Arrays Global
EmployeeContact
All verticals// Federal & Government-Adjacent

FedRAMP. CMMC. FISMA. Active compliance — not audit-readiness theater.

Three organizations operating under live federal regulatory obligations. The positioning is only credible because the compliance ran in production: managing real DoD programs, federal employee health data, and government surplus contract vehicles.

// The rare intersection

Healthcare security depth + active federal compliance credentials = a market position very few firms can enter legitimately.

Government health IT demands both simultaneously — not as separate practices, not as pre-assessment compliance reviews, but in production with live program obligations. That's where the Magellan engagement sits. Federal compliance without a live ATO behind it is a claim, not a credential.

// Federal-adjacent organizations

Three organizations operating under federal regulatory frameworks.

01

Magellan Health

FedRAMP authorized — behavioral health services for federal employee & military programs (CMMC-aligned)

02

Federal Home Loan Bank of New York

Government Sponsored Enterprise — OFHEo / FHFA regulatory environment

03

Liquidity Services

Government surplus marketplace — federal contract vehicle fulfillment

// Compliance frameworks

Four federal compliance regimes — all production-delivered.

FedRAMP
Authorized

Cloud services in federal use require FedRAMP authorization — a process that goes well beyond standard security certification. The Magellan Health engagement maintained an active ATO across behavioral health workloads serving DoD Employee Assistance Programs and federal civilian health plans, with continuous monitoring and 3PAO assessment cycles.

ATO maintenance
Continuous monitoring (ConMon)
3PAO assessment support
POA&M management
CMMC
Level 2

DoD suppliers handling Controlled Unclassified Information must achieve and maintain CMMC Level 2. Behavioral health data for active military personnel and federal employees carries CUI classification — making this a live operational requirement rather than a pre-contract exercise.

110 NIST SP 800-171 practices
CUI data classification
Incident response procedures
Supply chain risk management
FISMA
Moderate

FISMA sets the baseline security requirements for all federal information systems. Applied across both the Magellan federal accounts and FHLB New York — a federally chartered GSE subject to FHFA oversight — FISMA compliance shaped the technical architecture and the audit posture of both engagements.

NIST 800-53 Rev 5
Security categorization (FIPS 199)
System Security Plan (SSP)
Annual assessments
GSE Regulatory
FHFA / OFHEO

Federal Home Loan Banks operate under FHFA oversight — a compliance environment distinct from both standard bank regulation and pure federal agency requirements. Housing finance mission obligations, federal charter accountability, and FHFA examination readiness all run simultaneously.

FHFA examination readiness
Federal charter compliance
Housing finance mission alignment
Counterparty risk frameworks
// Technical capabilities

The technical surface area of federal compliance delivery.

These disciplines — zero trust architecture, continuous monitoring, federal data classification — transfer into any high-compliance environment, not only federal engagements.

FedRAMP Authorization & ATO process management
CMMC (Cybersecurity Maturity Model) implementation
FISMA & NIST 800-53 control frameworks
Secure cloud architecture (AWS GovCloud, Azure Government)
Federal data classification & handling procedures
Zero trust network architecture
Supply chain risk management (SCRM)
Continuous monitoring & audit logging (ConMon)
If the engagement carries FedRAMP, CMMC, or FHFA requirements — and the stakes are too high for firms still building that track record — this is worth a direct conversation.
Start the conversation
// Ready to start

Let's shape the future of your business — together.

30-minute discovery call. No deck. We listen, we sketch, we follow up with a written plan inside 5 business days.