Arcus logo


Arcus Solutions for the Public Sector

Overview

Arcus delivers a complete package of cloud, security and DevSecOps orchestration across multiple public & private clouds; with automation and validation across the entire software lifecycle. It provides self-service access to the automated provisioning of cloud infrastructure; applications; data; containers; source code builds; functional & performance tests; security scans; and network defense, all while allowing users to continue to use their favorite tools. The workflow orchestration and access to the shared library of assets drive a whole new level of system design discipline.

Arcus users have logged more than fifteen million hours on over 600,000 systems launched into the cloud. It, and its predecessors, have been used across the DoD for development, test, training, exercises, and/or operational work.

 

DoD Government Service

Arcus operates as a fee-for-service government resource available to all branches and agencies. It is accessible via 1) a direct contract award and/or 2) by prime contractors authorized their government sponsor and the Arcus program office. This distributed funding approach reduces costs (hardware, licensing, security, administration, etc.) for all. With no central funding, user support and user success are critical drivers.

 

Accreditation

Arcus operates under a Risk Management Framework (RMF) Authorization to Operate (ATO), issued by the USSF Space Systems Command (SSC) Authorizing Official (AO). The control set starts with the National Security Systems baseline (CNSS 1253) and adds the Space Platform, Intelligence, Privacy, and NNSA Restricted Data overlays. As applied, these controls meet or exceed the requirements for DoD Data Impact Level 5 as defined in the DoD Cloud Computing Security Requirements Guide, Version 1, Release 4. In all, over 650+ controls in place to ensure the security of the users and their work. Arcus has also been evaluated by DoD Red Teams.

The system has been assessed by the SSC AO team for compliance and is approved for use by USSF SSC programs. The ATO covers activities in the connected and managed clouds resources, which are only accessible via the Arcus portal. Arcus was designed from the ground-up to support DoD requirements for security and compliance. All user activity is monitored through the web application and security stack in order to maintain compliance. When programs are ready for their systems to go operational and obtain their own ATO, Arcus can be used to support a number of the required artifacts; develop RMF responses; and/or provide on-going management and monitoring capabilities. A baseline set is outlined in the Arcus Inherited Controls document, available upon request. The Arcus team is ready to work with a program office to tailor these as required for their use case.

Note: Programs outside of USSF SSC wanting to work inside Arcus need to evaluate the reciprocity of the Arcus ATO and pursue the appropriate approval to use from their chain of command. All programs onboarding requests are subject to approval by the USSF SSC AO. As the data owners, a program maintains the responsibility for, and ownership of, their own data. A matrix outlining roles and responsibilities is included at the end of this document.

 

Collaboration Tools

Arcus will offer access to GitLab, Mattermost, and Atlassian (Jira, Confluence, Jira Service Management, BitBucket) capabilities on DoD networks up through Impact Level (IL) 5. When Arcus-S comes online, it will also include these services at IL6.

Access to these tools is via a unified, single sign-on experience directly through the familiar Arcus portal, using your DoD-approved PKI credentials. Team administrators will have direct management control over their seats and membership. And while fully integrated with Arcus's leading-edge cloud solutions, organizations can choose to sign up for only the services they need.

 

Key Benefits

  • Broad Access
    • Users can access Arcus from NIPR, DREN and/or commercial internet.
  • Multiple Classification Levels
    • For users with classified requirements, there is an Arcus-S targeted for Q3 FY22 and an Arcus-TS in development.

  • Express Interface
    • A streamlined, simplified part of the portal to allow users to jump right in and consume work created by others on the team.

  • Remote Access
    • Secure, encrypted, and browser-based access to systems deployed in the cloud. User can work right on the desktop or command line with no additional software or plugins required. This capability also includes file transfer and clipboard functionality.

  • Granular Security Controls
    • The default configuration for a new Team is to support collaborative development. However, Team Managers have control over permission, data flow, sharing, and access settings in order to meet organization needs.

  • Support
    • All packages include access to the community team for customer support. Users can submit tickets directly within the application for a quick response.
  • Cloud Providers
    • Arcus supports connections to multiple public clouds (AWS, Azure), private clouds (VMware, OpenStack), and platforms (Kubernetes, OpenShift).
  • Asset Library
    • The Asset Library consists of installers, configurations, utilities, test and other resources that users can utilize in the design, provisioning and validation of their systems. They can reuse existing contributions, build on the work of others and/or add their own pieces as needed. Specific training on asset development is available.

  • Training
    • All users have access to standard training resources: self-paced videos, knowledge base, and weekly live web sessions. All training can also be delivered to teams directly (remotely and/or on-site) as needed. The goal is for the team to be successful and productive.

  • Collaboration
    • Multi-tenancy at the application level and the separation of cloud resources ensure the isolation of user activities within their team. However, users can optionally choose to share work in order to foster greater collaboration.

  • Customizable & Managed Assets
    • Teams can add prebuilt solutions (assets, whole environments, etc.) to the library and control the distribution to team members. This delivery option allows the team leaders to control what users engage with. For example, training and exercises can be designed with specific scenarios and data for the target objectives.

  • Pro Services
    • All of the capabilities are available for self-service. For those organizations that cannot work completely in “DIY” mode and require some additional level of support or personnel, the Arcus team offers asset development services; customized training options; event management; and cyber security resources.

  • License Costs
    • The cloud reduces license costs for infrastructure and operating systems. In addition, the license management capabilities allow an organization to effectively administer a smaller set of licenses across a larger pool of users while maintaining compliance.
  • Extended Resources
    • In addition to traditional cloud resources, Arcus offers the same capabilities to embedded systems (e.g. IoT boards, FPGAs), IBM POWER Computing platform, hardware appliances and mobile devices (i.e. phones & tablets).
  • Ongoing Development
    • The capabilities in Arcus are supported by an active, on-going development effort with new releases every 1-2 weeks. Continual development allows for a rapid response to the users’ evolving needs.

  • Personalized site
    • Large Teams have the option for a dedicated site portal page with custom content (overview, support, etc.) and branding (logo, color schemes, etc.) to provide a more tailored user experience.