Headquartered in Washington, D.C., Coalfire Public Sector is an accredited Third Party Assessment Organization (3PAO) under the federal government’s FedRAMP program. Founded by Tom McAndrew, Rob Barnes, Nick Son and Marshall England, Coalfire is dedicated to understanding the unique needs of cloud service providers serving the federal government and has been the assessor of major government contractors, commercial service providers, and software developers.
Coalfire offers IT security solutions that specialize in implementing compliance programs and reducing information technology risks, while helping clients achieve a solid security posture and comply with regulatory and legal mandates.
Under FedRAMP, Coalfire offers assessment and advisory services. One of the most popular services is the re-assessment. The Pre-assessment service helps cloud service providers understand their readiness level to complete a full FedRAMP assessment. While gauging the “FedRAMP readiness” of the company, this process increases the likelihood of successfully completing the full FedRAMP assessment, the first time; saving time and money in the long run. Coalfire also provides advisory and assessment services to meet client’s FISMA (Federal Information Security Management Act) authorization needs. From controls mapping of various environments to documentation development for system security plans (SSP) and supporting policies, plans and procedures, to security testing, Coalfire’s solutions are equipped to help organizations prepare for security review and assessments to meet federal cloud security requirements. For assessment engagements, Coalfire provides a final Security Assessment Report (SAR) and also recommends any remediation steps necessary to address ‘risks’ in a Plan of Action and Milestone document (POA&M).
The success story of Oracle Federal Managed Cloud Services is one of the many examples demonstrating how Coalfire’s breadth of experience resulted in time and cost savings for the client. As Oracle Federal Managed Cloud Services started their FedRAMP process. Coalfire worked with them to develop a concise and efficient assessment program that allowed them to perform just one assessment while creating three reports; optimizing audit time and overall efficiency across multiple standards. This enabled Oracle Federal Managed Cloud Services to not only meet the FedRAMP requirement—a bar passed by less than twenty companies— but also assess to requirements of FISMA High and the Department of Defense (DoD). In addition, the client was able to build a program that helped them expand their service to new areas like the DoD Enterprise Cloud Service Broker (ECSB) program.
Going forward, Coalfire Public Sector’s goal is to help clients with their most challenging information security and compliance requirements and continue its growth of more than 100 percent annually in the federal sector. “Our growth in the market and our team confirms what we thought and allows us to expand relationships with government agencies and commercial providers to protect government data,” says Nick Son, Managing Director, Technology Audit and Advisory Services. The company also plans a steady release of news, educational materials, informative interviews, FAQs and more on FedRAMPcentral.com. This is a priority to support the maturing federal cloud security landscape that includes more than 3,000 users across several cloud service providers and federal agencies.