Cloud Compliance, Quick Deadlines, and Upfront Challenges

Onspring GovCloud is a cloud-based, no-code software platform specializing in governance, risk, and compliance (GRC) process automation. Using Onspring GovCloud, customers structure data, enforce data integrity controls, control access, manage workflow, and report on the overall status of key processes and procedures in real time. Onspring Technologies, LLC (“Onspring”), which offers Onspring GovCloud, wanted to expand into the Federal marketplace and achieve a Federal Risk and Authorization Management Program (FedRAMP) Authority to Operate (ATO) because of increased interest from potential Federal customers in their software products. The lack of a FedRAMP ATO prevented Onspring from signing with Federal customers. Onspring was looking for a solution to enable its Onspring GovCloud SaaS offering to meet the rigorous FedRAMP requirements.

The Key Challenges They Faced

• Small workforce thus limiting the ability to focus full-time on the daunting work to reach a FedRAMP ATO
• Lack of experience in FedRAMP as a whole
• Meeting tight timelines
• Needing a fully dedicated FedRAMP and AWS partner for building and operational support
• Maintaining compliance after the ATO is achieved

A Synthesized Approach with InfusionPoints

Onspring chose InfusionPoints to assist with their FedRAMP ATO journey because InfusionPoints offered the unique partnership they were looking for. Onspring also acknowledged InfusionPoints’ proven track record and strong expertise with FedRAMP requirements related to AWS infrastructure. InfusionPoints was able to collaborate with Onspring and determine the specific needs of their Onspring GovCloud system to obtain a FedRAMP ATO and launch their product into the Federal marketplace for agencies to utilize.

Expert Guidance and an ATO Fast Track with XccelerATOr

Utilizing InfusionPoints’ XccelerATOr compliance automation (based on native AWS cloud services) and our FedRAMP subject matter experts, Onspring was ready to integrate its Onspring GovCloud SaaS offering in a rapid timeline. InfusionPoints walked Onspring through the process and developed several key processes to enable the Onspring GovCloud SaaS to meet FedRAMP requirements. This managed environment paves the way for Onspring to obtain its ATO and shorten its timeline. Additionally, InfusionPoints provided audit support and guided Onspring through the initial 3PAO assessment efficiently. InfusionPoints’ XccelerATOr automated the configuration of many of the required AWS services to remove many of the ATO-related challenges and allowed Onspring to focus on its core mission while InfusionPoints handled the rest. In addition, InfusionPoints provides the following VNSOC360°services 24/7/365 on AWS resources:

• FedRAMP Continuous Monitoring
• Managed Detection and Response (MDR)
• Extended detection and response (XDR)
• Cyber Threat Hunting
• Vulnerability Management for operating systems and containers
• Static and dynamic code analysis

InfusionPoints’ XccelerATOr Allowed Onspring To:

• Provide widespread knowledge in all areas related to FedRAMP compliance
• Get their Onspring GovCloud application FedRAMP Moderate authorized
• Get access to the Federal marketplace at a FedRAMP Moderate level
• Have an efficient FedRAMP Compliant Pathway through consulting and implementation support
• Focus on their core mission while InfusionPoints took care of compliance

"The InfusionPoints XccelerATOr framework allowed Onspring to quickly lay down the Onspring GovCloud Platform on top of the security and management plane, saving Onspring weeks worth of configuration and, on an ongoing basis, reducing Onspring's workload with respect to management and continuous maintenance." - Ellen Pantaenius, General Counsel

InfusionPoints is your independent, trusted partner and is dedicated to assisting you with building your secure and compliant business solutions, managing your security controls, and defending your consumer, employee, and supply chain information. We are a strategy and technology cyber security consulting firm that is comprised of experienced security professionals. We take an independent approach to infuse security and privacy into the people, processes, and technologies within your business solution lifecycle to support decision making and guide ongoing planning, design, implementation, and operational activities. The foundation for infusing cyber security extends beyond simply providing traditional technology solutions; we empower the people who maintain, administer, and use the business solutions along with the processes that guide their activities.