitoring
  • AWS – cloud services in the AWS GovCloud (US) and Commercial (East/West) region
To learn more about FASTTR on AWS and how it can help reduce the time and cost of your FedRAMP, FISMA/RMF or CMMC project, contact us.