Onspring Rapidly Meets FedRAMP ATO Requirements

Cloud Compliance, Quick Deadlines, and Upfront Challenges

Onspring GovCloud is a cloud-based, no-code software platform specializing in governance, risk, and compliance (GRC) process automation. Using Onspring GovCloud, customers structure data, enforce data integrity controls, control access, manage workflow, and report on the overall status of key processes and procedures in real time. Onspring Technologies, LLC (“Onspring”), which offers Onspring GovCloud, wanted to expand into the Federal marketplace and achieve a Federal Risk and Authorization Management Program (FedRAMP) Authority to Operate (ATO) because of increased interest from potential Federal customers in their software products. The lack of a FedRAMP ATO prevented Onspring from signing with Federal customers. Onspring was looking for a solution to enable its Onspring GovCloud SaaS offering to meet the rigorous FedRAMP requirements.

The Key Challenges They Faced

• Small workforce thus limiting the ability to focus full-time on the daunting work to reach a FedRAMP ATO
• Lack of experience in FedRAMP as a whole
• Meeting tight timelines
• Needing a fully dedicated FedRAMP and AWS partner for building and operational support
• Maintaining compliance after the ATO is achieved

A Synthesized Approach with InfusionPoints

Onspring chose InfusionPoints to assist with their ATO journey because InfusionPoints offered the unique partnership they were looking for. Onspring also acknowledged InfusionPoints’ proven track record and strong expertise with FedRAMP requirements related to AWS infrastructure. InfusionPoints was able to collaborate with Onspring and determine the specific needs of their Onspring GovCloud system to obtain a FedRAMP ATO and launch their product into the Federal marketplace for agencies to utilize.

Expert Guidance and an ATO Fast Track with XccelerATOr

Utilizing InfusionPoints’ XccelerATOr compliance automation (based on native AWS cloud services) and our FedRAMP subject matter experts, Onspring was ready to integrate its Onspring GovCloud SaaS offering in a rapid timeline. InfusionPoints walked Onspring through the process and developed several key processes to enable the Onspring GovCloud SaaS to meet FedRAMP requirements. This managed environment paves the way for Onspring to obtain its ATO and shorten its timeline. InfusionPoints’ XccelerATOr automated the configuration of many of the required AWS services to remove many of the ATO-related challenges and allowed Onspring to focus on its core mission while InfusionPoints handled the rest. In addition, InfusionPoints provides the following VNSOC360°services 24/7/365 on AWS resources:

• FedRAMP Continuous Monitoring
• Managed Detection and Response (MDR)
• Extended detection and response (XDR)
• Cyber Threat Hunting
• Vulnerability Management for operating systems and containers
• Static and dynamic code analysis

InfusionPoints’ XccelerATOr Allowed Onspring To:

• Provide widespread knowledge in all areas related to FedRAMP compliance
• Get their Onspring GovCloud application FedRAMP ready to meet their timeline
• Get access to the Federal marketplace at a FedRAMP Moderate level
• Have an efficient FedRAMP Compliant Pathway through consulting and implementation support
• Focus on their core mission while InfusionPoints took care of compliance

"By Utilizing the InfusionPoints XccelerATOr framework, we were able to successfully implement our FedRAMP-compliant software offering, overcoming challengers that seemed insurmountable without InfusionPoints’ help. We were able to wrap up a process that our small team had been working on for more than two years in only a few months.” - Ellen Pantaenius, General Counsel