High-Security Software-as-a-Service (SaaS) Environment

CloudCheckr has launched a High-Security Software-as-a-Service (SaaS) Environment product—designed for any organization that requires federal IT security standards.

The High-Security SaaS Environment is inspired by:

  • the Federal Information Security Management Act (FISMA)—a US law signed into legislation in 2002 that outlines a framework to protect government information, operations, and assets from natural or man-made threats
  • the Federal Risk and Authorization Management Program (FedRAMP)—a US government program that provides standards on security assessment, authorization, and monitoring of cloud-based resources

Most importantly, our customers can be assured that the same high security and data protection standards incorporated into our self-hosted product have been integrated into the High-Security SaaS Environment product.
In 2019, CloudCheckr will only release the High-Security SaaS Environment product to its US customers. After 2019, CloudCheckr will release this product to a wider customer base.

Features

The table identifies some of the key features in this product:

Feature

Details

Controls

  • Secured by more than 300 NIST 800-53 controls
  • Artificial Intelligence (AI) threat detection analysis
  • Continuously scanned for vulnerabilities

Uptime and Availability

  • Active-Active data center deployment
  • 15-minute Recovery Time Objective (RTO): maximum time to restore functionality in the event of sudden loss of service
  • 99.9% Uptime Service-Level Agreement (SLA)

Managed by Approved Staff

  • Background checks for all CloudCheckr staff

Frequent Software Updates

  • Same software version as commercial SaaS
  • Enabled by CloudCheckr's modern deployment and audit pipeline

Corporate Compliance Friendly

  • Easier customer stakeholder approval via Compliance as a Code

Fast Purchase Approval

  • Provides InfoSec teams with highly detailed and stringent compliance data to expedite the procurement process

NIST 800-53 Controls

NIST 800-53 corresponds to the special publication and database of the same name, which is created and maintained by the National Institute of Standards and Technology (NIST), a division of the US Department of Commerce.

NIST 800-53 Controls represent the security controls and associated assessment procedures defined in NIST SP 800-53 (Revision 4) Recommended Security Controls for Federal Information Systems and Organizations.

Control Families

CloudCheckr's High-Security product includes the following control families:

  • Access Control (AC)
  • Audit and Accountability (AU)
  • Awareness and Training (AT)
  • Configuration Management (CM)
  • Contingency Planning (CP)
  • Identification and Authentication (IA)
  • Incident Response (IR)
  • Maintenance (MA)
  • Media Protection (MP)
  • Personnel Security (PS)
  • Physical and Environmental Protection (PE)
  • Planning (PL)
  • Risk Assessment (RA)
  • Security Assessment and Authorization (CA)
  • System and Communications Protection (SC)
  • System and Information Integrity (SI)
  • System and Services Acquisition (SA)


How did we do?