top of page

Authorization as a Service

Overview

MIS Sciences Corporation (MIS) is a FedRAMP-authorized Cloud Service Provider (CSP) for IaaS, PaaS, and SaaS, with a FedRAMP Provisional Authorization to Operate (P-ATO). Notably, GovPoint Cloud Services was initially authorized by the FedRAMP Joint Authorization Board (JAB). MIS offers FedRAMP-authorized cloud services through GovPoint Cloud Services (GCS).

Without FedRAMP authorization, offering a cloud service or application to the Federal Government is challenging, if not impossible. Obtaining FedRAMP authorization is both expensive and time-consuming. It requires sponsorship from a federal agency, can cost up to $2.5 million, and typically takes 12 to 24 months to achieve.

Authorization as a Service provides a pathway for companies to obtain FedRAMP authorization for their products by joining the MIS GovPoint Cloud Services suite of FedRAMP-authorized offerings -  authorization can be achieved within weeks,

As a Small Business Administration (SBA) Woman-Owned Small Business, MIS also opens up additional government opportunities for selling products, services, or solutions.

What types of offerings does MIS consider for Authorization as a Service?

MIS accepts three offerings: hardware and physical appliances, software and virtual appliances, and Extended Boundary. Each has different requirements and involves various processes.

 

Hardware Appliances

 

Offerings include storage, specialty computing, specialized environments such as AIX, HPC, Security, etc., and client-specific environments. These are part of IaaS/PaaS and cannot be standalone components. They must be part of a complete IaaS environment, which MIS provides.

As an Infrastructure as a Service (IaaS) component, they must comply with all applicable NIST 800-53 Rev5 controls.

Software Applications and Virtual Appliances

 

Offerings include any application designed for end users to perform specific tasks, such as accounting, security, development, human resources, management, and more—essentially anything that supports business operations.

As a Software as a Service (SaaS), the application must adhere to all relevant NIST 800-53 Rev5 controls and can inherit applicable controls from the underlying FedRAMP Joint Authorization Board (JAB) Infrastructure as a Service (IaaS) or Platform as a Service (PaaS).

Extended Boundary

 

An Extended Boundary refers to a dedicated infrastructure environment designed for specific purposes, such as storage pods, specialized computing environments, or customer environments, requiring FedRAMP authorization. These Extended Boundaries are typically hosted in commercial data centers and must adhere to strict FedRAMP security controls.

As an Infrastructure as a Service (IaaS) component, an Extended Boundary is required to comply with all applicable NIST 800-53 Rev 5 controls. Once it receives approval, it becomes part of the MIS GovPoint Cloud Services FedRAMP authorization boundary.

How To use Authorization as a Service

Initial Evaluation

 

Contact MIS Sciences for an initial evaluation to determine if your service or offering will be a good fit and considered for further processing. MIS will discuss requirements and associated fees.

 

Hosting Requirements

NOTE: Does not apply to Extended Boundary

 

The vendor's hardware, application, or service must be hosted within the MIS FedRAMP infrastructure to ensure the inheritance of all necessary underlying NIST 800-53 security controls. This requirement is essential for enabling Authorization as a Service.

The version of the hardware, application, or service must be the one provided to FedRAMP clients.

The application or services may be hosted on another FedRAMP-authorized platform, such as AWS, Azure, or a private data center.


NOTE: In certain circumstances, the aplication or services may be hosted in AWS, Azure, Google, or a private datacenter. MIS approval is required, additional assessments may be required and additional costs may be incurred.

 

Security Evaluation

 
Software Applications and Virtual Appliances

MIS requires the vendor to configure a production version of their application within the MIS Test Environment. The application must be fully functional and have all the components and functionality offered to the end user.

MIS will perform a security and compliance evaluation to determine FedRAMP compliance and identify deficiencies. MIS will provide the vendor with a list of vulnerabilities and deficiencies and recommendations for remediation.

MIS may require a pre-assessment from a 3PAO to identify possible compliance deficiencies and work with MIS to prepare the SCR for JAB approval. The vendor is responsible for the costs of this pre-assessment.

Before onboarding, the vendor must remediate all Critical, High, and Moderate issues and any identified compliance deficiencies

.

Hardware Appliances

MIS requires vendors to configure their hardware appliances within the MIS Test Environment. This configuration must include all hardware and networking components, operating systems, and applications available to end users.

Like the software evaluation, MIS will perform a security and compliance evaluation to determine FedRAMP compliance and identify potential weaknesses. The vendor will receive a list of vulnerabilities and weaknesses, along with recommendations for remediation.

Before onboarding, the vendor must resolve all critical, high, and moderate issues and any identified compliance deficiencies.

Extended Boundary

MIS requires a gap analysis of FedRAMP security controls and a pre-assessment of the infrastructure and data center. A 3PAO must conduct this assessment to identify any issues and compliance deficiencies.

 

Onboarding

 

Host your Application or Hardware (Does not apply to Extended Boundary)

Host your application or hardware at MIS within the GCS FedRAMP environment or other FedRAMP environments (if MIS approves). Ensure the application or hardware is fully configured for production, as the client will use it. Please note that this step does not grant independent FedRAMP authorization; your application or hardware is only part of the MIS GCS FedRAMP environment and is not authorized until the Authorization as a Service process has been completed and approved.

 

The current published MIS GCS hosting fees apply.

Documentation

​Working with MIS, completing the security analysis documentation, working with the MIS 3PAO for any assessments, and including the application in the MIS FedRAMP Marketplace services offering.


Optionally, you may also complete the documentation to allow MIS to add the services or applications to their GSA MAS IT 70 schedule.

​For information, download the information sheet.

About Us
Compliance
Customers
Data Center
Federal GSA Information
State and Local GSA Information
Support

Resources
Web Mail
Web Mail Admin
Buy & Manage Domain Names
GSA Catalog

Services
Call Center & Help Desk
Cloud Services
Colocation
Design & Development
Disaster Recovery
eAlert
FedRAMP
Managed Hosting
Managed Solutions as a Service
Secured Managed Hosting
Security & Compliance Audits
Virtual Dedicated Servers

Contact Information
General Information
1.877.262.3923
info@mis-sciences.com

Sales
1.800.877.2064
sales@mis-sciences.com

Support
1.888.325.3780
support@mis-sciences.com

Billing Questions/Accounting
1.818.847.0213
billing@mis-sciences.com

Legal & Compliance
1.800.977.1845
legal@mis-sciences.com

Offices
Los Angeles Office
2550 N. Hollywood Way
Suite 404
Burbank, CA 91505
1.877.262.3923
1.818.847.0214 – FAX
info@mis-sciences.com

Woman Owned Small Business (WOSB) | FedRAMP IaaS/PaaS/SaaS (JAB P-ATO)   | Copyright 2007 - 2024 MIS Sciences Corporation

bottom of page