The Issio Information System for Government (Issio for Gov) maximizes Confidentiality (protection of data), Integrity (reliability of data), and Availability (making sure the right people have access to the data so that they can do their jobs) by implementing a robust and rigorous security program to eliminate risks to your information security, data and operations.  

Redundancy in the Cloud

Because of the redundant and dispersed nature of Issio’s cloud deployment, Issio for Gov is available even if there is a significant outage affecting a portion of the country.  Amazon Web Services (AWS) automatically deploys the system from servers in another region outside the affected area.  Issio for Gov maintains a high level of availability because there is no single point of failure in the Cloud.      

Encryption

Issio for Gov protects federal data through the implementation of industry standard encryption methods for data in transit and data at rest:

• TLS 1.2 is required for all user sessions

• TLS 1.3 is utilized when able

• Connections are limited to FIPS validated encryption methods

Access Control

Beyond encryption, federal data in the system is guarded by multiple layers of protection, offering a defense in depth methodology that includes:

• PIV authentication via SAML 2.0 for Federal Agency users

• Firewall implementation meets federal requirements for TIC 2.0 and TIC 3.0

• DNSSEC implemented through AWS Route53

• Access Control Lists managed through AWS allow for tightly controlled access and data movement between the public facing web server and private database

FedRAMP

The Federal Risk and Authorization Management Program (FedRAMP) is a US government-wide program that delivers a standard approach to the security assessment, authorization, and continuous monitoring for cloud products and services.  FedRAMP uses the NIST Special Publication 800 series and requires cloud service providers to complete an independent security assessment conducted by a third-party assessment organization (3PAO) to ensure that authorizations are compliant with the Federal Information Security Management Act (FISMA).  

Issio for Gov currently holds a FedRAMP Authorization at Low Impact, which means that Issio for Gov implements the following controls:

• All Issio Solutions personnel receive extensive background checks and meet identity proofing requirements.

• Configuration changes in the system are tightly controlled by a mandated approval chain and thoroughly tested prior to deployment.

• Incident Response capabilities are automated, redundant, and tested regularly.

• Scan findings are reported to Federal Agencies and remediated according to required timeframes.

Leveraged Security Services

Cloudflare       Datadog for Government        Tenable.io

Beyond FedRAMP

In order to deliver the highest level of security for Federal Agencies, Issio Solutions meets the following standards in addition to FedRAMP requirements:

• All development and hosting for Issio for Gov is in the United States.  The system can only be accessed from the United States.

• Federal Privacy requirements for PII/PHI, including Privacy Impact Assessments and CNSSI-1253 controls have been addressed.