Security does not mean “Access Denied”

Our Identity, Credential, and Access Management (ICAM) team enabled access for millions of users on the FEMA Enterprise Network (FEN) to achieve their mission-critical goals.

With the extreme scalability of our ICAM tools, FEMA was able to authorize and engage around 9000 users belonging to the surge capacity force, the Internal Revenue System (IRS), and technology vendors, over the course of 4 months to process and verify funds for the COVID-19 Funeral Assistance program.

The Challenge

To ease the financial distress on families grieving over the loss of loved ones to COVID-19, FEMA declared financial assistance to provide for funeral expenses. This required granting rapid ATOs to external IT systems including those of the IRS and other technology vendors to process applications and enable quick disbursement of funds.

What is an ATO?

The Federal Information Security Management Act (FISMA) requires that all IT systems operated by or on behalf of the U.S federal government are required to obtain and maintain an Authority to Operate (ATO). The ATO is granted after an IT system fully complies with the Certification and Accreditation (C&A) process. Expedient attainment of a new ATO is critical to maintaining uninterrupted system operation.

The Solution

Niyam worked proactively to understand FEMA security policy and compliance changes, as well as DHS agency-level metrics and scorecards. After a complete analysis of the challenges threatening the ATO status, we implemented vulnerability scanning and validation of baselines to facilitate the ATO approval process. In addition to documentation updates to support the development of a security plan and other formal security documents, we executed the security activities required to obtain the ATO, including vulnerability scanning and validation of baseline hardening for the new infrastructure. Our team coordinated and supported all site visits and Independent Verification and Validation (IV&V) activities required by the ATO and other security processes.

The Outcome

Our team developed tools to provide an interface for FEMA users to manage user assignments. The portal can now create new disaster teams and provide role-based access privileges to support natural disaster events. We bulk-provisioned around 9000 users including those of the IRS, FEMA’s Surge Capacity Force, and other vendors to verify and process relief funds for the COVID-19 Funeral Assistance services.