Nisha P. McDonnell

Designed and implemented a secure, STIG-hardened infrastructure in AWS, aligning with RMF controls. Automated baseline configuration checks and enforced compliance monitoring using native AWS services.

• Automated STIG baseline enforcement for Windows and Linux EC2 instances
• Integrated compliance findings with AWS Config for continuous monitoring
• Mapped controls to NIST 800-53 and FedRAMP baselines

Built a compliance visibility dashboard showing the live status of key security controls mapped to RMF requirements. Data is automatically ingested from Config rules, Security Hub, and STIG checks.

• Real-time view of control compliance across cloud assets
• MITRE ATT&CK and RMF control overlay for better context
• Reduced reporting lag between operations and GRC teams

Built a serverless pipeline to automate collection, formatting, and storage of control compliance evidence for NIST 800-53 controls. Replaced static manual evidence uploads with real-time data pulled from AWS Config.

• Automated evidence generation and S3 archiving on compliance state changes
• Eliminated manual documentation steps for 10+ technical controls
• Created timestamped reports aligned to RMF control families

Developed a reusable Terraform module library that codifies common NIST 800-53 and DISA STIG control requirements as IaC policies. Integrated enforcement through AWS Config and remediation via Lambda functions.

• Encapsulated control enforcement into reusable Terraform modules
• Reduced configuration drift and improved audit consistency
• Mapped Terraform resources directly to RMF control IDs

Created an automated POA&M tracking workflow that ingests AWS Config compliance findings and generates actionable POA&M entries. Non-compliance is logged and categorized by control family, severity, and resource.

• Replaced manual POA&M tracking spreadsheets with structured, queryable data
• Provided near real-time visibility into compliance posture
• Aligned findings with NIST RMF remediation workflow