A CACI customer needed a mission-essential, single web gateway to support and integrate technical data and databases across all their Amazon Web Services (AWS) systems. CACI created and implemented a single web gateway that provides authorized users access to current technical data and supports customer databases 24/7, 365 days a year. It houses all required data for the customer’s contract and provides consistent and effective confidentiality, data integrity, and data availability. CACI also provided a searchable environment that hosts specific interfaces and includes workflow tools to assist in continuous improvement.
CACI’s solution enabled interoperability between platforms and its open systems architecture supports six government mission support systems that are government-off-the-shelf, commercial-off-the-shelf, and open source applications. To maximize safeguards for mission data protection, data held within the applications is categorized so that the correct security controls can be applied depending on the type of data. Role-based security profiles allow full control, restricted access, and limited access for personnel. Security controls also include two-factor authentication and encrypted communication between the client system and web server for user access to the website.
This solution is implemented in AWS GovCloud (US). AWS GovCloud is an isolated AWS region designed to host sensitive data and regulated workloads in the cloud, helping customers support their U.S. Government compliance requirements, including the International Traffic in Arms Regulations (ITAR) and Federal Risk and Authorization Management Program (FedRAMP). CACI uses AWS GovCloud as an infrastructure-as-a-service (IaaS) provider. As such, Amazon is responsible for managing the security of the cloud and CACI is responsible for managing the security in the cloud. CACI builds upon GovCloud’s physical infrastructure security controls and have designed the integration of tools, applications, and data integration controls to provide a cybersecurity approach that meets the Department of Defense and DFARS requirements to ensure proper protection of data.
Amazon Virtual Private Cloud (Amazon VPC) is a construct used to provision a logically isolated section of the AWS cloud where AWS resources can be created in a virtual network that is defined by the owner. As the owner/administrator of the VPC, CACI has control over the virtual networking environment, including selection of IP address ranges to use, creation of subnets, and configuration of route tables and network gateways. Amazon allows for deployment of a single VPC with multiple subnets, or multiple VPCs with multiple subnets. Because the design is the responsibility of the customer, CACI has chosen a multiple VPC configuration for the greatest system isolation and protection. In our multiple VPC configuration, each of the major logical application components are separated into isolated virtual private clouds with a separate services VPC established for operational functions and directory services for the infrastructure.
Multiple support systems are implemented within the environment alongside the actual mission applications and contribute to a secure ecosystem. Some are inherent within the AWS service, like CloudWatch, and some are implemented by CACI as operational best practices for security and management. Examples of CACI implemented systems are active directory change audit tools, host-based security systems (HBSS), application monitoring tools, access control tools, and security information and event management (SIEM) tools.
CACI’s expertise in cloud environments was integral to addressing the customer’s needs and creating a repeatable, scalable solution that can be customized to support the customer in securely, effectively, and efficiently operating their cloud environment. The customer now has 99.99 percent system availability and reduced the time to achieve FAR 252 cybersecurity compliance by over 30 percent. Since implementing this solution, we have saved our government customer more than 88 percent in operations and maintenance costs, and more than 60 percent in total cost of ownership.