Authorized Product List
Verified offerings with a security status of Ready, Provisionally Authorized, or Authorized are listed below on the Authorized Product List (APL). The APL was first published on September 14, 2021, and is updated at the end of every business day.
To be verified, the product must meet minimum security requirements and provide an independent audit conducted by a Third Party Assessment Organization (3PAO). StateRAMP recognizes three verified statuses, including Ready, Provisionally Authorized, and Authorized.
- Ready products meet requirements defined by the Minimum Ready Minimum Mandatory Requirements Policy;
- Provisionally Authorized status may be assigned by a sponsoring government or Approvals Committee to a package submitted for Authorized Status, if the product meets the Authorization requirements, but one of the product’s interconnected technologies is not StateRAMP or FedRAMP Authorized. To achieve a Provisionally Authorized Status, the interconnected technology must have a current StateRAMP Security Snapshot, per the StateRAMP Authorization Boundary Guidance.
- Authorized is the highest level of authorization and is for products that have demonstrated compliance with all required security controls by impact level.
Products that have been awarded both a StateRAMP Authorized status and Federal JAB status are now listed on the APL as Authorized, Federal JAB.
The StateRAMP PMO provides independent validation and verification that the security package and audit comply with the standards established by the StateRAMP governing boards. To ensure ongoing security compliance and risk mitigation, providers must comply with continuous monitoring requirements to maintain a verified security status.
| Company | Product Name | Security Status | Service Model | Impact Level | Ready Date | Authorization Date | Package ID | 3PAO | Point Of Contact | Contact Email | Sponsor Names | Service Description | Category |
|---|
Company | Product Name | Security Status | Service Model | Impact Level | Ready Date | Authorization Date | Package ID | 3PAO | Point Of Contact | Contact Email | Sponsor Names | Service Description | Category |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Anthology | Finance and Human Capital Management | Authorized | SaaS | Moderate | 2024-06-24 | SR23012 | A-Lign | Josh Rector | josh.rector@anthology.com | A feature-rich program that brings together finance and Human Capital Management in one solution to help you focus on your learners. Modules include: General Ledger, Faculty and Program ROI, Fund Source Management, Budgeting, and Human Resource Management | |||
| Casepoint LLC | Casepoint Government Ediscovery | Authorized | SaaS | High | 2024-09-17 | SR22027 | Schellman Compliance, LLC. | Usha Raj | uraj@casepoint.com | StateRAMP Approvals Committee | Casepoint is a data discovery platform for legal, investigatory, compliance, and IT teams who struggle to get actionable insights for data-centric business processes like eDiscovery, investigations, and information requests. Casepoint empowers leading corporations and government organizations to reduce costs, lower risk, and improve time-to-insight. Casepoint’s easy-to-use AI-powered platform is purpose-built for organizations that require the highest level of security and scalability to meet the evolving demands of the modern data landscape. Casepoint Government is delivered as a SaaS offering using a multi-tenant government-only cloud computing environment and is used by government agencies to meet their complex needs, including: • Legal Hold • Regulatory Enforcement / Investigations • Litigation (eDiscovery) • FOIA / PRR • Congressional Inquiries • Legal Data Storage • Task / Case Strategy and Management The Casepoint Government platform includes Casepoint Legal Hold, Casepoint eDiscovery, Casepoint FOIA, Casepoint Filestore, APIs for cloud collections, task management, and an app builder. Casepoint Government provides agencies with the capabilities needed to manage large volumes of data in litigation, investigations, congressional inquiries, and FOIA requests, including cloud-based collections, processing, culling, review, and highly customizable productions. It also offers built-in artificial intelligence and analytics with advanced tools for predictive analysis, search, and data visualization. | ||
| BlackBerry | BlackBerry Cloud - AtHoc Services for Government (ACSforGov) | Authorized | SaaS | High | 2021-12-13 | 2022-05-20 | SR21019 | Kratos | Rashad Munawar | rmunawar@blackberry.com | StateRAMP Approvals Committee | BlackBerry’s AtHoc is a networked crisis communication platform enabling corporations and government agencies to communicate and collaborate securely with their personnel and with other organizations through multiple devices during times of crises. BlackBerry’s AtHoc platform addresses critical communications needs including: Account: AtHoc Account enables real-time visibility into location and status for effective personnel accountability and crisis handling before, during, and after emergencies. This integrated approach to personnel accountability enables inputs from managers about their team, call center