Technical Services

FedRAMP Advisory

Cloud Service Providers (CSPs) interested in selling their cloud service to the Federal government should obtain a FedRAMP authorization, per OMB memorandum.

 

Endeavor can assist organizations in determining if FedRAMP is appropriate, and if so, can help you determine which approach to take (Agency ATO, GSA/JAB provisional authorization, or Li-SaaS).

Endeavor can help:

  • Assess and determine your FIPS-199 Security Categorization (Low, Moderate or High) to help determine the overall scope of the certification

  • Assess your FedRAMP readiness state in terms of policy and procedure documentation, System Security Plan (SSP) documentation, and organizational support

  • Help select a Third Party Assessor Organization (3PAO)

  • Assist with initiating the FedRAMP Authorization Process

  • Assist with the identification and completion of all FedRAMP required documentation, including the SSP

  • Assist with identifying policy and procedure gaps, and the organizational constructs required for ongoing compliance to FedRAMP requirements

  • Act as a liaison for the ongoing communications between the CSP, agency, 3PAO, and FedRAMP

CMMC Advisory

The Department of Defense has issued the Cybersecurity Maturity Model Certification (CMMC) standard to be incorporated into the Defense Federal Acquisition Regulation Supplement (DFARS) and use it as a requirement for future contract awards. The standard is intended to improve the overall cybersecurity posture of the Defense Industrial Base (DIB). The CMMC requirement is expected to be part of all new RFIs and RFPs as of 2021.

In order to be prepared for upcoming DOD RFIs and RFPs, DIB companies need to perform assessments so they can identify any deficiencies in their Cybersecurity posture.

 

Endeavor Worldwide performs assessments in accordance with the CMMC standard. Our team provides both a written assessment of any deficiencies as well as recommendations to mitigate any issues discovered.

 

Endeavor assists in developing procedures, identifying technology, and performing training to improve cybersecurity. This will enable DIB companies to pass the audit as quickly as possible, positioning them to be approved to compete for DOD RFIs and RFPs