Global Leader in Design Software Hardens Its Platform Infrastructure to Meet FedRamp Compliance Requirements Published on June 16, 2023 Challenge This global leader in software for designers, builders, engineers and others has worked to provide a solid platform across a multitude of industries. However, recent changes in FedRamp compliance requirements drove them to develop a new instance of its product platform, hardening their infrastructure for customers in the public sector. Client snapshot: Profile This client is a global leader in design software, with products spanning architecture, engineering, construction, product design, manufacturing, media and entertainment. Client Situation The client company needed to develop a new public sector product platform, replacing one that had been in service for years. This required an architecture designed to meet new FedRamp compliance requirements. Work Performed Protiviti introduced native AWS solutions to create a centralised logging infrastructure, along with multiple out-of-the-box AWS WAF rules. Outcome/Benefits The client now has a secure AWS infrastructure that meets internal security policies and FedRamp requirements. SolutionProtiviti’s approach to addressing the client’s increased security needs was multi-faceted. To ensure success, the team needed to:Design, architect, and develop centralised logging solutions to consolidate and store logs from Amazon CloudWatch, Amazon GuardDuty, AWS Network Firewall, AWS CloudFront, and Amazon Security Hub.Map AWS WAF rules against defined client FedRamp requirements to show compliance with the requirements.Design, test and implement WAF rules in the FedRamp environments.Develop DivvyCloud enforcement testing procedures and templates using Terraform to test new DivvyCloud enforcement rules for non-compliant AWS resources Using AWSAs part of the engagement, Protiviti utilised native AWS solutions to create a centralised logging infrastructure that can be deployed by any application teams in the FedRamp environment. This includes a variety of AWS services used for log sourcing, transformation, streaming, delivery, and storage. AWS Kinesis (Data Streams and Data Firehose), CloudWatch Log Group and S3 were the three primary services used in this design. In addition, multiple out-of-the-box AWS WAF rules were implemented, along with the flexible custom rule feature.OutcomeBy implementing the AWS security suite, Protiviti was able to help the client develop a secure AWS infrastructure that meets not only their internal security policies but also the FedRamp security requirements required by the agencies. Additionally, the detailed documentation and artifacts produced for the client helped them establish compliance in front of FedRamp auditors.Protiviti enabled the client to ensure continuous compliance with FedRamp regulations, that is critical to its business strategy and success. Protiviti empowered the client to ensure continuous compliance with FedRamp regulations, critical to its business strategy. Topics Cybersecurity and Privacy IT Management, Applications and Transformation Risk Management and Regulatory Compliance