Blog

What is FedRAMP Certification? Cloud Compliance and Authorization

FedRAMP (Federal Risk and Authorization Management Program) is a government-wide program that streamlines the assessment, authorization and continuous-monitoring (ConMon) requirements for cloud-based IT services. It is how the federal government ensures that its cloud IT services do not put sensitive data or systems at unnecessary risk. Bottom line, Cloud Service Providers (CSPs) wanting to serve US government agencies must first obtain a FedRAMP Authorization to Operate (ATO). The process of obtaining an ATO is commonly referred to as FedRAMP certification or FedRAMP compliance. Designed to apply the National Institute of Standards and Technology’s (NIST) Risk Management Framework (RMF) approach to cloud solutions, the FedRAMP program embraces the concept that CSPs can build and verify their compliant Cloud Service Offerings (CSOs) once and use that verification to deliver it multiple times to multiple agencies. The FedRAMP program was introduced in 2011 as a natural step in the government’s IT modernization efforts

Read More »

FedRAMP Marketplace Outlook for 2023

Happy new year! US Federal Agencies are expected to spend nearly $19B on cloud services by 2024. In order to participate in the Federal and DOD marketplace, a key requirement for commercial cloud solution providers is the ability to obtain and maintain FedRAMP certification. The FedRAMP program is expected to continue to grow given the recent passage of the FedRAMP Authorization Act as part of the NDAA. For organizations planning to pursue FedRAMP certification in 2023, here are some helpful resources for further analysis and planning. FedRAMP Authorization Act: Implications for Cloud Service Providers Preparing for FedRAMP – Whitepaper Achieving DOD IL-4 ATO Lessons Learned How much does it cost to prepare for FedRAMP We hope you find these resources helpful. Please contact us to schedule a free consultation and planning discussion.

Read More »

FedRAMP Authorization Act: Implications for Cloud Service Providers and Agencies

This is the first of a series of blogs on the evolving landscape of secure commercial cloud computing enabled by the FedRAMP program. The President signed into law H.R. 7776, the “James M. Inhofe National Defense Authorization Act for Fiscal Year 2023”, which includes the FedRAMP Authorization Act. The FedRAMP Authorization Act codifies the Federal Risk and Authorization Management (FedRAMP) Program, which is a Government-wide initiative that provides a standardized, reusable approach to security assessment and authorization for cloud computing products and services that process unclassified information used by agencies. The FedRAMP program is governed by the FedRAMP Program Management Office (PMO) within the General Services Administration (GSA). The FedRAMP Program was established in 2012 through an Office of Management and Budget (OMB) memorandum. The passage of the FedRAMP Authorization Act codifies this program into a law enacted by Congress with formal congressional scrutiny and oversight. This blog provides an

Read More »

Checkmarx Expands its U.S. Federal Government Cloud Service Offerings as it Initiates the Process for a FedRAMP Authorization

The Checkmarx One™ Application Security Platform is preparing to meet the rigorous requirements of FedRAMP alongside the currently authorized Checkmarx CxSAST ATLANTA, Oct. 31, 2022 /PRNewswire/ — Checkmarx, the global leader in developer-centric application security testing (AST) solutions, today announced that it has initiated the process to achieve Federal Risk and Authorization Management program (FedRAMP®) authorization status for its Checkmarx One™ Application Security Platform. FedRAMP promotes the adoption of secure cloud services across the federal government by providing a standardized approach to security assessment, authorization and continuous monitoring for cloud products and services. The company has engaged stackArmor, Inc., a leading provider of FedRAMP engineering and advisory services, to guide Checkmarx through the FedRAMP authorization process. For over 10 years, the experts at stackArmor have been guiding cloud service providers through the process of meeting government compliance standards including the Federal Information Security Modernization Act (FISMA), FedRAMP, and standards set

Read More »

TERIDA Achieves FedRAMP® ‘In Process’ Designation for its RegTech Framework CLASsoft™

