Overview

eGT’s Cloud Security Team’s (CST) work on the ESPS contract is one of the main reasons why Health and Human Services (HHS) is the leading civilian agency in authorizing and utilizing cloud services. HHS implements more than 30 cloud systems and is the original authorizing agency for 8 cloud service providers, including Salesforce, Cisco, IBM, Adobe, and AWS.

The CST’s cybersecurity expertise enables HHS to make confident, risk-based authorization decisions. Our CST supports department-level cybersecurity assessments of cloud systems and on-going monitoring of these systems.

Faced with the need to formalize their cloud security process across all 11 operating divisions, HHS turned to the eGT CST to develop department-wide policies, processes, and standard operating procedures. The CST then worked across all operating divisions to roll out policies and procedures by hosting a FedRAMP Open House (accessible in-person and virtually), providing cloud security training events, and facilitating a Cloud Security Working Group, which features cybersecurity personnel from each HHS operating division.

The FedRAMP Program Management Office (PMO) at the General Services Administration (GSA) held up HHS and the CST as the gold-standard for implementing FedRAMP processes. HHS and the eGT CST presented at the FedRAMP PMO’s Agency Day on the topic of HHS’ process for FedRAMP and cloud security. HHS was also asked to provide input for the Agency Guide for FedRAMP Authorizations.

eGT’s support has allowed HHS to remain at the forefront of federal cloud initiatives and cloud adoption. eGT’s cloud security team was responsible for the security reviews, resulting in the authorization of collaboration tools from Cisco and Adobe. The CST also performed assessments of CSPs which will enable HHS to move applications to the cloud, such as Salesforce and AWS.