The Federal Risk and Authorization Management Program (FedRAMP) is the world’s most demanding cybersecurity standard.
MBL is a FedRAMP Advisor
Since 2015, MBL has partnered with CSPs to engineer secure, compliant cloud solutions. We specialize in helping CSPs achieve and maintain FedRAMP compliance. Our expertise spans every cloud service model: Infrastructure-, Platform- and Software-as-a-Service (IaaS, PaaS and SaaS). We also advise every phase of the FedRAMP process, from planning and preparation, to FedRAMP Ready and initial assessments, and through to continuous monitoring.
Some of our FedRAMP services include:
- Initial consultations and training to help you and your team understand the process and technical complexities of FedRAMP compliance
- Pre-assessment to ensure preparedness for the FedRAMP Provisional Authority to Operate (P-ATO) process
- Continuous monitoring to meet ongoing FedRAMP accreditation requirements
FedRAMP Compliance Approach
Since 2015, we have been building close partnerships with our FedRAMP clients to understand how they approach compliance within the context of their unique business requirements. We then develop enduring security programs, or produce quality assessment reports, that withstand strict government scrutiny while giving federal leaders confidence in the strength of their security posture.
Our approach begins with a painless, efficient scoping conversation. This is quickly followed by a streamlined quote, mapped to specific service packages, designed for easy evaluation.
After kickoff, MBL’s experienced cloud security engineers provide preparatory or advisory services tailored to your requirements. As leaders in the FedRAMP community, we have strong relationships with the JAB and across the Department of Defense (DoD) and civilian agencies. Backed by these relationships and our creative FedRAMP compliance team, we smooth roadblocks and clear the runway to compliance.
Please see below for a representation of our typical packages and services. Each package is not restrictive and is tailored to our customers’ needs.
Led by a senior, experienced FedRAMP lead
Comprehensive review of security documentation
Limited technical testing as appropriate
Creation of a FedRAMP Readiness Report
Engineering, documentation and security consulting support to prepare you for FedRAMP
Services tailored to the technical sophistication of your current team
Services span from limited staff augmentation to fully outsourced FedRAMP management
CONTINUOUS MONITORINGFor clients that have already received a Security Assessment Report
Ongoing work with client team to mitigate previous findings
Quarterly scanning and annual penetration testing
Annual assessment of approx. 1/3 of security controls