PINEHURST, NORTH CAROLINA, USA, December 22, 2022 /EINPresswire.com/ — TERIDA, the award-winning, women-owned-controlled-led, RegTech small business, today, announced the next stage of their Federal Risk and Authorization Management Program (FedRAMP®) journey – ‘FedRAMP In Process’ designation for their cloud platform, the Terida RegTech Framework – CLASsoft™. This ‘FedRAMP In Process’ status is FedRAMP confirmation that TERIDA is working to achieve FedRAMP authorization per the scheduled timetable. FedRAMP is a U.S. government program, established in 2011, that provides a standardized approach to security and risk assessment, and authorization and continuous monitoring for cloud technologies. And now, with the FedRAMP Act included within the 2023 National Defense Authorization Act, the “legislative framework” for critical cyber security requirements, authorization, compliance and government procurement of cloud solutions has been prioritized with bipartisan support. “Since moving to the cloud in 2017, we have been deliberate in our commitment to cyber security and privacy standards and

Read More »

stackArmor Supports MicroStrategy in Getting FedRAMP Authorization to Operate

stackArmor’s ThreatAlert® ATO Accelerator helps ISVs and SaaS providers reduce the time and cost of FedRAMP authorizations December 21, 2022 14:16 ET | Source: stackArmor, Inc. TYSONS CORNER, Va., Dec. 21, 2022 (GLOBE NEWSWIRE) — stackArmor, Inc., a leading provider of Federal Risk and Authorization Management Program (FedRAMP®), Federal Information Security Modernization Act (FISMA), CMMC 2.0, and StateRAMP security & compliance acceleration solutions, announced today that it has advised MicroStrategy, in gaining FedRAMP authorization of the MicroStrategy Cloud for Government cloud service offering built on a high-performance cloud-native Kubernetes architecture. FedRAMP promotes the adoption of secure cloud services across the federal government by providing a standardized approach to security assessment, authorization, and continuous monitoring for commercial cloud products and services. For over 10 years, the experts at stackArmor have been guiding cloud service providers through the process of meeting government compliance standards, including FISMA, FedRAMP, and standards set by the National

Read More »

stackArmor Supports Forcepoint Expansion of Its Cloud Service Offerings by Adding CASB, ZTNA and SWG to FedRAMP Authorization

stackArmor’s ThreatAlert® ATO Accelerator helps ISV’s and SaaS providers reduce the time and cost of FedRAMP authorizations TYSONS, Va., November 16, 2022–(BUSINESS WIRE)–stackArmor, Inc., a leading provider of Federal Risk and Authorization Management Program (FedRAMP®), Federal Information Security Modernization Act (FISMA), CMMC 2.0, and StateRAMP compliance acceleration solutions, announced today that it has assisted Forcepoint, a Global security leader, in expanding the FedRAMP authorization of the Forcepoint ONE all-in-one cloud platform. FedRAMP promotes the adoption of secure cloud services across the federal government by providing a standardized approach to security assessment, authorization and continuous monitoring for cloud products and services. stackArmor, Inc. has continued to support Forcepoint through their FedRAMP journey from initial authorization through the FedRAMP significant change and annual assessment process for Forcepoint ONE. Forcepoint ONE is the converged, cloud-delivered platform for Security Service Edge (SSE, the security component of SASE) that protects agency employees and contractors working

Read More »

Ermetic Initiates U.S. Federal Government FedRAMP Authorization for Authority to Operate

Cloud Security Provider Names Ben McGucken to Head Federal Sales and Announces Support for AWS GovCloud (US) and Azure for US Government BOSTON & TEL AVIV, Israel, September 14, 2022–(BUSINESS WIRE)–Ermetic, the cloud infrastructure security company, today announced that it has initiated the process to achieve Authority to Operate (ATO) status under the Federal Risk and Authorization Management Program (FedRAMP). FedRAMP is a government-wide program that promotes the adoption of secure cloud services across the federal government by providing a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. The company also announced the appointment of Ben McGucken as regional vice president of sales for US Federal and Latin America, who will lead the company’s FedRAMP certification. In addition, the Ermetic cloud security platform now supports AWS GovCloud (US) and Azure for US Government – which are designed to address specific regulatory and compliance requirements

