CSC PaaS Receives FedRAMP Certification, Built by Red Hat

Paul Smith, Red Hat

Computer Sciences Corporation (CSC) announced Nov. 10 that its cloud ARCWRX Platform as a Service (PaaS) offering has received Federal Risk Authorization Management Program (FedRAMP℠) certification. The ARCWRX Platform was built on OpenShift™ by Red Hat™ and was certified in collaboration with Veris Group, LLC. This marks CSC’s second FedRAMP certification for the ARCWRX PaaS offering.

“ARCWRX provides public sector agencies an accredited, secure, cost-effective and agile cloud environment,” CSC’s North American Public Sector Vice President and General Manager John DeSimone said. “By leveraging Red Hat’s OpenShift PaaS environment, CSC can offer a path to open source technology for our U.S.-based government customers to optimize ever-evolving cloud technologies.”

“We’re committed to developing services to help our customers achieve the highest level of security to support their missions,” Red Hat Public Sector Vice President and General Manager Paul Smith said. “Achieving FedRAMP Moderate JAB authorization for ARCWRX demonstrates this commitment and the power of collaboration with CSC to further drive value for our public sector customers.”

“We’re excited to be involved in yet another successful FedRAMP engagement with the CSC team,” Veris Group’s Governance, Risk, and Compliance organization Vice President Michael Carter said. “The dedication of the CSC team throughout the assessment, along with their constant emphasis on security, enabled us to complete our assessment faster than originally anticipated.”

ARCWRX, which resides on CSC’s FedRAMP-approved ARC-P™ platform, is the first true open source PaaS to meet strict standards for highly classified data and the necessary security control standards required for a FedRAMP Joint Authorization Board (JAB) Provisional Authority to Operate.

The ARCWRX PaaS offering is built on OpenShift by Red Hat. CSC designed, tested and certified the application development and runtime platform to meet all necessary federal security control standards. Red Hat and CSC have worked in tandem to deliver ARCWRX on premises and from the CSC government community cloud, creating a more highly secure, cost-effective service for the federal government.

As the FedRAMP Third Party Assessment Organization (3PAO), Veris Group conducted the assessment for ARCWRX against the rigorous FedRAMP Moderate security control baseline. This assessment also included comprehensive penetration tests of the platform and extensive vulnerability scans (operation systems, network devices, databases and web applications) of all inventoried assets. Veris Group also conducted the 3PAO assessment for ARC-P that resulted in first ever FedRAMP accreditation back in 2012.

ARCWRX represents an important evolutionary step for application teams wanting to build and run cloud native applications in autoscaling containers, thereby ensuring apps are more portable, are more secure and include inherent DevOps automation that helps reduce time to deployment.