Our Process

Compliance Acceleration Journey with CGC

Unique Shared Success Model

FedRAMP and StateRAMP authorization is too often a barrier to entry into government and other critical infrastructure markets for companies that have innovative technologies. Constellation GovCloud’s unique approach to compliance and market acceleration dramatically reduces that barrier. Here’s a view into our process:

  • Establish Partnership

    • Introduction to CGC and Merlin Group capabilities
    • Discussion of partner goals for public sector market
    • Overview of SaaS application


    • CGC Process
    • Tech Specs
    • One-Pager
    • FedRAMP Mandates Overview
    • Discovery Questionnaire
  • Discovery

    • SaaS application demo and architecture review
    • Questionnaire review
    • Deep dive into CGC process and platform


    • CGC “One-Page Gap Assessment”
    • Executable Proposal
  • Agreement

  • Deploy to CGC Digital Twin


    • Onboard privileged Digital Twin users
    • Train partner stakeholders on integrating Digital Twin with existing SDLC
    • Automated deployment of as-is application artifacts into CGC landing zone


    • SaaS is listed as “CGC in Process” on CGC website
  • SaaS Readiness Assessment

    • Comprehensive application scanning, including cryptographic inventory
    • Market Readiness Assessment questionnaire and interviews
  • CGC Readiness Readout

    • Data-driven gap assessment report that includes application findings and remediation recommendations
    • Executive summary aligning the level of effort with overall market opportunity
    • Deep-dive review with all partner stakeholders


    • Market Readiness Assessment Report
  • Remediate to CGC Ready

    • Automated deployment and scanning for iterative application remediation
    • Monthly CGC Ready Review of remediation progress and backlog
    • FedRAMP/StateRAMP documentation creation
  • Move to Production CGC (StateRAMP | FedRAMP)

    • Automated deployment of compliant SaaS release candidate to CGC production environment
    • Integration into CGC SOC continuous monitoring platform
    • Initiate FedRAMP/ StateRAMP change request process
  • SaaS Authorization & ConMon

    • Navigate authorization process
    • Execute continuing monitoring activities
    • Remediate findings as required
    • Significant change and annual assessments


    • Final updated System Security Plan and Attachments
    • Monthly Reports