Best of Two Worlds:

Managed SD-WAN Hardened to Federal Security Requirements

by Mark Russo Lead Solutions Architect – Innovation & Strategic Development AT&T Public Sector & FirstNet, Shared Services

SD-WAN (Software Defined Wide Area Networking) has been with us for a while now, allowing enterprises to define policies to dynamically optimize the utilization and performance of their WAN underlay transport links (MPLS, Broadband Internet, LTE/5G) - along with the applications that ride over them.

Add to that, now, the Managed Service Provider (MSP) model: AT&T delivers SD-WAN as a turn-key managed solution. We handle the procurement of high-end (Cisco) SD-WAN Edge hardware, facilitate Service Delivery (staging, truck rolls, installations, testing and activation) and “Day 2” Service Assurance (monitoring, management, break/fix, MACDs) - and effectively ‘watch over’ the entire SD-WAN infrastructure in a collaborative partnership with our enterprise clients.

‘AT&T SD-WAN with Cisco’ was announced in 2019, and the service offering provides precisely that. So… how could we take this even further?

By building an InfoSec-hardened management infrastructure uplift for our Federal Agency clients as they shift, one-by-one, to GSA’s EIS (Enterprise Infrastructure Solutions) contract – which has been put into place to facilitate IT modernization over the next ~15 years. By providing an SD-WAN solution that’s been purpose-built from scratch, operationalized, staffed, and independently assessed/audited by a third-party for direct alignment with each of the security controls specified in NIST’s Special Publication 800-53 at ‘FISMA Moderate.’

The Federal Information Security Management Act (FISMA) is a federal law passed in 2002 that requires US federal government agencies to develop, document, and implement an information security and protection program. It provides for 3 levels of compliance: Low, Moderate and High.

‘AT&T SD-WAN with Cisco – FISMA,’ built from the ground up and then launched in 3Q20, enables USG agencies to forge forward with their digital transformation journey, reaping all the benefits of Managed SD-WAN - while simultaneously supporting compliance with FISMA regulations as well.

And this is just the beginning.

With this FISMA-hardened management infrastructure (people/process/tools) in place and independently 3PAO ‘blessed’ to align with FISMA Moderate Information Security controls, we’re in position to provide FISMA Managed services for Edge devices that go beyond just SD-WAN. Certain families of Cisco Universal CPE, for example, are already supported. We’re also in position to create ‘FISMA High’ instances for agencies that may require the highest level of FISMA security hardening. And what’s to come after that? We have some ideas we’re working through right now, and we’d love to hear any others you may have as well.

But for the present…

‘AT&T SD-WAN with Cisco – FISMA’ provides Public Sector customers a Managed SD-WAN service that’s aligned with the FISMA-Moderate requirements, leveraging numerous market-leading Cisco platforms including cEdge, vEdge and even uCPE. While designed and built to align with FISMA requirements, this policy-based WAN transport optimization managed service can also be leveraged by other customers within SLED [State/Local/Education] or even commercial spaces that desire their SD-WAN MSP to align with US Federal security controls.