"The platform in question is described as Nonappropriated Fund Integrated Financial Management System (NIFMS) - a cloud-based payroll, pension, and benefits system in lay terms. According to the indictment [PDF] unsealed this week, Hillmer specifically made efforts to represent the NIFMS platform as having enabled security controls that met the FedRAMP High baseline, and the Department of Defense's (DoD) Impact Levels 4 and 5."
"The Federal Risk and Authorization Management Program ( FedRAMP) standardizes security assessments, and systems must have a "high" baseline to store federal information. The DoD has its own risk management framework with Impact Levels 4 and 5 representing the highest levels of security. IL4 requires systems to meet different criteria, ranging from FedRAMP Moderate, FedRAMP High, and DoD-specific controls, while IL5 is the highest level available for unclassified information."
Danielle Hillmer, 53, of Chantilly, Virginia, is accused of deceiving auditors over the capabilities of a government-commissioned cloud service dating to 2017. Federal authorities allege that between March 2020 and November 2021 she obstructed auditors and falsely represented the security posture of a cloud platform used by the Army and other government customers. The platform is the Nonappropriated Fund Integrated Financial Management System (NIFMS), a cloud-based payroll, pension, and benefits system. Hillmer allegedly sought to have NIFMS characterized as meeting FedRAMP High and DoD Impact Levels 4 and 5. Accenture held a roughly $30 million contract requiring an IL4 assessment.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]