Customer’s business model is to sell their products such as SDWAN, 5G, and Unified communications to Federal and state agencies by offering the solution as an PaaS/SaaS with end-to-end managed services using public cloud infrastructure. This requires them to be compliant with FedRAMP standards and be listed in the FedRAMP marketplace. Customer was looking for a scalable solution that enables them to achieve FedRAMP High accreditation and accelerate the ATO process within a stringent timelines of less than 11 months.

 

Hitachi Digital Services designed and implemented a compliance platform in the public cloud to support both PaaS & SaaS based model with all the security controls required for FedRAMP High compliance. The platform provides a highly scalable and resilient environment to host multiple products and applications across a multi-tenant architecture.

 

 

 

• Deployed a highly secured landing zone in AWS gov cloud aligning to SCCA architecture and DoD SRG in 11 months.
• Complete platform deployed through Gitlab pipeline using TF automation scripts and Ansible playbooks.
• All applications, tools and services hardened to meet NIST 800-53 r5, STIG and FIPS 140-2 standards.
• Accelerated ATO process by taking a security-by-design approach & compliance automation through OSCAL and ServiceNow GRC.
• 15+ industry leading tools hosted within the platform to provide a robust security and compliance management.
• Created new processes and workflow automation through Okta, CyberArk and ServiceNow integration.
• Implemented ZT architecture principles and a multi-level defense strategy using Mulesoft API gateway as a Policy Enforcement Point (PEP).