An Agency sought to migrate to 99% cloud solutions and required support with the testing and evaluation of commercial IaaS, SaaS and PaaS solutions.
Summit worked closely with the cloud solution provider to perform vulnerability scans and manual controls testing in an effort to identify and report security vulnerabilities. IT control matrices were developed to map the internal controls supported by each COTS solution to NIST SP 800-53 r.4 guidance. Summit tested security controls for applications hosted on the Amazon Web Services (AWS) and ServiceNow PaaS offerings. As part of our support, Summit also tested controls for a variety of commercially available SaaS and IaaS solutions.
The project resulted in a series of agency sponsored accreditations for deployed cloud solutions which enabled the Agency to elevate the posture of its FISMA Compliance program. The added benefit of migrating to the cloud reduced agency operating costs and enhanced the security readiness of its network infrastructure.