Internal cloud.gov dataflow and architecture

Question

Internal cloud.gov dataflow and architecture

Opened this issue 5 years ago · 3 comments

It would be useful for companies attempting the FedRAMP process to get more details on cloud.gov's internal network architecture and data flow.

As an example of a question this might help answer: If I am trying to get a non-agency-hosted SaaS hosted on AWS GovCloud approved for FedRAMP Moderate, do my EC2 nodes need to send all outbound traffic through a TIC? An L7 logging proxy? NAT? Direct igw?

Answer 1 · 2020-06-03T19:11:15.000Z

Hi Jeff,

Thanks for the feedback. We have more diagrams at https://diagrams.fr.cloud.gov. They are not the easiest to read so we'll be redoing them in C4/PlanUML. I also hope to opensource more of our SSP as we move to OSCAL and better differentiate what can be open and what's still sensitive.

I hope that's of some help to you.

Answer 2 · 2020-06-03T22:11:51.000Z

Those diagrams are very, very useful thank you.

Answer 3 · 2020-06-04T13:56:55.000Z

Agree -- the diagrams are SUPER helpful! Thanks!