System Architecture meets architecture reference standards (Best Practices)

• System went through CMS Technical Review Board (TRB) for architecture and security review

• Three tier zone architecture (presentation, application and data zones)

• Communication flows only between adjacent zones or within a single zone

• Three environments (production, validation and development)

• High availability through replication in multiple cloud regions

• High performance through virtualization and cloud computing

• Best practice, System Development Life Cycle (SDLC) is used for all IT projects (requirements gathering, design, development, testing, validation, maintenance, and disposal)

• Twenty-Four by Seven Infrastructure Monitoring

• System documentations are maintained and updated accordingly

• No co-hosting of production and non-production
Security Is Prioritized above Agility

• Access Control and Management: Limit information system access to authorized users, to processes acting on behalf of authorized users, or to devices (including other information systems).

• Audit and Accountability: Create, protect, and retain information system audit records to enable the monitoring, analysis, investigation, and reporting of unlawful, unauthorized, or inappropriate information system activity.

• Configuration Management: Ensure changes to the system are reviewed, documented, and approved (Prevent unauthorized changes).

• Identification and Authorization: Use of strong factor of authentication to restrict access to only authorized users, processes acting on behalf of users, or devices.

• Security Assessment and Authorization: Periodically assess the security controls in information systems to determine if the controls are effective. Implement plans of action designed to correct deficiencies and reduce or eliminate vulnerabilities.

• System and Communications Protection: Monitor, control, and protect communications within and outside of the system (Ensure confidentiality- Encryption at rest and in transit).

• System Integrity: Identify, report, and correct information and information system flaws in a timely manner.

• FISMA, HIPAA, PCI-DSS and ISO Compliant Environments.