We are proud and excited to announce that SpringCM has officially achieved FedRAMP Authorization!
As the use of cloud-based Software as a Service (SaaS) has skyrocketed across all industries, so have concerns about security of data and the associated documents. The public sector in particular has worked aggressively to remain at the forefront of data security, anticipating and responding to potential threats and liabilities.
In order to make sure anyone managing Federal data is held to a measurably high standard of cybersecurity, the U.S. government implemented FedRAMP, The Federal Risk and Authorization Management Program. Since 2011, the FedRAMP authorization process has set the benchmark for cloud service providers' cyber security profiles.
Prior to FedRAMP, providers were authorized through FISMA, the Federal Information Security Management Act. With FISMA, assessments were performed by each agency directly or by any third party who conducts security assessments.
FedRAMP was created to ensure a common framework for the assessment of cloud products and services, and it’s a far more stringent authorization process.
Currently on the FedRAMP website, there are only 89 cloud solution providers worldwide that are authorized. And the names of those solutions are synonymous with some of the biggest leaders in tech; government-facing cloud solutions by Salesforce, IBM, Google, Amazon, Oracle, Microsoft and Adobe, are all FedRAMP authorized. SpringCM is proud to join the ranks of these companies.
FedRAMP authorized cloud service providers achieve authorization in a three step process:
The program’s primary decision-making body is the Joint Authorization Board (JAB), comprised of the CIOs from the Department of Defense (DOD), the Department of Homeland Security (DHS), and the General Services Administration (GSA).
Becoming FedRAMP Authorized is no small task in terms of either technology or approval process. Businesses seeking to get FedRAMP authorized must take on a list of more than 350 objectives to demonstrate that they're hitting the government-mandated baseline of cloud security. When a business pursues FedRAMP authorization, it authorizes a third-party auditor to assess the business's adherence to the guidelines. The company submits its authorization package, goes through an audit, then receives a plan to patch any extant vulnerabilities. After the company’s solution gets authorized, it must implement a continuous monitoring strategy to make sure that it keeps up with changes in the cybersecurity threat landscape.
The objectives consist of a wide variety of best practices pertaining to every aspect of securing cloud infrastructure. This includes things as simple (but critical) as demonstrating that, after three failed login attempts within 15 minutes from the same IP, a system locks an account for 30 minutes, to advanced technical concerns like the use of strong encryption, to end-user trainings to make sure people throughout an office are protecting their data at all costs.
Contracts and documents are at the heart of critical processes for both businesses and government agencies and government contractors. Keeping these documents secure is a top priority for SpringCM. Taking on the arduous and ongoing process of getting and maintaining FedRAMP Authority to Operate (ATO) shows just how serious we take it.
Although FedRAMP is a government authorization, private sector businesses benefit as well. FedRAMP authorization means adherence to top standards of cyber security for cloud infrastructure, and all SpringCM customers reap the benefits. By obtaining FedRAMP Authorization, we have demonstrated that we adhere to the highest standards of security. Through the ongoing authorization and monitoring process, we continue to confirm our commitment to staying on top of cybersecurity at the same level as the most trusted names in cloud technology, to make sure your documents are safe in the cloud.