CloudPassage today announced that it is the first Cloud Service Provider (CSP) to achieve “FedRAMP Ready” status through the new accelerated Federal Risk and Authorization Management Program (FedRAMP Accelerated). Earning FedRAMP Ready status is the first phase in a three-phase process to attain an authorization to operate (ATO). As a result, the CloudPassage Halo platform is now listed on the FedRAMP marketplace for federal agencies and government contractors. Unique to this process, CloudPassage leveraged its own Halo security platform to reach FedRAMP Ready status.
In response to government entities looking to leverage cloud computing while facing an outbreak of sophisticated nation-state cyber attacks, Washington issued a set of strict security standards that vendors must meet for FedRAMP compliance. Federal agencies and government contractors can now be confident that CloudPassage is likely to attain an authorization to operate or an approval from the Joint Authorization Board (JAB).
FedRAMP Accelerated launched in March 2016 to provide a faster, more predictable audit timeline and process for vendors seeking to become ready, in process of, or authorized to serve government agencies. CloudPassage is now listed as one of the few CSPs that are FedRAMP Ready in the FedRAMP Marketplace and is continuing in the next phase of the evaluation process towards “Authorized” status. Schellman & Company (formerly BrightLine) is the independent, third-party assessment organization (3PAO) engaged to perform the FedRAMP assessment of CloudPassage.
“Achieving FedRAMP Ready status is a big milestone for CloudPassage, as it demonstrates that we are a trusted cloud service provider that upholds high standards and meets FedRAMP’s rigorous review process,” said Bart Westerink, Senior Director of Security and Compliance, CloudPassage. “In order to meet FedRAMP Ready status, we were assessed for critical controls such as the use of approved cryptographic modules; continuous monitoring capabilities; authentication, authorization and access controls; and configuration and risk management. Federal agencies and government contractors can now leverage CloudPassage Halo to securely take advantage of the benefits of cloud infrastructure. In addition, other CSPs seeking to attain FedRAMP Ready status will find that CloudPassage Halo can help them satisfy a significant portion of the technical and operational controls that they need for a FedRAMP ATO.”
“Government organizations need to be assured that their cloud solutions meet a consistent and high bar for cloud security controls,” said Doug Barbin, Principal, Schellman & Company. “FedRAMP enhances the level of transparency between government and cloud service providers, and we are impressed with the speed at which the new FedRAMP Accelerated program is working.”
FedRAMP is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. FedRAMP is the result of close collaboration with cyber security and cloud experts from the General Services Administration (GSA), National Institute of Standards and Technology (NIST), Department of Homeland Security (DHS), Department of Defense (DOD), National Security Agency (NSA), Office of Management and Budget (OMB), the Federal Chief Information Officer (CIO) Council and its working groups, as well as private industry.