Download:
pdf |
pdfUnited States Department of Agriculture
Food and Nutrition Service
Memorandum to File
Food and Nutrition
Service
Date:
January 28, 2021
1320 Braddock Place
TO:
Joseph Shaw
System Owner, FNS Salesforce
Food and Nutrition Service
FROM:
Renee Gore
Authorizing Official, FNS Salesforce
Food and Nutrition Service
SUBJECT:
Accreditation Decision Letter for FNS Salesforce
Alexandria, VA
22314
REFERENCES:
(a) USDA Memorandum, Fiscal Year 2020 Security Assessment and Authorization Guidance,
October 3, 2019.
(b) USDA Departmental Regulation (DR) 3540-003, Security Assessment & Authorization,
August 12, 2014.
(c) USDA Process Guide, USDA Six-Step Risk Management Framework (RMF) Process
Guide, October 2019.
(d) NIST Special Publication 800-34, Contingency Planning Guide for Federal Information
Systems, Rev 1, May 2010.
(e) NIST Special Publication 800-37, Risk Management Framework for Information Systems
and Organizations: A System Life Cycle Approach for Security and Privacy, Rev 2,
December 2018.
(f) NIST Special Publication 800-53, Security and Privacy Controls for Federal Information
Systems and Organizations, Rev 4, April 2013.
(g) Office of Management and Budget (OMB) Circular A-130, Managing Information as a
Strategic Resource, July 2016.
The FNS Salesforce provides the hosting environment for FNS applications deployed in the
USDA SalesForce Government Cloud environment, which is FedRAMP authorized. The
SalesForce Government Cloud is a partitioned instance of SalesForce’s Platform-as-a-Service
(PaaS) and Software-as-a-Service (SaaS), multi-tenant community cloud infrastructure
specifically for use by U.S. Federal, state, and local government customers U.S. government
contractors, and Federally Funded Research and Development Centers (FFRDCs). The
SalesForce Government Cloud is comprised of the Salesforce Services: Lightning Platform,
Sales, Service, Communities, Analytics, and Industry Solutions.
A security assessment of the new WIC Food Delivery Portal (FDP) application, as well as
MuleSoft, a new Cloud Service Provider (CSP) that includes an Integration Platform-as-aService (iPaaS) functionality, has been conducted in accordance with OMB Circular A-130,
Managing Information as a Strategic Resource, and USDA policy on security accreditation.
The addition of the FDP application and MuleSoft CSP constitutes a major change to the FNS
1
�Salesforce boundary and warrants a renewed, full security certification. After reviewing the
results of the security certification and the supporting evidence provided in the associated
security accreditation package for the FNS Salesforce with the FNS Information Security
Office (ISO), I have determined that the risk to Agency operations, assets, or individuals,
resulting from the operations of the information system is acceptable.
Accordingly, I am issuing a full Authorization to Operate (ATO) the information system in its
current state and operating environment for three (3) years from the date of this memorandum.
The system is accredited without any significant restrictions or limitations. This security
accreditation is my formal declaration that appropriate security controls have been
implemented in the information system and that a satisfactory level of security is present in
the system in accordance with reference (a) and in compliance with references (b) through (g).
The security accreditation of the information system will remain in effect as long as: (i) the
required Plan of Action and Milestones reports for the system are maintained in accordance
with USDA policy; (ii) the confirmed vulnerabilities reported during the continuous
monitoring process do not result in additional risk to the agency’s operations/assets, which is
deemed unacceptable; and (iii) the system has not exceeded the maximum allowable time
period between security authorizations (in accordance with federal or agency policy).
A copy of this memorandum with all supporting security certification and accreditation
documentation will be retained in accordance with the Agency record retention schedule.
Digitally signed by QUVATOR GORE
Date: 2021.01.29 06:03:07 -05'00'
_______________________________________________
Renee Gore
Authorizing Official, FNS Salesforce
Food and Nutrition Service
2
�
| File Type | application/pdf |
| File Modified | 2021-01-29 |
| File Created | 2021-01-27 |