NicheITS Niche information technology solutions nicheits fedramp cmmc iso27001 soc1 soc2 cyber security compliance cloud engineering afwerx hosting cybersecurity maturity model gap analysis aws azure google onprem architecture federal agency agencies Risk management Framework RMF NIST 800-53 ATO documentation Office365 migration advisory services SAAS IAAS SecAAS Microsoft redhat platform1 plateformone DISA STIG CIS baseline configuration hardening cm-2 DOD Department of Defense Army Navy Marine 8500.2 8500.1 Impact Level IL4 IL5 IL6 governance risk jab conmon steelcloud configos exchange sharepoint dynamics365 adfs active directory

AIR FORCE AFWERX Program

Niche Information Technology Solutions, in collaboration with our industry partners, work to empower and provide, industry leading subject matter, expertise, and advisory services for small to large businesses. Companies engaged with the AFWERX program and seeking to engage in FedRAMP, CMMC, and other compliance frameworks, will meet phase 2 and 3 requirements with their sponsoring agency.

NicheITS has developed turn-key, rapid-deploy solutions to assist organizations with policy, procedures, and compliance baseline templates in Sharepoint and Confluence document management solutions. Rapid deployment of baseline FedRAMP ATO documentation accelerates efforts working toward full Authority-To-Operate (ATO) documentation packages. NicheITS’ documentation packages can also assist with organizations looking to meet Department of Defense (DoD) Cybersecurity Maturity Model Certifications (CMMC) as an individual or parallel initiative.

AFWERX EXPERIENCE

NicheITS works, in collaboration with, various capture management companies, as a trusted partner to educate, provide webinars for topics, surrounding FedRAMP and CMMC requirements. NicheITS and our staff work to quickly respond to all questions and guide AFWERX customers through various subject matter areas of the program. In 2020 NicheITS worked to partner, educate, and provide roadmaps for compliance to over 20 AFWERX companies, that either had a FedRAMP and/or CMMC requirement.

NO COST ASSISTANCE

NicheITS understands that roughly 90% of the customers we’ve engaged with are anywhere from 3-10 organizational personnel. Because of this factor, NicheITS has developed a wide array of documentation, touching on topic points surrounding PlatformOne. We address the Pro’s and Con’s of leveraging the platform and future roadmaps for organizations. We assist those who would like to start in PlatformOne, but also need to scale out their business beyond the Air Force.

BUILDING OUT AN ORGANIZATIONAL COMPLIANCE PROGRAM

NicheITS leverages several in-house developed Sharepoint and Confluence sites that provide turn-key compliance, program start-ups, surrounding the NIST 800-53 / Risk Management Framework (RMF), compliance standard with which FedRAMP and CMMC are based from. Program deployments, which include, a pre-developed, comprehensive set of policies, procedures, and predefined organizational documents required to accelerate any organizations NIST 800-53 compliance framework deployment. Contact sales to request a demo of our confluence site templates .

Compliance Services

ADVISORY SERVICES

NicheITS provides expert advisory services that empower Cloud Service Providers (CSP), everything that is needed to pass assessments and obtain/renew their Authority-To-Operate (ATO). By leveraging NicheITS advisory services, CSP’s receive the guidance required to enhance and/or refine organizational security documentation and procedures to meet requirements.
NicheITS advisory services can involve various CSP Information Systems (IS) and service models to ensure that timelines are defined and executed on, organizational deficiencies in system architecture and policies are mended, understanding of FedRAMP controls and procedures is achieved, annual audits and ATO renewal process is smooth, with dedicated continuous monitoring, all while following NicheITS’ methodology, proven to reduce time and cost.
NicheITS conducts readiness or gap analysis to determine completion of deliverables and project timelines for FedRAMP ATO package submissions.

AUTHORITY TO OPERATE PACKAGE SERVICES

FedRAMP requires, that all federal agencies, and their respective Cloud Providers, to submit documentation outlining their cloud computing capability and associated security measures that are implemented. This Assessment and Authorization (A&A) process will include a Security Plan, which will provide a description of the system, including, but not limited to, its purpose, location, and technical capabilities.
Additionally, the Security Plan will also contain implementation statements, addressing how the system is compliant with the controls listed within the 800-53. Alongside the Security Plan, the A&A package will also include an organizational Contingency Plan/Disaster Recovery Plan, Configuration Management Plan, Risk Assessment, and Security Assessment Report.

ONPREM AND CLOUD ENGINEERING SERVICES

NicheITS staff are selected not only for their significant background in compliance understanding, but for having significant past performance, with strong, hands-on, engineering background.
NicheITS engineering staff come from enterprise environments, where AWS, Azure, Google GCP, on-Prem, Vmware, and OpenStack solutions are common. NicheITS engineering services empower clients to tackle the most challenging architectural implementation and operational requirements, for cloud-based applications, products, and platforms on public, private, and hybrid environments.

Continuous Monitoring Services

NicheITS provides Continuous Monitoring services for organizations which have FedRAMP and/or Cybersecurity Maturity Model Certification (CMMC) requirements. For organizations engaged with FedRAMP the process for developing, maintaining and submitting ConMon requirements does not stop with a successful assessment and authorization.

NicheITS employs staff with extensive background in solutions such as Qualys, Tenable and Rapid7 to lead and maintain organization vulnerability scanning requirements.

NicheITS facilitates the following expertise in Continuous Monitoring:

  • Development and Training on the process for maintaining the authorization once the authorization has been granted by a federal agency and/or the JAB.
  • Development and maintenance of weekly, monthly, quarterly, and annual reporting checkpoints.
  • Control assessments and penetration testing to be performed annually or more frequently if introducing a significant change request by the CSP.
  • Vulnerability scans to be performed monthly, with reporting provided to the FedRAMP PMO each month based on the results of those scans

GAP ANALYSIS SERVICES

NicheITS facilitates pre-assessments in order to provide organizations an enhanced level of understanding of what is required to obtain FedRAMP Authorization. Prior to the assessment, the pre-assessment is engaged on, by trained FedRAMP professionals, that customize their expertise to your organization’s needs.
The NicheITS pre-assessment follows FedRAMP assessment requirements, while focusing on a subset of controls selected specifically for the Cloud Service Provider (CSP) system. The selected 800-53 controls are based on the FedRAMP critical controls with agreement from the CSP.
This approach provides a cost effective, value added approach, for assessing the readiness of a CSP, for FedRAMP Authority-To-Operate (ATO). NicheITS offers pre-assessment services to evaluate assessment readiness and provide a timeline of FedRAMP Authorization.

Interested in Professional Services? Talk with our Team and Start Preparing for Compliance Services​!

Fill out the contact form below to get an assessment of your organization’s readiness for these upcoming changes.

Talk with our NicheITS team! Fill out the form on this page or email us at [email protected]

Request afwerx compliance services