AWS Public Sector Blog

Deliver Mobile-First, Compliant Apps with Monkton

Competition for bringing new mobile and cloud capabilities to market continues to grow. This, along with the pace of innovation, has posed a challenge for regulatory bodies as they struggle to keep up with the evolving IT risk landscape. Establishing standards often requires analyzing sensitive, and in some cases, classified data systems, applications, and networks.

Enter Federal Risk and Authorization Management Program (FedRAMP) and the National Information Assurance Partnership (NIAP) – two regulatory authorities created to promote the rapid development and deployment of new cloud capabilities in a consistent and secure manner. FedRAMP sets the standards for security assessment, authorization, and continuous monitoring for cloud products and service, while NIAP oversees the evaluation of commercial IT products for use in National Security Systems. Together, they are expected to usher in a new age of technological capabilities for the government. With DOD OSD’s Mobile Application Security Requirements Memo now mandating NIAP Compliance for GOTS apps, NIAP isn’t an option, but like FedRAMP, is required.

AWS has teamed up with mobile app security and compliance provider, Monkton, to facilitate the creation and delivery of compliant apps. The company has developed a software-as-a-service product called Rebar, which through its standard development platforms, enables mobile app developers to produce native iOS or Android apps that are compliant with:

  1. NIAP Application Software PP v1.2
  2. NIAP File Encryption PP v1.0
  3. Support PKI (i.e., DISA Purebred and Entrust Datacard), without having to write hundreds of lines of code.

Rebar’s software development kit can be installed and configured into any AWS instance using an AWS CloudFormation Template. In as little as 30 minutes, a government agency or systems integrator can start building NIAP-compliant native iOS or Android apps. Through this collaboration, developers are now available to focus on the user experience so that the government can deliver services more efficiently.

Industry-wide constituents are building similar commercial capabilities to comply with NIAP and FedRAMP standards so that government data centers can securely connect to a FedRAMP Cloud Service Provider (CSP) via a trusted connection (TIC or CAP). The CSP then provides the government with storage, analytics, or real-time compute power for the government’s mission critical applications. Mobile apps developed and assessed in accordance with NIAP can securely connect to the CSP to access sensitive data, and update with new content collected through the compliant device.

With NIAP and FedRAMP security and policy compliance embedded in the government’s solutions architecture, agencies can focus on the more pressing issues impacting enterprise goals. With information available in real time to any authorized person on any approved device, data can be more effectively used for decision-making. Ultimately, these developments now make it possible to deliver new mobile-first apps with commercial-like user experiences, which leverage computing and scalability for mission critical-needs.

Rebar is DoD ready! Start building awesome apps with Rebar here.