The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. BroadSoft Government Cloud is committed to providing Government agencies with a secure cloud solution that meets the federal government standards.
Key Benefits from the Cloud:
Easy Migration. Phase in over the top of existing infrastructure or fully implement in one project – leverage proven best practices, inclusive services for security, operations management and maintenance and an expert partner network.
End to end encryption in adherence with FIPS 140 standard. Transport Layer Security (TLS) and Secure Real-time Transport Protocol (SRTP) from IP end points at the Government agencies all the way to the cloud.
Securing government agency confidentiality
Additional regulatory certifications. In addition to FedRAMP moderate, we also comply with NIST 800-53 security controls, FISMA, HSPD-12, FIPS 140-2, FDCCI, Telework enhancement act of 2010, GSA infrastructure contract consolidation initiative, and ISO 27001.
Multi-location agency support with common controls and centralized management. Flexible, role based feature packaging for agency workers at any site with self-managed secure portals.
Increased productivity with mobile and remote workers with the same security assurance as workers at the physical desk.
SIP Trunking to allow flexibility to connect existing premise-based PBX or Key Telephone System (KTS) with secure transport from agency boundary into the cloud.
Highest standard of data center security.
Fraud prevention – vulnerabilities investigation, correction and prevention best practices. Multiple levels of security are supported including network security, intrusion and network detection, call processing and device configuration
The BroadSoft Government Cloud service is supported by equipment deployed in a geographically redundant configuration across two physical data centers. The design of the network is to ensure that, if there is a loss of connectivity to one data center location the other site can seamlessly support the voice traffic. The equipment deployed and connectivity to each data centers is built so that each site is a mirror image of the other. The BroadSoft Government Cloud supports a variety of data interconnection methods for both access to customer premise equipment and connectivity to the PSTN via Service Provider (SP) partner carrier networks.
BroadSoft Government Cloud (BGC) | High Level Network Architecture
The methodologies supported include Internet-based connectivity, connectivity via Managed Internet, or connectivity via Virtual Private Networks (VPNs). BroadSoft Government Cloud services are available regardless of the type of connecting device or connectivity method.
Security Classification and Compliance Level
The Federal Information Processing Standard (FIPS) Publication 199 de nes three levels (Low, Moderate or High) of potential impact on organizations or individuals should there be a breach of security (i.e., a loss of con dentiality, integrity, or availability). The application of these de nitions must take place within the context of each organization and the overall national interest. Due to the sensitive nature of Government communications, BroadSoft Government Cloud has pursued the Moderate control baseline for compliance and certi cation purposes. Moderate is de ned by the potential impact of a breach: The loss of con dentiality, integrity, or availability could be expected to have a serious adverse e ect on organizational operations, organizational assets, or individuals.
Security and regulatory certifications in addition to FedRAMP
Federal Information Security Modernization Act (FISMA)
Homeland Security Presidential Directive 12 (HSPD-12) – Common Identi cation Standards
FIPS 140-2 Cryptographic Module
Federal Data Center Consolidation Initiative (FDCCI)
Telework Enhancement Act of 2010
Comprehensive, Integrated Capabilities for the Government Workplace
The BroadSoft Government Cloud service is designed to allow multi-location agencies to communicate as easily and effectively as if located under a single roof while providing the convenience and cost savings of centralized management. The BroadSoft Government Cloud service structure allows multiple locations with different technology needs to exist under a single entity’s complete control. Each site can service multiple types of users, with features based on the needs of an individual staff member or role. Entity-wide service management portals, site-specific service management portals and user-specific portals can be granted to provide real-time changes in call handling and features with the appropriate level of permission.
Move seamlessly between agencies and remote offices while communicating anywhere from any device.
Teleworkers and Telecommuters
Expand telework capabilities on a wide range of devices, while maintaining secure, remote access.
Bring Your Own Device (BYOD)
Support your BYOD initiatives with seamless mobility across devices and WebRTC-enabled browsers.
BroadSoft Government Cloud can service locations with either a Hosted PBX solution or a SIP Trunking solution, depending on whether a location is equipped with a phone system (IP PBX, key system, etc.). The site type selected for a location will determine which site features are available to the location and which user features are available to the users at that location.
UC-One App Bundle
• Mobile App
• Desktop App (with S4B Option)
• Tablet App (when available)
• Video Calling
UC-One Collaboration Bundle
• Instant Messaging & Presence
• Desktop & File Sharing (up to 15)
• My Room Collaboration
User Web Portal
Inbound Fax to Email
Unified Message | Visual Voicemail
Business Class Calling Features
> 40 features
> 40 features
> 25 features
> 11 features
> 10 features
Call Queue Agent
Skype for Business
UC-One App Bundle
UC-One Collaboration Bundle
The BroadWorks Call Control platform is at the center of the network and provides the hosted telephony services and call routing for the subscriber base. There are multiple types of servers that make up the entire platform with each having a distinct function and redundancy mechanism. The servers running the BroadWorks software are physically connected to the network with Gigabit Ethernet connections to separate Ethernet switches. Session Border Controllers (SBC’s) are deployed in each data center in high availability mode, meaning there is full redundancy built into each deployed SBC cluster. On the Access side of the network, SBC’s are used to provide security for the Call Control platform and SIP connectivity to IP endpoints including NAT traversal and VPN connectivity. SBC’s are also used on the Network side for interconnection to partner carrier networks via SIP interconnections.
