top of page

GovPoint Authorization Partner Overview

Overview

MIS Sciences Corporation (MIS) is a FedRAMP authorized Cloud Service Provider (CSP) for IaaS/PaaS/SaaS with a JAB P-ATO. MIS offers FedRAMP authorized cloud services under GovPoint Cloud Services (GCS).


Without FedRAMP authorization, it is difficult, if not impossible, to offer a cloud service or application to the Federal Government. Obtaining a FedRAMP authorization is expensive and time-consuming, costing up to $2.5 million and taking 9-24 months. Even after nearly a million dollars in expenses in becoming FedRAMP Ready, there are no guarantees of being accepted into the FedRAMP program.


MIS is continually looking for services and applications that can complement its current FedRAMP offerings, thus offering a broader range of services at a reduced cost to Federal and State government agencies.


The accepted service or application will optionally be included in the MIS GSA MAS IT 70 schedule for sale to Government agencies as a FedRAMP authorized product.


As an SBA Woman Owned Small Business, it opens additional Government opportunities to sell your product, service, or offering.

What types of offerings does MIS consider for a partner relationship?

MIS accepts three offerings: hardware and physical appliances, software and virtual appliances, and Extended Boundary. Each has different requirements and involves various processes.

 

Hardware Appliances

 

Offerings include storage, specialty computing, specialized environments such as AIX, HPC, Security, etc., and client-specific environments. These are part of IaaS/PaaS and cannot be standalone components. They must be part of a complete IaaS environment, which MIS provides.

As an Infrastructure as a Service (IaaS) component, they must comply with all applicable NIST 800-53 Rev5 controls.

Software Applications and Virtual Appliances

 

Offerings include any application that allows an end user to complete specific tasks, such as accounting, security, development, HR, management, etc., just about anything that helps an end user run their business.

As a Software as a Service (SaaS), they must comply with all applicable NIST 800-53 Rev5 controls. As a SaaS, they are standalone and inherit all applicable NIST 800-53 Rev5 controls from the underlying MIS IaaS/PaaS.

 

Extended Boundary

 

An Extended Boundary is when a partner has a dedicated infrastructure environment with a specific purpose, such as storage pods, specialized compute environments, customer environments, etc., and needs FedRAMP authorization. Extended boundaries are usually hosted in commercial data centers and can comply with the rigid FedRAMP security controls.

An Extended Boundary is an Infrastructure as a Service (IaaS) component and must comply with all applicable NIST 800-73 controls. Once approved, it becomes a part of the MIS GSC FedRAMP security boundary.

How To Become a GovPoint FedRAMP Cloud Partner

Initial Evaluation

 

Contact MIS Sciences for an initial evaluation to determine if your service or offering will be a good fit and considered for further processing. MIS will discuss requirements and associated fees.

 

Hosting Requirements

 

NOTE: Does not apply to Extended Boundary

 

The vendor's hardware, application, or service must be hosted within the MIS infrastructure. The version of the hardware, application, or service must be the version that will be offered to FedRAMP clients.

This permits MIS to perform the required security and compliance evaluations and to test compatibility within the MIS GCS environment.

Hosting is mandatory and must be completed before any other steps occur. Standard hosting fees apply based on the current MIS GCS price schedule.

 

Security Evaluation

 
Software Applications and Virtual Appliances

MIS requires the vendor to configure a production version of their application within the MIS Test Environment. The application must be fully functional and have all the components and functionality offered to the end user.

MIS will perform a security and compliance evaluation to determine FedRAMP compliance and identify deficiencies. MIS will provide the vendor with a list of vulnerabilities and deficiencies and recommendations for remediation.

MIS may require a pre-assessment from a 3PAO to identify possible compliance deficiencies and work with MIS to prepare the SCR for JAB approval. The vendor is responsible for the costs of this pre-assessment.

Before onboarding, the vendor must remediate all Critical, High, and Moderate issues and any identified compliance deficiencies

.

Hardware Appliances

MIS requires that the vendor configure their hardware appliance within the MIS test environment. This must include all hardware and networking components and connectivity, as well as all operating systems and applications offered to the end user.

MIS will perform a security and compliance evaluation to determine FedRAMP compliance and identify deficiencies. MIS will then provide the vendor with a list of vulnerabilities and deficiencies and recommendations for remediation.

Before onboarding, the vendor must remediate all Critical, High, and Moderate issues and any identified compliance deficiencies.

Extended Boundary

MIS requires a FedRAMP security controls gap analysis and pre-assessment of the partner infrastructure and data center conducted by a 3PAO to identify any issues and compliance deficiencies and to assist in preparing the SCR for JAB approval. The partner is responsible for the gap analysis and pre-assessment costs. This is a mandatory requirement.

Before onboarding, the vendor must remediate all Critical, High, and Moderate issues and any identified deficiencies.

 

Onboarding

 

Host your Application or Hardware (Does not apply to Extended Boundary)

Host your application or hardware at MIS within the GPC FedRAMP environment. Fully configure the application or hardware for production as a client will use it. This step does not grant independent FedRAMP authority; your application or hardware is only part of the MIS GCS FedRAMP environment and is not yet MIS FedRAMP P-ATO until the SCR process has been completed.

 

The current published MIS GCS hosting fees apply.

 
​For information, download the information sheet.
bottom of page