CyberArk SaaS Solutions Achieve FedRAMP® High Authority

March 19, 2024 Troy Grubbs

I’m honored to share that CyberArk is FedRAMP® High Authorized and ready to support U.S. federal agencies in securing access to critical government data and systems, meeting Zero Trust mandates and advancing their missions.

Two of our leading identity security SaaS offerings, CyberArk Endpoint Privilege Manager and CyberArk Workforce Identity, have achieved Federal Risk and Authorization Management Program (FedRAMP) High Authority to Operate certification, and are now available on the FedRAMP Marketplace.

This designation reinforces CyberArk’s long-standing commitment to providing trusted, independently verified solutions that meet the U.S. government’s most stringent security requirements. And it comes on the heels of the FedRamp Authorization Act, a law that streamlines the approval process for cloud services by enabling federal agencies to implement FedRAMP-authorized solutions without additional security and risk assessments. As a standardized approach, FedRAMP reduces duplicative efforts and cost-inefficiencies while promoting innovation across the federal government.

The explosion of new identities, new environments and new attack methods has rapidly expanded the attack surface, creating an acute need for both public and private organizations to secure all identities, human and machine. By delivering FedRAMP High-Authorized identity security solutions, CyberArk is uniquely positioned to help federal agencies accelerate secure cloud adoption while protecting critical assets from damaging ransomware, supply chain attacks and emerging AI-fueled threats.

Digital Visionary Theresa Payton Weighs in on the State of Federal Cloud Adoption

I had the opportunity to speak with Theresa Payton, former White House CIO, bestselling author and founder and CEO of Fortalice Solutions, about today’s government-wide migration to the cloud. In our conversation below, we explore key opportunities and challenges, and the push to remove adoption barriers.

The federal government’s shift to the cloud has taken place slowly but surely over the past decade. Then came an unanticipated disruptor: COVID-19. Suddenly, cloud services became even more critical to advancing agency missions. Can you describe an example in action?

“When the pandemic hit, agencies were forced to work on the fly to adjust how they do business. Hitting fast forward on cloud initiatives certainly had its benefits. One example comes from the federal civilian area: The U.S. Postal Service, backed by AWS , rapidly scaled up their COVID test kit website and quickly responded to over 100 million households requesting kits.”

According to MeriTalk research, only 30% of federal, state and local government IT leaders say their cloud strategy has kept pace with this accelerated adoption; 56% say managing and securing data is their biggest challenge. Every new cloud-based initiative generates a massive number of identities, further exacerbating these concerns. How can government security leaders turn things around?

“Agencies must come to terms with several cloud-based risks that lurk beneath the surface in this new technology landscape. To see just how many threats a cloud-based organization with under-developed security protocols will face, look no further than cloud identity and access management. Beyond the schemes of cybercriminals, non-malicious human error on its own has the potential to hinder mission-critical functions in the form of misconfigured networks and mismanaged controls. Now, as agencies and private sector organizations no longer have to “build the plane while they fly it,” they should take the time to resolve any built-up technical debt and ensure proper configuration is factored into any new cloud components.”

More sensitive government information flows across cloud infrastructure and applications than ever before, yet federal cloud adoption lags the commercial sector. Procurement hurdles are contributing factors. Will measures outlined in the FedRamp Authorization Act help agencies fast-track efforts?

“Federal agencies and commercial organizations face numerous regulatory and compliance hurdles to efficiently conduct business and move the mission forward. Regulations such as FedRAMP and CMMC, though critical to discerning organization, service and product suitability, can lead to a lack of agility and efficiency when combined with each other and with other compliance requirements. Much like how multiple government agencies have required their own suitability processes on top of clearances, overlapping but differing compliance processes can lead to backlogs and delays in achieving mission success. But don’t mistake the differing regulatory requirements for being redundant or unnecessary. Look no further than the major 2020 cyber incident that was SolarWinds to understand the dire implications of any missteps in supply chain risk management.

Ultimately, threading the needle of decreasing the compliance burden while maintaining the necessary level of regulatory scrutiny may be a tightrope walk, but laws such as the FedRamp Authorization Act are a step in the right direction.”

How can programs like FedRAMP help the Department of Defense and other federal agencies achieve their Zero Trust goals and advance national cybersecurity priorities?

“FedRAMP had already begun preparing for the Zero Trust cybersecurity posture before the DoD released its Zero Trust Strategy, but as new tools, technologies and threats arise, continued attention will need to be paid by government and government-adjacent regulatory programs.

The ‘never trust, always verify’ mentality puts the security responsibility on everyone involved, which includes products and services provided to the government. By adopting Zero Trust-focused compliance requirements, FedRAMP can place a greater onus on private sector organizations to launch the federal government efficiently and expediently into a more secure and more efficient future.”

CyberArk is FedRAMP Ready to Serve

Identity-based attacks aren’t just the future. They’re the present. The front line. The new battlefield.

Fedral agencies require advanced identity security capabilities to meet their dynamic and evolving cybersecurity needs. As the pioneers of privileged access management, CyberArk offers the most complete and extensible Identity Security Platform in the world, empowering government agencies with a security-first approach grounded in Zero Trust. By applying intelligent privilege controls to all identities – human and machine – CyberArk enables secure access to any resource, anywhere, everywhere – with a single, unifed platform. Today, more than 8,000 organizations worldwide trust CyberArk to protect their critical assets and surround every identity with a powerful force field of continuous protection.

CyberArk stands FedRamp Ready to support your federal agency, protecting sensitive government data and infrastructure and helping you move forward, fearlessly, to achieve mission success and unlock the endless potential of progress, growth, innovation and hope.

Troy Grubbs is U.S. federal sales director at CyberArk.

Previous Article
CIO POV: What Makes a Good Neighbor in a Bad Cyber Neighborhood
CIO POV: What Makes a Good Neighbor in a Bad Cyber Neighborhood

“It’s discouraging to try to be a good neighbor in a bad neighborhood.” –William Castle This quote from the...

Next Article
How to Align Your Security Strategy with NIST Cybersecurity Framework 2.0
How to Align Your Security Strategy with NIST Cybersecurity Framework 2.0

After a decade in the making – or waiting, as the case may be – the National Institute of Standards and Tec...