Oracle SBCs capable of FIPS encryption are currently deployed on both the Access and Network side. The routing and switching infrastructure consists of IP routers and switches manufactured by Juniper Networks. There are multiple connections within each data switch to servers, SBCs, and other networking equipment to ensure that no single physical port failure will result in complete loss of connectivity to the network. The supported IP endpoints rely on the resolution of DNS SRV records to signal to the SBCs. The DNS SRV records control the preferred order and signaling ports for the IP to signal towards. If connectivity to the primary SBC fails, the phones are configured to failover to the secondary address.
For PSTN connectivity, the cPBX network can be configured to signal to any number of SBCs or proxy servers. Common connections are established between the cPBX network and the SP network that are shared by all end customers of the SP partner. These connections can leverage either public Internet connectivity, using IPSEC tunnels for signaling, or private connections between the SP and the cPBX network.
BroadSoft supports a variety of network access and customers have flexibility as to how they access BroadSoft Government Cloud services.
Customers can access BroadSoft Government Cloud as a fully managed service or Over the Top (OTT):
The following diagram depicts the BroadSoft Government Cloud network boundary design:
Please note: For security boundary definition, please refer to the BroadSoft Government Cloud System Security Plan (SSP)1 on file with the FedRAMP Program Management Office. BroadSoft houses its SSP in the FedRAMP OMB-MAX repository. Federal Agency employees or contractors may review the BroadCloud Government SSP by completing a FedRAMP-Package-Request- Form, located on the FedRAMP site, and submitting the completed form to firstname.lastname@example.org.
BroadSoft Government Cloud applications and services are running on multiple servers within BroadSoft Datacenters. BroadSoft Government Cloud provides applications and services that are assured by the implementation of security and availability methods and procedures. These are designed to cover physical access and protection, network connectivity, remote and local access, application and server management, availability and customer sensitive data. BroadSoft partners with datacenter operators with years of experience in design, implementation and operation of large-scale datacenters. These facilities provide physical, environmental and access security, protecting BroadSoft Government Cloud’s physical and virtual application environments.
BroadSoft is dedicated to investigating and correcting security vulnerabilities and preventing fraud relating to the BroadSoft Government Cloud portfolio. BroadSoft Government Cloud solution specific fraud prevention and detection mechanisms include: Portals which limit access to information based on specific business functions and permissions assigned to each user. End users can only access their own information. Administrators are limited to managing information for the specific sites for which they have been authorized. Each access account has distinct credentials, authentication vectors, and permission sets. Business directory information is made available to users that have been properly authenticated to a management or client portal. Strengthened admin password policy management is avaialble on all phones to address a potential security vulnerability which could lead to user spoofing and ultimately fraudulent call activity. HTTP/HTTPS interfaces are disabled on the IP Phones to lock them down and prevent unauthorized access. Security features configured in the SBCs will block calls if the source IP and port don’t match the IP and port associated with the registration, or blacklist IP addresses sending in too many failed attempts in a short period of time.
General fraud-related practices utilized for BroadSoft Government Cloud services include:
For government agencies needing a secure and simple transition to cloud communications, BroadSoft Government is the logical choice. The BroadSoft Government portfolio suite offers an integrated, comprehensive suite of communications and collaboration functions that meet the stringent federal security requirements – ready for any mission or crisis.
The public sector workplace is changing and requires the use of new technologies that offer more standards-based mobile and secure deployment of communications services, enabling greater access to people and information across agencies. BroadSoft Government puts government workers back in command by giving teams and individuals the power to communicate and collaborate from within their workflow applications, and from the devices and networks they choose.
BroadSoft is the global market share leader oaf UCaaS with 49% market share (Synergy Research Group) and recently recognized as a “Visionary” in the 2017 Gartner UCaaS Magic Quadrant.
Commitment to Standards
BroadSoft is committed to standards-based development of its solutions, which enables interoperability with a variety of applications through APIs, systems and a rich set of pre-built integrations, so that of your communications services are connected with your business applications.
Extensive Partner Ecosystem
Our partner ecosystem ranges from leading global service providers to top technology innovators across the communications value chain. 25 of the world’s top 30 service providers across 80 countries have chosen BroadSoft as their trusted partner in cloud unified communications.
Channel partners are an important and vital extension of BroadSoft Government. They provide subject matter expertise, best practices and other value add solutions and services. BroadSoft’s channel partner program supports agents, resellers and service provider business models.
Our solutions partners are innovators across the cloud communications and collaboration value chain.
An Industry Leader
BroadSoft is the global market share leader of UCaaS with 49% market share (Synergy Research Group) and recently recognized as a “Visionary” in the 2017 Gartner UCaaS Magic Quadrant.