A few weeks ago, we announced that the Federal Risk and Authorization Management Program (FedRAMP) Joint Authorization Board (JAB) has certified Datapipe Government Cloud for 800-53 Revision 4 controls. The FedRAMP Revision 4 controls place an increased emphasis on privacy and automation, and boast improved effectiveness over Revision 3 controls. Receiving this FedRAMP certification through the JAB requires continuous monitoring and annual reassessments to ensure that security controls are being met.
FedRAMP is a government program that provides a standardized approach for cloud products and services, with the goal of accelerating the adoption of cloud solutions for government agencies. FedRAMP’s framework includes standardized processes for security assessments that allow cloud service providers to leverage the initial Provisional Authority to Operate (P-ATO) and provides a path for ongoing assessment and authorization. Even though FedRAMP provides a framework, government agencies are tasked with selecting a cloud service provider that has a P-ATO, in addition to meeting all FedRAMP requirements.
In 2015, Datapipe received FedRAMP P-ATO, becoming one of four Platform-as-a-Service (PaaS) providers to achieve this certification. Agencies can choose between Infrastructure as a Service (IaaS), Software as a Service (SaaS), and Platform as a Service (PaaS) cloud offerings, so it’s important to know the differences and benefits of each. Traditionally, PaaS offerings are services between the SaaS layer above it and the IaaS layer below. Datapipe approaches its PaaS offering in a unique way, providing operating and security services to support the virtual operating system and virtual network layer, leaving customers to worry only about their applications and data itself.
Datapipe’s unique PaaS offering is of particular benefit to System Integrators and Independent Software Vendors who are looking to achieve FedRAMP authorization at the SaaS level. Datapipe Government Cloud allows SaaS Providers to inherit over 80% of the security controls required to demonstrate FedRAMP compliance at the SaaS level, versus only 40% of the security controls provided in a typical IaaS offering. Datapipe consultation and user guide documentation further assists SaaS Providers to demonstrate FedRAMP compliance for the remaining 20% of security controls enabling organizations to achieve SaaS FedRAMP authorization faster and at a lower cost.
This latest FedRAMP certification exemplifies Datapipe’s commitment to providing government solutions that have the latest security needs of government agencies in mind. Datapipe has been delivering government cloud solutions for over a decade, with 11 unique agencies currently putting their trust in Datapipe Government Cloud. Datapipe has also delivered cloud solutions to more than half of the cabinet-level agencies and more than 30 states.
If you’re looking for more information about FedRAMP and its certifications, check out some past blog posts we’ve written about the framework and key considerations for agencies selecting cloud services providers. You can also find a current list of approved and in-process CSPs on the FedRAMP website.
- Back to basics: FedRAMP
- Understanding the Multiple Versions of the FedRAMP ATOs
- 5in15 Webinar: How Can We Help SaaS Providers Serve the U.S. Government