The Biden Administration’s Executive Order (EO) on “Improving the Nation’s Cybersecurity (14028)” and memorandum on “Moving the U.S. Government Toward Zero Trust Cybersecurity Principles (OMB M-22-09)” have underscored Identity Security’s key role in protecting sensitive government data and infrastructure from supply chain-related attacks and other emerging threats.
Reinforcing CyberArk’s commitment to providing trusted, independently verified Identity Security solutions to the U.S. Government, we are announcing today that two of our leading SaaS offerings, CyberArk Endpoint Privilege Manager and CyberArk Identity, are now “In-Process” for Federal Risk and Authorization Management Program (FedRAMP) High authorization.
FedRAMP is a government-wide program that promotes the adoption of secure SaaS services across the U.S. Federal Government by providing a standardized approach to security assessment, authorization and continuous monitoring for cloud products and services. FedRAMP empowers government agencies to use modern cloud technologies, with an emphasis on security and protection of federal information. FedRAMP also serves as an important validation for U.S. state and local governments. Many organizations in the private sector look to the FedRAMP Marketplace for SaaS solutions that have met the government’s most stringent requirements for confidentiality, integrity, and availability.
As the highest level of authorization, FedRAMP High was introduced to account for some of the government’s most sensitive, unclassified data in cloud computing environments. Some of this data involves protecting the lives, reputations, and financial well-being of U.S. residents.
Today’s announcement is a significant milestone in CyberArk’s FedRAMP journey toward the High-level “Authorized to Operate” distinction held by only 42 organizations today. With this authorization, CyberArk will be uniquely positioned to help federal agencies secure access to critical data and infrastructure, protect distributed workforces and accelerate cloud innovation.
Question, Confirm and Trust — Be Supplier Smart
Highly interconnected information and communications technology (ICT) supply chains deliver critical products and services to both public and private sectors. Yet continued cyber attacks show that an organization’s supply chain is only as strong as its weakest link. This National Supply Chain Integrity Month, the U.S. Cybersecurity and Infrastructure Agency (CISA), Office of the Director of National Intelligence (ODNI) and other government and industry partners are calling for organizations to “Be Supplier Smart” as part of a unified effort to #FortifytheChain.
Cyber attackers know that the best way to gain access to a particular target — whether it’s a global enterprise, a government agency or critical infrastructure — is often through a third-party vendor or supplier. Taking steps to ensure the trustworthiness of your organization’s vendors and suppliers is a key aspect of managing supply chain risk.
CISA, ODNI and the newly established ICT Supply Chain Risk Management (SCRM) Task Force emphasize the need for organizations to conduct robust due diligence when selecting third-party providers, understand their cybersecurity practices, and establish and enforce standards throughout the lifecycle of a product or service. They’ve created a set of tools to help organizations ease third-party supplier evaluation processes, including recommendations on using qualified bidder lists to enhance supply chain security.
Authors note that “Establishing and utilizing vetted, qualified sources of supplies can limit an organization’s exposure to risk,” providing examples of widely recognized standards that organizations across all sectors can consider when building their own qualified lists, including FedRAMP for secure cloud services.
A Proven, Trusted Partner for Critical Cybersecurity Initiatives
Attackers continue to innovate, looking for new ways to exploit vulnerabilities and compromise identities deep in the supply chain to launch their attacks, then work to gain access to sensitive assets further down the chain.
As your organization works to strengthen the security of its supplier ecosystem with qualified third-party entities, see why government agencies and enterprises worldwide trust CyberArk’s proven SaaS-based Identity Security solutions to secure all identities from end to end to protect their most valuable assets.