How Passwords Get Compromised
Have you ever checked on your passwords and noticed a warning that they’ve been compromised? One compromised password can put all your credentials at risk, but how does this happen? Your passwords may be showing as...
Looking for tools and technologies to help protect your government agency or public sector organization from cybercriminals can be intimidating. Luckily, the Federal Risk and Authorization Management Program (FedRAMP) has made the selection process more manageable. Government organizations can use the FedRAMP marketplace to find and compare credible and secure authorized vendors.
The Federal Risk and Authorization Management Program (FedRAMP) was created by the U.S. government to achieve a standardized approach to security assessment, authorization and continuous monitoring for cloud products and services.
According to the Market Connections FedRAMP Survey Results Report, 91% of federal agency respondents and 93% of state and local respondents said they have systems and solutions in the cloud. FedRAMP helps promote the adoption of cloud computing by government agencies through setting clear standards and processes for security authorizations. A cloud service provider (CSP) undergoes a rigorous authorization process for a particular cloud service offering (CSO) so that it can be listed in the FedRAMP marketplace. This reassures federal agencies, state and local governments and other public sector organizations that the service meets FedRAMP requirements.
In fact, 95% of federal respondents and 97% of state and local respondents saw benefits, beyond adhering to mandates, from moving to a FedRAMP Authorized solution. Some benefits include long-term cost savings and acceleration to broader cloud adoption.
There are currently two approaches to getting FedRAMP authorization: Joint Authorization Board (JAB) or an agency authorization.
The JAB process is only available to 12 CSOs per year. FedRAMP Connect is the process by which CSPs are evaluated based on the JAB Prioritization Criteria and prioritized to work with the JAB. To qualify, these CSPs must demonstrate government-wide demand. If selected and successful, the CSP receives provisional Authority to Operate (P-ATO).
Authority to Operate (ATO) can also be obtained through an agency. This is when agencies work directly with the CSP to gain approval. Despite not working with the JAB, the authorization process is quite similar.
Visit fedramp.gov for more information on the authorization process.
Federal agencies are required to use FedRAMP-certified CSOs. However, choosing a FedRAMP-certified password management solution such as Keeper Security Government Cloud is also beneficial for other public sector organizations, as well as private-sector organizations. Companies that have completed the rigorous FedRAMP authorization process have proven their commitment to maintaining the highest standards of cybersecurity.
The FedRAMP Marketplace makes it easy for federal agencies to find FedRAMP Authorized cloud service offerings (CSOs).
Users looking for FedRAMP Authorized cloud services can explore the marketplace through the search bar. All services in the process of becoming authorized will appear on the list. There are three statuses shown in the marketplace:
Keeper’s password and secrets management platform is FedRAMP Authorized and available in the AWS GovCloud. Our zero-knowledge and zero-trust architecture means your team’s information is safe and secure—at every level. Keeper implements the highest levels of secure encryption. Our internal practices are frequently audited by third parties so that we can continue to develop secure software and provide the most secure cybersecurity platform.
FedRAMP certification varies depending on the CSP’s path and agency.In 2016, the government wanted to create a faster timeline for FedRAMP certification. According to FedRAMP Accelerated: A Case Study for Change Within Government, any CSP undergoing the JAB process should receive a decision within six months of the start of the process. However, this aspirational case study is not the reality for CSPs undergoing the FedRAMP certification process. Currently, FedRAMP authorization continues to take years to complete.
Several variables affect the cost of FedRAMP certification since CSPs must cover the costs of:
FedRAMP draws from several NIST Special Publication (SP) documents, including NIST SP 800-53 for system controls and NIST SP 800-37 for risk management.