We Protect Our Client’s Most Critical Information Assets
Our cybersecurity consulting and development teams have successfully led dozens of projects through the ATO process and FedRamp certification. With an organizational goal of obtaining a 0% risk score for each of our clients, Gunnison has emerged as a true leader in cybersecurity for the Federal government. We have recently worked with the US Census (achieving ATT, ATO for the GUPS system in four months).
Authority to Operate (ATO) & Facilities
Our experience to establish remote processing facilities for federal clients includes:
- Establishing multiple redundant dedicated internet connections
- Building physically separated LAN segments
- Adhering to cable management guidelines. e.g. color coding interconnects according to the networks data classification.
- Establishing Point-to-Point VPN connectivity to our clients primary site
- Providing secure storage facilities with 24×7 video surveillance
- Implementation of access control and logging via Datawatch
- Implementation of environmental controls such as emergency lighting, environmental monitoring, fire alarm, and fire suppression
Recent Cybersecurity Projects:
Authority to Operate – GUPS (US Census)
GUPS, a desktop GIS application developed for the US Census. Achieved ATT and ATO for the GUPS system in only 4 months.
- Performed code level security review of application
- Performed internal FIPS-199 data classification
- Achieved Low data classification based vs initial agency recommended Medium classification
- Conducted security related tasks within the Agile framework
- Ultimately obtained a 0% risk score
- Prepared system description for Agency security staff
Cloud Infrastructure Migration
Gunnison recently migrated 3 systems into the Aws Gov Cloud for the U.S Census. During this process we helped define the technologies and techniques required for a successful migration and for a successful Certification and Accreditation process. All three systems achieved an ATO.
Gunnison also recently support a commercial client in migrating 3 of their Commercial SaaS offerings to AWS Gov Cloud with a goal of FedRAMP High certification. Again, we helped drive the technologies and techniques required for a successful migration to Gov Cloud and a FedRAMP High certification.
Specific Tasks Included:
- Performing a gap analysis against the NIST 800.53 High Controls.
- Recommending tools and Techniques close gaps
- Creating User Stories with detailed acceptance criteria to close gaps across 3 Agile Development teams
- Preparing documentation required to satisfy a FedRAMP high assessment to include:
- FedRAMP System Security Plan
- Privacy Impact Assessments
- Privacy Threshold Analysis
- Rules of Behavior
- Configuration Management Plan
- Incident Response Plan
- System Inventory
- Separation of Duties Matrix
Take the Next Step
Inquire Through Our Contact Form