InfusionPoints and AWS Help CoachMePlus and TIAG Speed Up Compliance and Increase US Army Soldier Readiness

CoachMePlus offers an athlete management system that helps professional sports teams, schools, gyms, and performance companies track and trace fitness and wellness, nutrition, and hydration. CoachMePlus and The Informatics Applications Group, Inc. (TIAG) developed the Warrior Performance Platform (WP2), a holistic human performance platform designed to help the military measure wellness, optimize performance, and reduce injury risk for soldiers. The cloud-based solution runs on AWS GovCloud (US), which has provided high security standards for the DoD for more than 10 years.

CoachMePlus and TIAG wanted to bring WP2 to the US Army to meet its need for a health and fitness tracking solution as part of the Holistic Health and Fitness (H2F) program, which strives to enhance decision-making for soldier readiness. However, neither of the companies were familiar with the unique and challenging process to achieve a DoD Provisional Authorization (PA) for cloud-based systems, as issued by the Defense Information Systems Agency (DISA). The PA process often takes technology providers 18–24 months to complete. “Our solution worked well on AWS, but we wanted to figure out how to make it work in a secure and DoD-compliant environment, which is a time-consuming process,” says Teo Balbach, chief executive officer of CoachMePlus. “We knew we couldn’t deploy WP2 for the Army until we solved the large complex security requirements of the DoD.”

CoachMePlus and TIAG found the solution to the problem when they were introduced to InfusionPoints, an AWS Global Security and Compliance Acceleration Program (GSCA Program) partner and FedRAMP Third-Party Assessment Organization (3PAO), and A-LIGN, an A2LA-accredited 3PAO and AWS GSCA Partner. “We specialize in working with government agencies and commercial companies to design and implement solutions that meet strict technical cybersecurity and compliance controls,” says Jackson Gorman, advisor and solutions architect for InfusionPoints, which has AWS Competencies in Level 1 Managed Security Services Provider (MSSP) Consulting, Government Consulting, Security Consulting, and GovCloud Service Delivery.

InfusionPoints provides XBU40, a solution hosted on AWS GovCloud (US) that features multiple AWS accounts to isolate and protect multi-tenant workloads, including transit, management, security, logging, and central accounts. The InfusionPoints XBU40 solution provides an automated security platform using AWS services combined with AWS partner solutions (including Graylog, Trend Micro, and Tenable Nessus) to provide a complete solution for achieving DoD security authorization while reducing the preparation time and expense.

XBU40 uses Amazon CloudWatch and AWS CloudTrail to centralize logging and monitoring, and it relies on Amazon Kinesis Data Streams to stream logs for analysis. The solution also uses Amazon Inspector, AWS Lambda, and AWS Config to automatically scan the AWS environment for software vulnerabilities and gather component inventories. Additionally, InfusionPoints uses Amazon GuardDuty, AWS Security Hub, and AWS WAF to enhance security and compliance. XBU40 integrates with InfusionPoints Virtual Network and Security Operations Center 360° (VNSOC360°) to provide a fully automated and monitored platform. “Through the automation we provide on AWS, we’re able to facilitate rapid software deployments for defense industry customers,” Gorman says.

Working with InfusionPoints, CoachMePlus and TIAG quickly integrated WP2 into XBU40 to expedite time to authorization. Together, the three companies completed DoD PA readiness and security assessment reports and passed a DoD Impact Level 4 (IL4) PA audit conducted by A-LIGN. Acting as the 3PAO, A-LIGN delivered a full Security Assessment Report (SAR) to DISA in the fall of 2023. In March of 2024, the DISA Authorizing Official (AO) granted WP2 a DoD PA.

Along with InfusionPoints, the CoachMePlus and TIAG teams navigated the complexities of the DISA PA process and achieved DISA PA in just over a year, faster than the typical 18–24 months the process normally requires. “InfusionPoints already runs on AWS GovCloud (US), which gave us the ability to deliver a secure, robust hosted environment,” Balbach says. “Additionally, because InfusionPoints fully documents the underlying security controls and adds automation, we quickly proceeded through the security assessment and audit. If we didn’t have these capabilities, we would have spent 9–12 more months on this process.” Jake Repanshek, executive director of solutions and technology at TIAG, adds, “We looked at independently architecting and engineering our own solutions and writing our own documentation, but InfusionPoints was by far a better choice. We would not have been ready to even start this process in a reasonable amount of time had it not been for the acceleration provided by the XBU40 platform.”

Achieving the DoD PA created the opportunity for CoachMePlus and TIAG to bring WP2 to the US Army in support of the H2F program. “WP2 would not have been deployment-ready if we didn’t have the cybersecurity credentials,” says Balbach. Now, the US Army can track soldier readiness, enhance wellness, optimize performance, and reduce injury risk—while all the data moves with soldiers throughout their careers. Using WP2, the Army can assign and monitor soldier workouts, monitor sleep duration and quality, track nutrition, and provide mental and spiritual health resources. “Most injuries to soldiers are non-combat injuries, so the challenge is how to manage that for millions of soldiers, including National Guard and Army Reserve soldiers,” says Balbach. “With WP2 on AWS, we will help the US Army more easily manage holistic health and wellness, ultimately leading to stronger and more resilient soldiers.”