Global Leader in Design Software Hardens Its Platform Infrastructure to Meet FedRamp Compliance Requirements

Solution

Protiviti’s approach to addressing the client’s increased security needs was multi-faceted. To ensure success, the team needed to:

• Design, architect, and develop centralised logging solutions to consolidate and store logs from Amazon CloudWatch, Amazon GuardDuty, AWS Network Firewall, AWS CloudFront, and Amazon Security Hub.
• Map AWS WAF rules against defined client FedRamp requirements to show compliance with the requirements.
• Design, test and implement WAF rules in the FedRamp environments.
• Develop DivvyCloud enforcement testing procedures and templates using Terraform to test new DivvyCloud enforcement rules for non-compliant AWS resources
   

Using AWS

As part of the engagement, Protiviti utilised native AWS solutions to create a centralised logging infrastructure that can be deployed by any application teams in the FedRamp environment. This includes a variety of AWS services used for log sourcing, transformation, streaming, delivery, and storage. AWS Kinesis (Data Streams and Data Firehose), CloudWatch Log Group and S3 were the three primary services used in this design. In addition, multiple out-of-the-box AWS WAF rules were implemented, along with the flexible custom rule feature.

Outcome

By implementing the AWS security suite, Protiviti was able to help the client develop a secure AWS infrastructure that meets not only their internal security policies but also the FedRamp security requirements required by the agencies. Additionally, the detailed documentation and artifacts produced for the client helped them establish compliance in front of FedRamp auditors.

Protiviti enabled the client to ensure continuous compliance with FedRamp regulations, that is critical to its business strategy and success.