Cloud and Hosting

Salient CRGT has a strong history of delivering hosting solutions to federal customers, including FISMA High-rated managed services. With the advent of commercial cloud services, we help our customers focus on preparing for and migrating to massively scalable environments.

Case Study: Security Monitoring and Oversight

Background

The mission of the Centers for Medicare and Medicaid Services (CMS) is to be an effective steward of public funds. CMS is committed to strengthening and modernizing the nation’s health care system to provide access to high quality care and improved health at lower cost. The CMS vision of future success is a high quality health care system that ensures better care, access to coverage and improved health. CMS covers approximately 100 million U.S. citizens through Medicare, Medicaid, the Children’s Health Insurance Program, and the Health Insurance Marketplace.

The Challenge

The Affordable Care Act (ACA) requires CMS to coordinate with states to establish Health Insurance Marketplaces, expand Medicaid, and regulate private health insurance plans. The ACA greatly broadens the agency’s role and responsibilities, expanding CMS’ traditional service base and making it responsible for establishing the Health Insurance Marketplaces, including the national Healthcare.gov website.

Goal 4 of the Department of Health and Human Services (HHS)/CMS Strategic Plan states: “[CMS] will have achieved “Enterprise Excellence” when CMS’ high quality, diverse workforce develops, supports and utilizes innovative strategies, tools and processes, and collaborates effectively with its partners and agents to reach its goals.”

The technology backbone of the ACA is CMS’ virtual data center, eCloud, an advanced hybrid cloud hosting environment consisting of multiple technology vendors and connections to a variety of state governments, issuers, brokers, and assistors. The security and reliability of the underlining IT infrastructure supporting enterprise excellence would be tantamount to ACA’s success. To address eCloud’s broad threat attack surface, CMS’s Center for Information and Insurance Oversight (CCIIO) was required to implement a robust operational security management program to protect the data without impacting the thirty-five million estimated annual users.

The Solution

In order to provide a cyber security solution for ACA, the Salient CRGT team implemented and operated a robust Operational Security Management Program. This program consists of an advanced 24×7 Security Operations Center (SOC), which continues to provide both broad and deep cyber security services for the eCloud environment and Healthcare.gov, including:

  • Continuous monitoring, behavioral-based analytics, and signature development
  • Cyber threat intelligence
  • Digital forensic analysis including rapid response for data breach and consumer fraud
  • Security incident reporting
  • Full lifecycle maintenance of security appliances and tools
  • Multi-tenant, multi-vendor, hybrid cloud vulnerability scanning and assessments
  • Security risk analysis and risk management
  • Privacy assessments

The success of ACA would require strong communication between all stakeholders. As security is fundamental to all components of ACA, the SOC would need to maintain a visible, respected, and reliable presence throughout the ACA ecosystem. It needed to act as a central clearinghouse for all security matters and maintain a persistent connection to CMS and federal cyber security authorities.

Salient CRGT met this challenge, developing a management approach centered on three fundamental tenants: quality, partnership, and customer service. Salient CRGT built and maintained relationships that allowed for continuous data exchange between government components and partners. We introduced innovative processes and technologies to maintain the availability, quality, and delivery of time-sensitive information about cyber security health and the evolving threat landscape. We maintained close relationships with product vendors and both private and public sector cyber security information exchanges to enrich our threat intelligence and signature data.

The Impact

This program has enabled CMS to maintain the security and privacy protections of the Healthcare.gov website and hosting environment since service launch, ensuring CMS’s commitment to Enterprise Excellence.

Download the PDF