Coalfire Public Sector, a Division of Coalfire Systems: Fueling the Dreams of Federal Authorization

Rob Barnes, Practice Leader,
“We thought FedRAMP would grow to be something big. So we pulled together a team based in different cities to address what we thought was a growing trend in federal cloud security. This required the knowledge and experience to educate commercial cloud providers on how to meet federal requirements—who traditionally weren’t experienced with federal processes and procedures—and assess them to the requirements,” says Rob Barnes, Public Sector Practice Leader at Coalfire. This led to the formation of Coalfire Public Sector, the Coalfire team that provides assessment and advisory services for nearly half of all cloud service providers pursuing FedRAMP authorizations.

Headquartered in Washington, D.C., Coalfire Public Sector is an accredited Third Party Assessment Organization (3PAO) under the federal government’s FedRAMP program. Founded by Tom McAndrew, Rob Barnes, Nick Son and Marshall England, Coalfire is dedicated to understanding the unique needs of cloud service providers serving the federal government and has been the assessor of major government contractors, commercial service providers, and software developers.

Coalfire offers IT security solutions that specialize in implementing compliance programs and reducing information technology risks, while helping clients achieve a solid security posture and comply with regulatory and legal mandates.

Under FedRAMP, Coalfire offers assessment and advisory services. One of the most popular services is the re-assessment. The Pre-assessment service helps cloud service providers understand their readiness level to complete a full FedRAMP assessment. While gauging the “FedRAMP readiness” of the company, this process increases the likelihood of successfully completing the full FedRAMP assessment, the first time; saving time and money in the long run. Coalfire also provides advisory and assessment services to meet client’s FISMA (Federal Information Security Management Act) authorization needs. From controls mapping of various environments to documentation development for system security plans (SSP) and supporting policies, plans and procedures, to security testing, Coalfire’s solutions are equipped to help organizations prepare for security review and assessments to meet federal cloud security requirements. For assessment engagements, Coalfire provides a final Security Assessment Report (SAR) and also recommends any remediation steps necessary to address ‘risks’ in a Plan of Action and Milestone document (POA&M).
Nick Son, Managing Director, Technology Audit & Advisory Services
Coalfire’s ability to combine cloud and federal expertise with commercial requirements such as HIPAA and PCI is one of the biggest differentiating factors of the firm. The company’s unique, proprietary, platform —–— provides education, tools and templates and programs free to government, military personnel and Coalfire partners, which sets the company apart from other 3PAOs. Microsoft, IBM, VMware, Lockheed Martin, BMC, Cisco, QTS, Time Warner, VirtuStream and leading SaaS providers such as Concur, Autodesk, Apptio and Air-Watch are some of the most illustrious clientele of Coalfire Public Sector.

The success story of Oracle Federal Managed Cloud Services is one of the many examples demonstrating how Coalfire’s breadth of experience resulted in time and cost savings for the client. As Oracle Federal Managed Cloud Services started their FedRAMP process. Coalfire worked with them to develop a concise and efficient assessment program that allowed them to perform just one assessment while creating three reports; optimizing audit time and overall efficiency across multiple standards. This enabled Oracle Federal Managed Cloud Services to not only meet the FedRAMP requirement—a bar passed by less than twenty companies— but also assess to requirements of FISMA High and the Department of Defense (DoD). In addition, the client was able to build a program that helped them expand their service to new areas like the DoD Enterprise Cloud Service Broker (ECSB) program.

Going forward, Coalfire Public Sector’s goal is to help clients with their most challenging information security and compliance requirements and continue its growth of more than 100 percent annually in the federal sector. “Our growth in the market and our team confirms what we thought and allows us to expand relationships with government agencies and commercial providers to protect government data,” says Nick Son, Managing Director, Technology Audit and Advisory Services. The company also plans a steady release of news, educational materials, informative interviews, FAQs and more on This is a priority to support the maturing federal cloud security landscape that includes more than 3,000 users across several cloud service providers and federal agencies.

Coalfire Public Sector, a Division of Coalfire Systems

Washington, D.C.

Rob Barnes, Practice Leader, and Nick Son, Managing Director, Technology Audit & Advisory Services

An accredited Third Party Assessor Organization 3PAO) under the Federal Government’s FedRAMP program that provides assessment or advisory services to the cloud service providers pursuing FedRAMP authorizations