Funded by the NIH, the NBSTRN program is dedicated to improving the lives of babies through research.

Scope

• Configuring and managing ACMG’s cloud environment in AWS and determining the most effective approach for migrating applications and databases for efficiency, cost-effectiveness, and security.
• Providing 24/7 monitoring and incident handling through AWS CloudWatch, AWS CloudTrail, and AWS GuardDuty and responding to alerts from the AWS ecosystem.
• Restricting the number of external applications used and the number of application providers.
• Completing necessary security documentation, including System Security Plan (SSP), FIPS-199 Information Categorization, Boundary Scope, Privacy Impact Analysis (PIA), E-Authentication Analysis, Contingency Plan, Configuration Management Plan, Security Assessment Plan (SAP), and Security Assessment Report (SAR).

Key Issues and Challenges

• Leading the Security Authorization process for ACMG, in line with regulations like OMB Circular 130-A, NIST SP 800-37 Rev. 1.
• Coordinating with multiple stakeholders, such as NICHD, Amazon’s Technical Account Managers, and others to achieve FISMA/FedRAMP Moderate compliance and Authority to Operate (ATO).
• Maintaining ongoing tasks, such as managing the Plan of Action and Milestones (POA&M) and conducting quarterly system vulnerability scans.

Results

• Successful migration of NBSTRN’s infrastructure and data to the AWS cloud, including the NBSTRN Redcap applications and databases, the new NBSTRN website, and storage space for genomic data.
• Deployment of a suite of tools as per NICHD requirements to provide continuous monitoring and auditing of NBSTRN’s infrastructure on AWS.
• Provision of ongoing technical support and security compliance, including monthly vulnerability scans, status reporting, and system patching.
• Development and implementation of security policies and procedures.