FedRAMP Security: Maximum Security for Your Most Sensitive Content
Kiteworks’ FedRAMP is deployed on a virtual private cloud in AWS for all processing. It features a dedicated server, isolated from all other customers on Amazon Cloud. Single tenancy provides organizations with sole encryption key ownership and fully encrypted file storage and transfer; neither Kiteworks, AWS, nor law enforcement agencies have access to content. Kiteworks on FedRAMP is, per FedRAMP requirements, supported within the United States by U.S. citizens and must undergo a rigorous audit process every year to retain FedRAMP certification.
LEARN MORE ABOUT KITEWORKS’ SECURITY CAPABILITIES AND FEATURES
FedRAMP Maintenance: Continuous Testing to Ensure the Highest Level of Security Is Maintained
FedRAMP authorization is far from a “one-and-done” compliance requirement. Kiteworks undergoes a rigorous personnel, IT, and physical security audit—400 controls in total—every year to maintain FedRAMP compliance. In between audits, Kiteworks’ security team engages in continuous monitoring and vulnerability scanning to test and ensure platform stability. This includes thoroughly documenting security processes and assessments of related systems, as well as rigorous, proactive remediation and plan of action and milestones for mediation tracking. Lastly, Kiteworks employees who support FedRAMP authorization undergo ongoing training and certification to remain up to date with current requirements.
FedRAMP Benefits Do More With FedRAMP Authorization
FedRAMP authorization is much more than a certification or compliance requirement. While government agencies are required to use a FedRAMP authorized cloud service provider (CSP), the private sector considers a FedRAMP authorized file sharing solution a best practice for protecting confidential information. Businesses that use a FedRAMP authorized solution in fact gain a distinct competitive advantage. Why? By using a FedRAMP authorized solution for sharing sensitive content, businesses demonstrate to their stakeholders—customers, partners, employees, and directors—that content security is paramount. There are additional benefits. Using a FedRAMP authorized file sharing solution like Kiteworks satisfies compliance requirements for NIST 800-171 and ITAR, and supports GDPR, SOC 2 (SSAE-16), FISMA, FIPS 140-2, and EAR compliance.
Kiteworks touts a long list of compliance and certification achievements.
Frequently Asked Questions
FedRAMP authorization is a security assessment and authorization program created by the United States government to ensure that cloud service providers (CSPs) meet specific security standards. FedRAMP stands for Federal Risk and Authorization Management Program. This program was created to standardize the process by which federal agencies assess, authorize, and monitor CSPs.
Any cloud service provider that wishes to provide cloud services to federal agencies or departments must undergo the FedRAMP authorization process. This includes Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), and Software-as-a-Service (SaaS) providers. All cloud service providers that wish to offer services to federal agencies or departments must go through the FedRAMP authorization process. Cloud service providers can achieve authorization for their cloud offerings through various paths, including Agency Authorization, JAB Authorization, and DoD Impact Level Authorization. The FedRAMP authorization process is mandatory for any cloud service provider that wishes to do business with federal agencies or departments, and failure to obtain authorization can result in losing out on government contracts.
FedRAMP authorization is a several-step process that includes security assessment, documentation, and authorization. All three steps must be completed for cloud service providers to achieve FedRAMP authorization. The three most important pieces of information about the FedRAMP authorization process are:
- The FedRAMP security assessment step involves developing a system security plan (SSP) to document the organization’s security posture by documenting all system components and the security control implementation for each.
- The security assessment step involves a Third Party Assessor Organization (3PAO) that conducts a thorough evaluation of the cloud service provider’s security controls and system.
- The documentation step involves the cloud service provider submitting detailed documentation to the FedRAMP Program Management Office (PMO) to demonstrate compliance with the FedRAMP security standards. Finally, the authorization step involves the government authorizing the cloud service provider to provide services to federal agencies.
FedRAMP authorization streamlines the process for cloud service providers to offer services to federal agencies, reducing duplication of effort and increasing marketability. FedRAMP authorization also provides federal agencies with a higher confidence in the security of cloud services and reduces the risk of data breaches. FedRAMP authorization ensures a consistent and cost-effective approach to security assessment and authorization for cloud service providers. Finally, FedRAMP authorization provides CSPs a competitive advantage in the marketplace because they have demonstrated they have achieved a rigorous security and governance process to protect information belonging to the U.S. government.
A Third Party Assessor Organization (3PAO) plays a critical role in the FedRAMP authorization process. They are responsible for conducting an independent assessment of the cloud service provider’s security controls and system to determine whether they meet the FedRAMP security standards. They then provide their report to the Joint Authorization Board (JAB) who reviews the security assessment package and the 3PAO’s recommendation to determine whether the CSP meets the FedRAMP minimum security requirements.