Skip to Main Content

FedRAMP explained: Why it matters 

Author: Ryan Cooney, Manager, Compliance Federal Program Management  

Government agencies, critical infrastructure, and government contractors seeking a SaaS-based identity security solution must choose a FedRAMP-authorized cloud service provider (CSP) they can trust to advance their identity security program. We sat down with Ryan Cooney, Manager of Federal Security Compliance, to get the basics. 

What is FedRAMP?  
The Federal Risk and Authorization Management Program, known colloquially as FedRAMP, is a United States federal government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. FedRAMP empowers agencies to use modern cloud technologies, emphasizing the security and protection of federal information and helps accelerate the adoption of secure cloud solutions. FedRAMP Marketplace maintains vetted cloud service offerings authorized for use by the federal government.  

What does it mean that SailPoint is FedRAMP authorized? 
It means that SailPoint Identity Security Cloud has achieved ‘FedRAMP Moderate ATO’ and is approved for use by the United States government. SailPoint built our SaaS suite on AWS GovCloud and complied with all 325 security requirements defined in the FedRAMP Moderate controls baseline. FedRAMP sets a high standard for security and meeting those standards demonstrates SailPoint’s commitment to customer trust and success.  

What are the phases or steps to achieve a FedRAMP certification? An in-depth security assessment of the system was performed by an accredited third party to provide assurance of the FedRAMP platform security posture. SailPoint then underwent a comprehensive review and approval process with both its sponsor in the United States federal government and the FedRAMP Program Management Office.  

Why should current and potential customers care if a vendor is FedRAMP authorized? 
SailPoint has long been trusted to support the most sensitive federal agencies, critical infrastructure, defense industrial base, and top Fortune 500 companies. Now public sector customers or mission partners that handle federal data such as federal contractors and critical infrastructure can realize the benefits of using SailPoint’s FedRAMP SaaS solutions. 

What can I expect from SailPoint around its FedRAMP authorization in the coming weeks and months?  
Be on the lookout for SailPoint to release additional content regarding how our FedRAMP SaaS solutions can be used to meet your agency or federal contractor needs. 

In the meantime, learn the critical aspects of choosing the right provider for your identity security program on our website.