NIST 800-53 Rev 5 Compliance for Google Cloud Platform

Introduction

Ensuring compliance with NIST 800-53 standards is a critical requirement for federal organizations leveraging cloud infrastructure. Oak Ridge National Laboratory (ORNL), a leader in scientific research and innovation, required a robust compliance solution for their Google Cloud Platform (GCP) infrastructure. While ORNL primarily operated in an AWS environment, their expansion into GCP necessitated new compliance checks to align with federal security mandates.

The Challenge

ORNL faced a key challenge in achieving full NIST 800-53 Rev 5 compliance within their GCP environment. Unlike AWS, where compliance frameworks were more readily available, GCP lacked out-of-the-box solutions. ORNL required a solution that could effectively implement and manage compliance controls while seamlessly integrating with their existing compliance workflows.

Our Approach

To address ORNL’s compliance needs, our team implemented a tailored solution leveraging Kion’s compliance check capabilities, powered by Cloud Custodian, an open-source cloud governance tool. Our approach involved:

  • Customizing Kion’s Compliance Checks for GCP: Kion, while equipped for AWS, required additional configuration to support GCP compliance checks effectively.
  • Researching Compatibility: We conducted an in-depth analysis of which NIST 800-53 controls could be supported by Kion and Cloud Custodian on GCP. We identified gaps and worked to bridge them where possible.
  • Collaborating with ORNL’s GCP Team: We partnered with Abdulla, a GCP developer at ORNL, to integrate and validate custom compliance checks.
  • Troubleshooting & Issue Resolution: We worked closely with Kion and ORNL’s team to diagnose and resolve issues when compliance checks failed or were unexpectedly suspended.
  • Comprehensive Documentation: We documented the covered NIST 800-53 controls along with detailed notes on implementation, ensuring clarity and future maintainability.

Outcome & Results

Over the course of six months, our efforts significantly enhanced ORNL’s compliance posture on GCP. The implementation is now undergoing an external audit for NIST 800-53 compliance. This initiative has established a scalable compliance framework, enabling ORNL to meet federal security standards while expanding its hybrid-cloud infrastructure.

Conclusion

Our collaboration with ORNL demonstrates our expertise in cloud security and compliance, particularly in adapting tools to meet evolving regulatory needs. By integrating Kion and Cloud Custodian into ORNL’s GCP environment, we delivered a customized solution that ensures ongoing NIST 800-53 Rev 5 compliance. Our approach not only addressed immediate compliance needs but also positioned ORNL for future scalability and security in multi-cloud environments.

For organizations facing similar compliance challenges, our team offers tailored solutions that bridge gaps in existing compliance frameworks, ensuring seamless integration and adherence to federal security standards. You can contact us to learn how to enhance cybersecurity at your agency.

 
Download Case Study
A young professional at work looking at data reports on multiple large monitors

Let’s Chat

Our ears and doors are always open to exciting opportunities.
We’re excited to meet you and your team.

Drop us a line
Drop us a line

3120 Fairview Park Drive, Suite 600
Falls Church, Virginia 22042

703.289.3820 tel
703.359.0952 fax

info@ctacorp.com

© 2023 CTAC. All Rights Reserved. Privacy Policy

Certifications

CMMI DEV Level 3
ISO 9001:2015
ISO 27001:2022
ISO 20000-1:2018

AWS Partner Advanced Tier Services