Our cybersecurity consulting and development teams have successfully led dozens of projects through the ATO process and FedRamp certification. With an organizational goal of obtaining a 0% risk score for each of our clients, Gunnison has emerged as a true leader in cybersecurity for the Federal government. We have recently worked with the US Census (achieving ATT, ATO for the GUPS system in four months).
Authority to Operate (ATO) & Facilities
Our experience to establish remote processing facilities for federal clients includes:
- Establishing multiple redundant dedicated internet connections
- Building physically separated LAN segments
- Adhering to cable management guidelines. e.g. color coding interconnects according to the networks data classification.
- Establishing Point-to-Point VPN connectivity to our clients primary site
- Providing secure storage facilities with 24×7 video surveillance
- Implementation of access control and logging via Datawatch
- Implementation of environmental controls such as emergency lighting, environmental monitoring, fire alarm, and fire suppression
Recent Cybersecurity Projects:
Authority to Operate – GUPS (US Census)
GUPS, a desktop GIS application developed for the US Census. Achieved ATT and ATO for the GUPS system in only 4 months.
- Performed code level security review of application
- Performed internal FIPS-199 data classification
- Achieved Low data classification based vs initial agency recommended Medium classification
- Conducted security related tasks within the Agile framework
- Ultimately obtained a 0% risk score
- Prepared system description for Agency security staff
Cloud Infrastructure Migration
Gunnison recently migrated 3 systems into the AWS Gov Cloud for the U.S Census. During this process we helped define the technologies and techniques required for a successful migration and for a successful Certification and Accreditation process. All three systems achieved an ATO.
Gunnison also recently support a commercial client in migrating 3 of their Commercial SaaS offerings to AWS Gov Cloud with a goal of FedRAMP High certification. Again, we helped drive the technologies and techniques required for a successful migration to Gov Cloud and a FedRAMP High certification.
Specific Tasks Included:
- Performing a gap analysis against the NIST 800.53 High Controls.
- Recommending tools and Techniques close gaps
- Creating User Stories with detailed acceptance criteria to close gaps across 3 Agile Development teams
- Preparing documentation required to satisfy a FedRAMP high assessment to include:
- FedRAMP System Security Plan
- Privacy Impact Assessments
- Privacy Threshold Analysis
- Rules of Behavior
- Configuration Management Plan
- Incident Response Plan
- System Inventory
- Separation of Duties Matrix