Project Hosts has recently released a series of 17 videos that outline the security controls required for FedRAMP compliance of an environment built on Microsoft Azure. IaaS/PaaS services like Microsoft Azure take care of 25-30% of all required FedRAMP security controls, but the remaining 70-75% still need to be put in place. In the series, Project Host CEO Scott Chapman addresses each control family, describing in detail what needs to be implemented above Azure for ISVs who sell to the Federal Government or for Agencies who would like to move applications to the cloud.
Our Federal Private Cloud for Windows and Linux Applications (FPC) provides cloud-based access to Microsoft applications including SharePoint, Project Server, Dynamics CRM, Power BI, Visual Studio, TFS, Remote Desktop, and Office; applications from other commercial software vendors such as AvePoint, BrightWork, Gimmal, Innovative-e, Nintex, UMT360, and Urban Turtle; and open source applications such as Drupal, WordPress and Joomla for agency website content management. A hybrid cloud architecture allows agencies to leverage shared services for some functions (e.g. authentication, monitoring, scanning) while still having the option to choose dedicated servers for applications and databases. This series of videos offers some insight into the controls that make all of this possible.