Cloud Onboarding Process Archive
The Cloud Smart Journey consists of five phases that can only be accomplished through collaboration across FCS, the Modernization Teams, Business leadership. Utilize the contents of this page to obtain a deeper understanding of the tasks, outcomes, and artifacts encompassed in each phase of the Cloud Smart Journey.
Cloud Smart Journey
Click on the following link to view the Cloud Smart Journey Personas
- Consumer Persona - Business Application Team - Follow the Cloud Smart Journey of a business application team looking to modernize their applications
- Producer Persona - GSA Security Team - Follow the Cloud Smart Journey of GSA Security in their process of updating or implementing a cybersecurity feature
The purpose of the Intake Phase is to begin a collaborative partnership with the tenant, obtain an understanding of the application needs through the Lean Intake Assessment and application Requirements Template, and assess cloud readiness.
Cloud Advisory Services*: Any changes related to the architecture, operational model, security boundary to existing services or products. New Capability enablement or Capability enhancements to existing products. New product(s) to be brought into FCS to develop to be a new service.
Cloud Advisory Intake Form
Navigation Path: Home > Service Catalog > Enterprise Services > Cloud Services > CISS Cloud Service
- Completed intake request
- Increased understanding of tenant needs
- Completed set of requirements
- Completes Security section of the Intake Questionnaire
- Defines roles and responsibilities, to include POCs such as System Owner (SO), Lead Developer (if applicable)
Phase 1 - Advisory
The purpose of the Advisory Phase is to orient tenants to the Cloud Smart Journey process; and validate requirements which will drive the assessment and target model leading to a cloud migration rationalization strategy.
- Completed assessment
- Initial rationalization strategy
- Obtains FCS ATO Package and Templates
- Provides details for planned System/Data Interconnections; including disclosure of any additional baseline security requirements
- Discloses all necessary security requirements to Cloud Advocate
The purpose of the Enablement Phase is to collaborate with FCS Security and FCS Product Team to develop and gain concurrence on the Cloud Modernization Plan. Completion of the Cost Estimate, Schedule, and Onboarding Checklist are put in place to execute the Cloud Modernization Plan.
- Rough Order of Magnitude
- Cloud Modernization Plan
- Clear and achievable strategy to addressing FCS security requirements (example: initial control gap assessment)
- Plans to address security artifact delivery and identifying potential delivery risks
- Draft Rough Order of Magnitude (ROM) based on ISSO checklist and other considerable factors
- Detailed System Description (Use and Purpose required)
- Synchronize development timeline with security artifact(s) development
- Determination of applicable Security Documents (example: incident response plan may not be applicable)
The purpose of the Adoption Phase is to enable production readiness, complete all security requirements to achieve the ATO, implement supporting structures to drive adoption, and monitor the project from kickoff to launch to ensure the anticipated outcomes of the Cloud Modernization Plan are met.
- Tenants are fully active and onboarded to their environment with operational support structures in place
This Kickoff is the first meeting with CETT on continuation of phases in the Cloud Smart Journey. This presentation will get things started with the right teams and help get everyone on the same page with clear communication between all parties involved. View the Kickoff presentation here.
Kickoff Adoption Plans
Take a look at adoption plans for customers standing up services in the enviornments that compose our FAS-IT Cloud Services.
- Clear understanding of Security Assessment Plan (SAP) amongst key stakeholders
- Initial Security Authorization timeline is approved by all-parties
- Final FIPS 199 categorization is determined
- PTA and PIA Forms are reviewed and approved (if applicable)
- Final e-Auth Level is determined
- Security review and approval of draft SSPP
- Actionable next steps to initiating and completing applicable Security Documentation such as but not limited to: Contingency Plan (CP), Business Impact Assessment (BIA), Incident Response Plan (IRP)
- Security Assessment Report (SAR) and Authorization decision are obtained
The purpose of the Optimization Phase is to provide ongoing service support and maintenance for onboarded tenants, track cloud utilization measures, and partner on continuous modernization efforts.
Transition To Operations
At the conclusion of the Optimization Phase (standard is 90 days post go-live), the Cloud Support team will host a Site Reliability Engineering (SRE) transition meeting with the FCS Operations team. From that point forward, the FCS Operations team becomes the tenants main point of contact and is responsible for handling routine maintenance, incidents and outages, certificate rotation, off business hours support, and other O&M activities. Cloud Support will continue to triage and manage Jira Service Management tickets and requests.
Outcomes
- Tenants are self-managed and operating in optimized environments
- Feedback is collected to achieve continuous improvement
Site Reliability Engineering
- Discussion for ongoing audits
- Vulnerability Scans (Weekly/Ad-Hoc)
- Active ATO Progress (e.g. re-authorization)
- Planned Security Activities
- Security Roadblocks
- Executive Orders, Updates to NIST Publications/RMF/ FISMA Data Calls
- ISSO Self Assessments and Checklist status update
- Plan Of Action and Milestones (POA&M) updates
- Discuss Risk Based Decisions for risk acceptance (when applicable)
- Review list of SecOps approved security tools to determine tenant's operational needs.
- Payment Card Industry (PCI-DSS) Assessment progress (if applicable)