FedRAMP® Discovery Workshop

Fast-track your FedRAMP authorization with our expert-led cloud security workshop.

Looking to enter the federal cloud services market? FedRAMP requires cloud service providers (CSPs) to obtain an authorization to operate (ATO) a cloud service on behalf of a federal customer. Our comprehensive FedRAMP workshop delivers clarity on your path to cloud security authorization. During the workshop sessions, we will dive deep into your business context, technical systems, and security processes. Through presentations, discussions, and hands-on reviews, we will assess your readiness and map out steps for FedRAMP compliance. You’ll walk away with a gap analysis, roadmap, action plan, and all the information needed to move forward on your FedRamp journey.

Business objectives

  • Discover the gaps between the current environment and the Google best practices that have been established
  • Implement the Google Cloud Security Foundation reviewed and approved by the Google Cybersecurity Action Team (GCAT).
  • Establish a secure baseline environment (landing zone)
  • Create automation for deploying secure workloads in Google Cloud through IaC templates in a multi-project environment
  • Deploy a production workload to the new landing zone
  • Establish confidence in their ability to monitor and maintain the integrity of their environment
Helping teams build powerful solutions that simplify work

Business objectives

  • Discover the gaps between the current environment and the Google best practices that have been established
  • Implement the Google Cloud Security Foundation reviewed and approved by the Google Cybersecurity Action Team (GCAT).
  • Establish a secure baseline environment (landing zone)
  • Create automation for deploying secure workloads in Google Cloud through IaC templates in a multi-project environment
  • Deploy a production workload to the new landing zone
  • Establish confidence in their ability to monitor and maintain the integrity of their environment
Cloud Security and Resilience Foundations
Mask-group-7.png

Focus areas

  • Google Cloud organization structure and policy
  • Authentication and authorization
  • Resource hierarchy and deployment
  • Networking (segmentation and security)
  • Key and secret management
  • Logging
  • Detective controls
  • Billing setup
  • Creating the guardrails for deploying secure applications
  • General security guidance
  • Third-party product security and compliance scan of the current GCP environment (up to 20 projects)

Agenda

  • Introduction: Learn about cloud services used and current security posture; discuss compliance requirements and build FedRamp knowledge.
  • Deep Dive into Requirements: Review 800-53 security controls and continuous monitoring and SSP requirements.
  • Gap Analysis: Evaluate current security controls and compare to FedRamp; identify challenges and areas of improvement.
  • Plan for FedRamp Authorization: Discuss role of 3PAOs, develop preliminary timeline for FedRamp authorization, and discuss costs.
  • Action Planning and Next Steps: Review key findings from workshop, document action plan, map owners for next steps, host final Q&A, and evangelize decisions to senior management and SMEs.

Focus Areas

  • Business/Mission Context – Review organizational goals and FedRamp adoption drivers.
  • Services Architecture – Evaluate planned SaaS, PaaS, and/or IaaS offerings
  • Security Controls Analysis – Gap assessment against NIST 800-53 controls
  • Authorization Options – Guidance on Agency vs. JAB paths
  • Documentation Roadmap – SSP, security assessment plans, etc.
  • Continuous Monitoring – Requirements for ongoing compliance
  • Cost Analysis – Budgeting for FedRAMP process and 3PAO audit 

Our Proof of Concept Approach

Looking for a comprehensive solution to protect your Google Cloud platform? We’ve got you covered. Our PoC helps you configure and use Security Command Center Premium (SCCP) to identify and prioritize your most critical security issues in GCP.  After SCCP reports the findings, we document custom recommendations using the vulnerability and threat information from SCCP to help you remediate the top 20 critical and high issues in your environment. Onix’s risk-based approach ensures you’re focused on the top issues to minimize risk to your business.

Onix is a trusted partner in delivering cloud excellence

Customer stories

Take the next step

Get in touch with our team of cloud experts and architects 

to learn more about our Security Foundations solution.