Quickstart Guide¶

Game Warden is Second Front's secure application hosting platform designed to accelerate software delivery to restricted government environments. Whether you're deploying mission-critical applications to Department of Defense (DoD) networks, federal civilian agencies, or commercial environments, Game Warden provides the infrastructure, security controls, and authorization pathways to get your software into the hands of warfighters and government users.

This guide walks you through the complete journey: from choosing your deployment target to achieving authorization and maintaining operations.

Your journey to production¶

Building and deploying applications on Game Warden requires careful planning across four key phases. Each phase builds upon the previous one, ensuring your application meets the stringent security and compliance requirements necessary for government operations.

Phase 1: Choose your deployment path¶

What you'll decide: Which authorization framework and environment your application will target.

Why this matters: Different government customers require different security authorizations. Selecting the right path early prevents costly rework and ensures you build toward the correct compliance standards from day one.

Explore the tabs below for deployment options.

DoD DeploymentFedRAMP DeploymentCommercial Deployment

Best for: DoD missions and military operations

What you need to know:

Impact Levels: Your application will be categorized as IL2, IL4, IL5 or IL6 based on the sensitivity of data it handles:
- IL2: Public unclassified information
- IL4: Controlled Unclassified Information (CUI)
- IL5: Mission-critical CUI requiring the highest protection
- IL6: Classified information up to the Secret level
Authorization: Requires Certificate to Field (CtF)/Software Approval
Network Access: Deployed to NIPRNet or other DoD-approved networks

Best for: Federal civilian agencies (non-DoD)

What you need to know:

Impact Levels: Based on FIPS 199 classification (Low, Moderate, High)
Authorization: Requires FedRAMP Authorization to Operate (ATO)
Documentation: Develop comprehensive Body of Evidence (BoE)
Assessment: Third-Party Assessment Organization (3PAO) evaluation
Remediation: Address findings through Plan of Action and Milestones (POA&M)
Continuous Monitoring (ConMon): Monthly security scans, incident reporting, MFA, encryption

Best for: Private sector delivery, testing, and initial development. Many teams start here to validate their application works on Game Warden infrastructure before pursuing DoD or FedRAMP authorization.

What you need to know:

Purpose: Streamlined environment for rapid iteration and testing
Common Use: Initial landing zone for vulnerability remediation before government authorization
Security: Industry-standard security controls without government authorization requirements

Phase 2: Build & initial assessment¶

What you'll do: Align your application architecture with Game Warden’s entrance criteria and participate in a preliminary build assessment with the Second Front team.

Why this matters: Most applications require specific adjustments to run in a hardened, regulated environment. By assessing your existing build against our requirements early, we can identify necessary architectural shifts-such as containerization tweaks or networking changes-before you begin the formal implementation. This proactive alignment ensures your "initial" build is as close to production-ready as possible.

Entrance requirements & guidance:

General Requirements: Review high-level compliance and operational standards.
Technical Requirements: Ensure your build supports required logging, health checks, and storage patterns.
Supported Design Patterns: Compare your current architecture against approved platform patterns.
External Data Connections: Plan for secure communication with off-cluster resources.

Phase 3: Implement and deploy¶

What you'll do: Work with Second Front to deploy your application to your target environment and achieve authorization.

Why this matters: This is where your application moves from development to production. The implementation process is tailored to your deployment type and includes technical integration, security documentation, and authorization activities.

Phase 4: Day 2 operations¶

What you'll do: Maintain your application's security posture, respond to incidents, and manage ongoing compliance.

Why this matters: Authorization isn't a one-time event—it's an ongoing responsibility. Failure to maintain compliance can result in loss of production access, security incidents, or authorization revocation.

Critical operational responsibilities:

Security & Authorization MaintenanceIncident & Disaster ReadinessCritical Expirations & Renewals

Monitor software changes: Review the Significant Software Changes guide. Major architectural shifts may require new authorization.
Maintain security hygiene: Continue standard security practices and vulnerability remediation to ensure your posture remains valid.

Incident Response: In the event of a security anomaly, follow the Incident Report Procedure immediately.
Disaster Recovery: Familiarize your team with the Disaster Recovery Procedure to ensure rapid restoration during a system failure.

Renew the following authorizations prior to expiration to avoid service disruptions.

CtF/Software Approval
Memorandum for Record (MFR) (required for AFWERX deployment only)
FedRAMP ATO

The journey to production is a partnership. Second Front is here to guide you every step of the way—from initial planning through Day 2 operations and beyond.