Cloudnexa Helped Knightscope Achieve “In-Process” FedRAMP Certification

Cloud applications for the United States government have strict security requirements and to meet them, Knightscope built an entirely new environment on AWS GovCloud (US). For the last two years, Knightscope had been preparing to make a large investment in their future; getting ready to sell their Autonomous Security Robots (ASRs) to government entities. The final and most important step in the process was applying for FedRAMP certification. To do that, they needed a FedRAMP accredited Third-Party Assessment Organization (3PAO) to conduct a thorough review of their infrastructure and help them prepare for their upcoming FedRAMP audit.

As leaders in the autonomous robotics field, the team at Knightscope wanted to make sure their partners understand how their technology works and operates in the real world. The Knightscope executive team welcomed the effort Cloudnexa, an AWS Partner provided in learning Knightscope’s product and technology, so they could apply their Amazon Web Services (AWS) expertise to Knightscope’s unique use case.

Cloudnexa assigned five employees to the project including a lead Sr. Engineer, two supporting engineers, a dedicated project manager, with oversight from Cloudnexa’s Chief Technology Officer. These resources worked with Knightscope’s internal team and 3PAO to create a detailed project plan with milestones outlining all tasks required to be completed before the upcoming audit.

These projects included configuring Multi-Factor Authentication, configuring Amazon WorkSpaces with AWS Directory Service integration, configuring SSO/SAML, performing Amazon Elastic Compute Cloud (Amazon EC2) instance security hardening, and configuring SSH Access. In addition, Cloudnexa performed all OS patching, configuring vulnerability scanning and intrusion prevention/detection solutions, configuring SIEM for centralized logging, automating component detection, creating a Highly Available architecture and a disaster recovery plan including deployment testing and documentation, and performing network boundary hardening. Cloudnexa was able to support Knightscope’s team by providing artifact support to their 3PAO throughout this process.

By leveraging AWS GovCloud (US). Knightscope eased their infrastructure's burden of FedRAMP by allowing them to leverage approved AWS services in scope. AWS managed and automated services, such as Amazon WorkSpaces, AWS Directory Service, AWS Systems Manager, AWS Config, AWS Security Hub, AWS Key Management Service (AWS KMS), as well as solutions procured through AWS Marketplace, were leveraged to help increase their efficiency and reduce their time to launch. Their compliance requirements also included strict Disaster Recovery requirements, where native AWS Multi-AZ and DR solutions were leveraged and easily accommodated due to GovCloud West / East regions.

The project's success was achieved by looking at the different endpoints and fine-tuning their processes to match the security controls that FedRAMP Moderate requires, exploring their existing architecture to identify gaps and vulnerabilities. Cloudnexa and Knightscope routinely met for several working sessions a day, for 60 days to meet Knightscope’s upcoming deadline. Throughout the process, Cloudnexa became an extension of Knightscope’s team.

With Cloudnexa’s assistance, Knightscope achieved their U.S. Federal Government FedRAMP “In-Process” rating in 2022. Becoming FedRAMP Moderate certified means that Knightscope will be able to do business with government entities, a new vertical market for the company; with exponential growth opportunities. Knightscope is the only autonomous security robotics company to have taken this step, which gives them a valuable advantage over their competition.