Accelerate Compliance with the Landing Zone Accelerator on AWS

Coalfire Assessment Team

June 1, 2023
Blog Images 2023 Coalfire Main Image Blog Accelerate Compliance FINAL

Key takeaways:

  • LZA on AWS significantly decreases the time to build an environment for highly regulated workloads with sensitive data.
  • It provides platform readiness with integrated security, compliance, operational, and continuous monitoring capabilities and deploys a foundation to accelerate compliance with FedRAMP, FISMA, NIST, CMMC, and the DoD CC SRG.
  • The solution is integrated with FedRAMP High-authorized AWS or AWS partner solutions available in AWS GovCloud (US).

Today’s compliance assessment and assurance demands continuously evolve and encompass every corner of the economy. With the rise of the cloud, remote work, market factors, compliance updates, and new state and federal regulatory requirements, managing compliance has never been more complex. In fact, according to recent research, almost 70% of security leaders manage at least six different frameworks, and 59% have multiple systems subject to compliance frameworks. Add in the fact that the U.S. Congress made FedRAMP a law and the president signed the FedRAMP Authorization Act as part of the FY23 National Defense Authorization Act (NDAA); compliance leaders are now responsible for additional considerations when deciding on controls to be included in High, Moderate, and Low authorizations.

To support organizations’ journey to FedRAMP and FISMA authorization, Coalfire, working with AWS, completed the LZA on AWS Verified Reference Architecture for US federal and Department of Defense (DoD) customers on AWS GovCloud (US), which rapidly deploys a scalable, secure, multi-account environment for the FedRAMP High control baseline. The Infrastructure as Code (IaC) solution facilitates hybrid-cloud integrations and leverages enclave architectures. It provides multi-account creation and management, identity and access management, data security and governance, core networking, centralized logging, and connectivity options.

The use of these authorized cloud services helps prepare an agency’s or partner’s applications for FedRAMP and/or Federal Information Security Modernization Act (FISMA) authorization and compliance with the DoD Cloud Computing Security Requirements Guide (CC SRG) guidelines to host IL 4 and IL 5 workloads.

Coalfire reviewed the LZA on AWS for US federal and DoD solutions and performed a simulated FedRAMP assessment, determining that, based on the shared responsibility model, the LZA on AWS solution is effective in providing significant support for the objectives and requirements of the FedRAMP High control baseline.

To demonstrate the findings, Coalfire created the LZA on AWS VRA white paper, which thoroughly analyzes the solution’s ability to expedite the construction and implementation of a compliant environment for highly sensitive workloads and highlights customer responsibilities for ongoing management and continuous monitoring of services deployed with the LZA on AWS as defined in the Customer Responsibility Matrix (CRM) for each FedRAMP High-authorized.

The LZA on AWS is available to prospective AWS customers and partners to rapidly deploy a foundation to meet complex compliance requirements with services and features from AWS available in the FedRAMP marketplace for AWS GovCloud (US).