Masonry, a Compliance as Architecture Framework

Monkton developed the Masonry Compliance as Architecture (MCA) Framework to facilitate helping the government build and deploy mobile mission related solutions. We have provided Masonry under the Creative Commons By 4.0 License, meaning your organization can use and customize Masonry without issue from public to commerical uses - all that is required is attribution to Monkton, Inc.

Masonry Compliance Mapping (Preview)

Understanding how you have a compliant architecture is knowing which standards apply for each segment of the system. Below you'll see the mapping, tied to the information assurance level, to the requisite standards for the requisite type of information system - from identity, apps, to cloud.
Project Use Case and Content Types Digital Identity Mobile App, Device, OS Cloud Service Provider (Datacenter)
Use Case to Security Standard Alignment NIST SP 800-63-3 Common Criteria/NIAP FedRAMP DoD SRG
Non-Sensitive Public Domain & FOIA-available Content Level 1 Reasonable RMF FedRAMP Low/Moderate or DoD IL-2
Sensitive - DoD CUI (FOUO, PII, PHI, SBU, etc) Level 2 NIAP Compliant FedRAMP Moderate or DoD IL-4
Sensitive - Citizen Services CUI (PII, PHI) Level 2 NIAP Compliant or equally equivalent security baseline FedRAMP Moderate or DoD IL-4
Sensitive - Civilian CUI (FOUO, PII, PHI, SBU, etc) Level 2 NIAP Compliant or equally equivalent security baseline FedRAMP Moderate or DoD IL-4
Highly Sensitive (Classified) NSS and SECRET Level 3 NIAP Validated FedRAMP High or DoD IL-5, IL-6