FedRAMP ATO process and timeline: SailPoint’s 5 step journey

The Federal Risk and Authorization Management Program (FedRAMP) is a U.S. government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services.

The FedRAMP authorization process is designed to ensure that cloud services used by federal agencies meet the government’s stringent security requirements. The process empowers agencies to reap the benefits of modern cloud technologies while ensuring that security and the protection of federal data are a priority.

Benefits of FedRAMP authorization:

• Increased security: helps ensure that cloud services used by federal agencies meet the government’s stringent security requirements.
• Reduced risk: helps reduce the risk of data breaches and other security incidents.
• Improved compliance: helps agencies comply with government regulations such as the Federal Information Security Management Act (FISMA).
• Increased efficiency: helps agencies save time and money by streamlining the process of acquiring and using cloud services.

SailPoint’s FedRAMP journey

SailPoint started our FedRAMP journey for SailPoint Identity Security Cloud in May 2022 and we’ve made tremendous progress. We are currently in the “FedRAMP PMO Review” step.

Our FedRAMP authorization process comprises five key steps

1. FedRAMP In Process: To initiate the FedRAMP authorization process, SailPoint established a partnership with a federal agency to sponsor our cloud service offering. After informing the FedRAMP PMO of this partnership and conducting a kickoff meeting, SailPoint Identity Security Cloud was designated “In Process” on the FedRAMP Marketplace.
2. Security Assessment: At this step, a FedRAMP accredited third-party assessment organization (3PAO) conducted an independent audit of our FedRAMP platform. Once the final security assessment report (SAR) was issued, it was reviewed and approved by our agency sponsor.
3. FedRAMP PMO Review: After the FedRAMP PMO received documentation of our agency sponsor’s approval, we were then placed into their queue for review. The FedRAMP PMO performs their own review of SailPoint’s security assessment materials prior to issuing an ATO. SailPoint is currently in this step, in PMO Review.
4. FedRAMP ATO: Once the FedRAMP PMO has completed their review and is satisfied with SailPoint’s security assessment materials and the security posture of our platform, FedRAMP ATO will be formally issued. At this stage, our FedRAMP Marketplace listing for SailPoint Identity Security Cloud will be updated to reflect this status.
5. Continuous Monitoring: Once we receive our FedRAMP ATO, SailPoint will perform post authorization security and compliance activities on an ongoing basis according to FedRAMP requirements to remain in good standing with the FedRAMP program and our government agency partners.

What agencies, Federal System Integrators (FSIs), and critical infrastructure need in a SaaS identity security partner

It’s important to find a partner that is trusted by Federal agencies and can help you build a strong identity security program. Organizations can advance their digital transformation by seeking a platform with complete visibility and control over access to applications, systems, and sensitive data. Additionally, AI-driven automation can help ensure accuracy and save time in the many access decisions organization must make. Selecting a partner that is multi-tenant can also save cost and time with continuous updates and no upgrades.

150+ federal agencies trust us for their identity security of 25M+ federal identities. To learn more about SailPoint, visit SailPoint Government Identity Security.