In January 2013, CGI was the first large company to receive a Provisional Authority to Operate (P-ATO) from the FedRAMP Joint Authorization Board (JAB). Subsequently, clients and partners think of CGI as a cloud services firm. Although they are correct, the P-ATO that CGI received is actually a reflection of two areas of CGI expertise coming together: cloud and cybersecurity.

FedRAMP is first and foremost concerned with the security of a cloud environment. It’s not enough to have a robust cloud with capabilities that meet the needs of the federal government—the cloud needs to meet the rigorous security standards of the federal government to receive an authorization from the JAB. CGI was well-positioned to pass a thorough audit of security controls because we were able to leverage the expertise of our long-standing cybersecurity practice in establishing appropriate policies and procedures to create a strong security posture.

Increasingly, clients are finding that point-in-time audits are not sufficient in highlighting the security posture of an environment, given the constant effort required to keep systems patched against vulnerabilities, track asset inventory and confirm that systems comply with baseline configurations. This was highlighted in the U.S. federal government's most recent FISMA report.

To provide visibility into this information on a near real-time basis, CGI offers clients continuing monitoring as a service (CMaaS) based upon our extensive cybersecurity experience. CMaaS offers clients a dashboard view of their risks, with drill-down capabilities to enable quick action on the items of most impact. CGI’s CMaaS offering also supports automated remediation of many vulnerabilities, if desired by the client. This service can be provided in a cloud environment or deployed at a client’s location.