Javascript is currently disabled. This site requires Javascript to function correctly. Please enable Javascript in your browser!

  • 3PAO Provider

    Becoming FedRAMP accredited is not a simple undertaking and requires an accredited 3rd Party Assessor Organization (3PAO). JD Biggs & Associates is an accredited 3PAO and has the experience to meet your Cloud Servies assessment needs.

     

    Read more
    3PAO Accredited
  • 3PAO Fed-RAMP

    As a certified 3PAO, our methodology is continuously updated to reflect the changes affecting GSA IT Security Procedures, NIST Publications, FIPS Publications and best practices identified during the assessment process.

     

    Read more
    3PAO Fed RAMP Assessment
  • FISMA Compliance

    Federal Information Security Management Act (FISMA) compliance is complex, resource intensive, moderately expensive and challenging. See how our methodology will navigate you through this process.

     

    Read more
    FISMA Compliance
  • DIACAP

    This methodology is our strategy to complete the assessment and authorization activities on systems for DoD Components and/or Commercial organizations required to comply with DIACAP. The phases in this methodology contain detailed activities that must be performed by qualified members of the DIACAP Team.

     

    Read more
    FISMA Compliance
  • Methodology

    Our methodologies lie at the core of what we offer in an enterprise security program. Our consulting professionals have thirty plus years of experience, hold degrees, security clearances, security professional certifications, and professional affiliations.

     

    Read more
    FISMA Compliance

Our core capabilities include expertise in the critical areas of an enterprise security program.

Read More

Our Methodologies

Our custom methodologies are proven strategies for achieving compliance with FedRAMP / FISMA / DIACAP / HIPAA / NISPOM / CSAM / RMF. Each of these methodologies are based on a combination of federal standards (OMB / NIST / FIPS), industry best practices, as well as being refined through hands-on implementation. Each of our consulting professionals apply these charts as a frame of reference and checkpoint for gauging project deliverables, educating customers on specific requirements and monitoring progress. Federal Agencies and commercial organizations have applied these charts for:

  • Developing Enterprise Policies and Standards
  • Defining Roles and Responsibilities
  • Developing Project Management Plans and Statement of Work (SOW)
  • Cost Projections of FedRAMP / FISMA / DIACAP / HIPAA Projects
  • Human Resource - Conducting Resume Reviews and Candidate Interviews
  • Achieving Annual Security Awareness and Training Requirements
FedRAMP Cloud Services

FedRAMP Cloud Services

A commercial organization offering cloud services to federal agencies or federal agency applications operating in a cloud environment are mandated through General Services Administration (GSA) to become FedRAMP accredited. The Federal Risk Management Program (FedRAMP) program (www.fedramp.gov) applies the federal guidelines developed through the National Institute of Standards and Technology (NIST)

Becoming FedRAMP accredited is not a simple undertaking and requires an accredited 3rd Party Assessor Organization (3PAO). The accreditation of the cloud service offering, results in a Seal of Approval by the Joint Authorization Board (JAB) as a Cloud Service Provider (CSP). Becoming a CSP will add you to the list of FedRAMP approved CSP's for attracting federal agency contracts.

JD Biggs & Associates provide four distinct cloud service offerings for federal agencies and commercial organizations:

Designed for assessing your current cloud solution, determining the condition of required security and privacy artifacts for the authorization package and producing a FedRAMP Roadmap. The FedRAMP Roadmap is a strategy for mitigating identified risks and preparing for the FedRAMP Assessment.

This offering provides the technical knowledge and experience for developing the policies, plans, supporting artifacts that comprise the Security Authorization Package. The contents of this package are assessed by the 3PAO. Our team works directly with your selected stakeholders and develop the individual policies, plans and supporting justification on each security control / enhancements. We apply the OMB Memorandums, NIST, FIPS and FedRAMP publications on the individual artifacts within the authorization package.

The complete FedRAMP Assessment can be completed in 3 – 4 months. Can this timeline be reduced? Absolutely! The testing of NIST SP 800-53 Rev X controls using the NIST SP 800-53A Rev X requires testing individual controls and enhancements. This activity is an extremely time consuming exercise, involving Examination of artifacts / Interviewing selected stakeholders and Testing cloud solution. The 17 FedRAMP Assessment Test Cases can be reviewed at www.fedramp.gov

Another time-consuming activity is performing vulnerability assessments and penetration testing of the Infrastructure / Web Applications / Databases / Virtual Machines. We apply the approved FedRAMP tools to complete this assessment and comply with the FedRAMP guidelines:

After the issuance of an accreditation decision resulting in an Authority to Operate (ATO), don’t think you can put this milestone behind you. FedRAMP requires a 3PAO to perform Continuous Monitoring. This activity involves testing selected controls / enhancements annually, conducting quarterly scans, penetration testing and updating the contents of the security authorization package.

Learn more
PenTest

PenTest

Moderate and High rated systems require penetration testing on an annual basis. A PenTest is required to maintain a compliance with FedRAMP, FISMA and HIPAA. Our PenTester has the Certified Ethical Hacker (CEH) certification and performs these activities on cloud service providers and federal agency cloud systems.Learn more

FISMA Compliance

FISMA Compliance

Federal Information Security Management Act (FISMA) compliance is complex, resource intensive, moderately expensive and challenging. Tackling the five major sections of the legislation and eight components of the agency program begins with an understanding of FISMA that is best communicated using our methodology. Learn more

Asset 1