Read More »

FedRAMP ATO: Time to Compliance and Authorization

Understanding FedRAMP time to compliance is one of the first questions ISVs and SaaS companies looking to work with US Government agencies. Typical timelines can vary between 6 months to 24 months depending on the quality of preparation, agency backlog and complexity of the system. However, answering this question “how much time will it take?” in the quest for a Federal Risk and Authorization Management Program (FedRAMP) Authorization has many nuances and is critical for planning and budgeting purposes.  The correct answer to this question is… “it depends.” From low to high estimates, the journey can take anywhere from six months to two-plus years, with most efforts falling somewhere in between. The good news is the emergence of FedRAMP acceleration solutions (including compliant infrastructure as-a-service (IaaS) and platform as-a-service (PaaS) offerings) means cloud solutions are no longer starting from scratch when establishing FedRAMP compliance. Notional Timeline for FedRAMP ATO Journey:

Read More »

How to get FedRAMP Authorized: Joint Authorization Board

In a previous Blog, stackArmor reviewed the process of obtaining an agency sponsored Federal Risk and Authorization Management Program (FedRAMP) Authority to Operate (ATO). Any cloud service provider (CSP) serving government agencies must have a FedRAMP Authorization. This blog will address the second, less common path to obtaining a FedRAMP Authorization: through a Joint Authorization Board (JAB) sponsorship. The JAB is FedRAMP’s primary governing body whose board includes Chief Information Officers (CIOs) from the following three federal organizations: Department of Defense (DoD) General Services Administration (GSA) Department of Homeland Security (DHS) A JAB authorization is slightly different than an agency authorization as it results in a Provisional ATO (P-ATO). It is provisional because the JAB cannot accept risk on behalf of any agency, only an agency can do that with their ATO. Agencies are still able to access and use the available P-ATO package to grant their own ATO, making

Read More »

How to get FedRAMP Authorized: Agency

Providing cloud solutions to government agencies requires those cloud solutions to hold a Fedal Risk and Authorization Management Program (FedRAMP) Authorization to Operate (ATO). There are 2 paths to obtaining a FedRAMP ATO: Sponsorship by an Agency and a provisional ATO (P-ATO) through the Joint Authorization Board (JAB). This blog will cover the path to ATO through an agency sponsor since agency ATOs account for 70 percent of all FedRAMP ATOs. JAB PATOs will be covered in a separate blog. 1 – Find an agency willing to sponsor the cloud service offering (CSO). Finding an agency to sponsor and champion a Cloud Service Offering (CSO) through the FedRAMP process is probably the longest pole in the tent for getting the coveted FedRAMP Authorization. The issuance of an  agency ATO represents an acceptance of risk associated with the CSO on the part of the agency’s authorizing official (AO).A prime  candidate for

Read More »

Before Pursuing FedRAMP Certification

There is an explosion of information out there on Federal Risk and Authorization Management Program (FedRAMP) timelines and authorization processes which can be overwhelming to sort through, adding unnecessary confusion to an already complex process. Many of the discussions around steps to FedRAMP Authorization largely gloss over one of the most important phases of a FedRAMP journey – the planning, analysis and preparation phase that precedes deployment and assessment. 1 – Planning for pursuit of a FedRAMP Authorization A FedRAMP journey has organization-wide impacts including but not limited to, technical implications, impacts to existing DevOps and DevSecOps programs; configuration management and versioning processes; employee security awareness and training; and even hiring guidelines – since most agencies have strict U.S. citizenship requirements for Cloud Service Provider (CSP) operators. Understanding why a cloud service offering (CSO) needs FedRAMP, how a FedRAMP Authorization works into broader company objectives, and what it will take

Read More »