Deploy Cloud Security (InsightCloudSec) in InsightGovCloud
Cloud Security (InsightCloudSec) operates as a fully managed Cloud Native Application Protection Platform (CNAPP), delivered through Software-as-a-Service (SaaS).
Rapid7 manages all of the platform hosting, maintenance, and updates within FedRAMP-authorized AWS environments; therefore, you are not required to perform any software installation or infrastructure deployment.
However, there are some prerequisites that you must ensure are in place before you begin.
Prerequisites
Seek these administrative requirements in advance:
- Agency Authorizing Official (AO) approval for SaaS service utilization.
- Access to the FedRAMP authorization package documentation.
- Procurement approval and executed service agreement.
You will need these technical access permissions to ensure a smooth deployment:
- Administrator access to cloud accounts for integration and monitoring.
- An identity management system for user authentication, such as SAML, LDAP, or Active Directory.
- Network connectivity to the cloud service endpoints.
Task 1: Onboard a cloud account
To integrate a cloud account into your InsightGovCloud environment, follow the instructions in Onboard a Cloud Account .
Task 2: Configure automated responses
To configure automated responses using bots: Before you get started, read about automating with bots .
- Create a bot for the responses you want to automate.
- Configure the notification channels to receive messages from the automation. If you are configuring an integration to handle notifications, complete Task 3.
Task 3: Configure integrations
Cloud Security (InsightCloudSec) supports a variety of third-party integrations. The integrations can handle inbound functionality (data aggregation and collection) and outbound capabilities (notifications and ticketing).
In addition to these integrations, you can also use Jinja2 template capabilities .
The available Rapid7 integrations are SIEM (InsightIDR) and Vulnerability Management (InsightVM) .
To set up a third-party integration, view the integrations overview and select the integration documentation from the navigation menu.
The Splunk integration is not available
The Splunk integration is not currently available for use in the InsightGovCloud environment. If you require more information, please contact your Rapid7 Customer Success Advisor (CSA).
Task 4: Activate the service
To prepare your environment to go live:
- Complete a final security review.
- Validate that your FedRAMP controls are correctly implemented.
- Configure your monitoring dashboards.
- Establish your incident response procedures.
Transitioning from an existing commercial account
To transition from the commercial SaaS offering to the InsightGovCloud environment, you will be required to update the authentication methods for your cloud accounts.
This change is necessary because InsightGovCloud operates within AWS GovCloud, which has cross-partition connectivity requirements that are different from standard commercial AWS environments.
The authentication method used depends on whether your accounts are in the same AWS partition (commercial-to-commercial or GovCloud-to-GovCloud) or require cross-partition access (commercial-to-GovCloud). Non-AWS cloud accounts will continue to use access keys regardless of the environment.
This table details the authentication changes that you must make for each account type.
| Current Environment | Account Type | Authentication Method | Action Required |
|---|---|---|---|
| Commercial SaaS | Commercial AWS accounts | Assume role | Convert to access keys for FedRAMP/GovCloud integration |
| Commercial SaaS | GovCloud AWS accounts | Access keys | Convert to assume role for improved security within GovCloud partition |
| Commercial SaaS | Non-AWS accounts such as Azure or GCP | Access keys | No change - continue using access keys |
| FedRAMP Environment | GovCloud accounts (same partition) | Assume role | Maintain assume role - no change needed |
| FedRAMP Environment | Commercial accounts (cross-partition) | Access keys | Continue using access keys - required for cross-partition access |
| FedRAMP Environment | Non-AWS accounts such as Azure or GCP | Access keys | No change - continue using access keys |
These are some important things to understand about authentication changes:
- Same Partition: Commercial ↔ Commercial or GovCloud ↔ GovCloud = Assume role supported
- Cross Partition: Commercial ↔ GovCloud = Access keys required (AWS limitation)
- Non-AWS Accounts: Always use access keys regardless of environment, for example for Azure, GCP, or on-premises.
- Migration Impact: Only AWS account authentication methods change during FedRAMP transition
View FedRAMP compliance reports
After your environment is deployed, an initial harvest of information will begin. Once that harvest has taken time to complete, you can view compliance reports for each of the compliance packs that are available.
To view the FedRAMP compliance reports:
- From the Command Platform home page in InsightGovCloud, open Cloud Security.
- Navigate to Security > Insights > Compliance Packs.
- In the Search bar, type
FedRAMPto view the active compliance packs. - Select a FedRAMP compliance pack and, from the actions menu, click Open Pack Details > Compliance Reporting.
You can also view the compliance report for the NIST 800-53 compliance pack by searching for it in the same way.
From the Compliance Reporting tab, you can view data such as the percentage of non-compliant resources.