operators, data streams from HR and travel systems, as well as self-reporting by individuals. Alert: AtHoc Alert provides a comprehensive crisis communication solution that unifies all channels and devices, empowering organizations, people, and communities to collaborate during critical events. AtHoc’s flexible deployment options safeguards important personal information and enables enterprise-level command and control. Connect: AtHoc Connect empowers organizations to create their own permission-based network to establish interoperable communication and information sharing with organizations in their community. Collect: AtHoc Collect empowers your personnel in the field to be the "eyes and ears" of the operations center. AtHoc Collect enables on-scene personnel to report events, work progress, along with rich geo-tagged media that are worth a thousand words. | |
| CBORD | CBORD Online Transaction Processing | Authorized | SaaS | Moderate | 2024-08-21 | SR23076 | Securisea | Josh Elder | jle@cbord.com | NetMenu: NetMenu includes the following modules: CBORD Fusion, NetMenu Planner, NetMenu TrayCard, NetMenu Tray Ticket, Selective Dining, Mobile Inventory, CBORD Patient, Room Service Choice, NetMenu Floor Stock, CBORD C-Store, CBORD Data Analytics, CBORD Hub, NetNutrition, NetRecipe, Tray Logistics, Menu Display Interface (MDI); and its customer-branded applications: Horizon School Technology (HST) Back of House (BOH), BluePrint Menu Management System®, Cycle Menu Management®, Sysco® eNutrition, NetIMPAC, and Menu Wizard+. NetMenu provides an integrated food production, inventory management, and menu planning solution to support retail and patient nutrition. Electronic vendor integration and integration into CBORD customer accounts payable, general ledger, and point-of-sale software allow CBORD customers to leverage current systems when interfacing with NetMenu. GET: GET serves as a centralized, cloud-based platform tailored for organizations utilizing the CBORD card/cashless system, aimed at elevating the quality of service provided to their patrons, expanding patron engagement with the cashless program, and driving user involvement and revenue growth. GET offers an integrated experience that aligns with the expectations of today's students, particularly within the ever-evolving mobile landscape through the CBORD platform. Within the GET platform, users have access to real-time balance information, transaction history, the capability to report a lost or found card, and the convenience of making deposits using a credit card. Furthermore, GET's core features encompass food ordering, virtual card payment, mobile access, and a loyalty system. GET also supports integration with campus authentication systems and e-commerce merchant accounts for the acceptance of credit card payments. Odyessy Direct: Through Odyssey Direct, university clients have the ability to establish a comprehensive suite of services linked to a customized campus credential. This encompassing suite includes services such as card printing and credential management, photo capture, management of meal plans, debit and credit accounts, point-of-sale transactions for dining and retail, attendance tracking, as well as eligibility verification. Furthermore, the use of campus card payments is seamlessly integrated into various aspects of university life. These payment capabilities extend to dining services, vending machines, laundry facilities, photocopying and printing services, parking facilities, university bookstores, e-commerce platforms, and even select off-campus dining establishments. A dedicated mobile application ensures round-the-clock accessibility, empowering university students with access to their account information and service details. Beyond the administrative aspects of managing their campus card account, students can leverage this application to peruse dining menus, place food orders, gain access to their rooms, and, when necessary, employ it for identification purposes. | |||
| Box, Inc. | Box Enterprise Cloud Content Collaboration Platform | Authorized | SaaS, PaaS | Moderate | 2022-05-19 | 2024-05-15 | SR22001 | Schellman & Company | Tom Cowles | compliance@box.com | Los Angeles City Employees' Retirement System (LACERS) | The Box Enterprise Content Cloud Collaboration Platform enables business to easily share, manage and secure their content. In today’s mobile-first, cloud-first world, providing employees with secure access to content at any time using any device is critical to creating a more productive, connected workforce and improved customer experiences. Beyond secure file sharing, Box enables easy access to content and collaboration tools from any device with the security, scalability and administrative controls that IT requires. | |
| Cisco Systems, Inc. | CISCO UNIFIED COMMUNICATIONS MANAGER CLOUD FOR GOVERNMENT (CISCO UCM CLOUD FOR GOVERNMENT) | Authorized | SaaS | Moderate | 2024-09-17 | SR24019 | Coalfire | James Huang | jamhuan2@cisco.com | StateRAMP Approvals Committee | Cisco Unified Communications Manager Cloud for Government (Cisco UCM Cloud for Government) is a complete unified communications service from the Cisco Cloud. It is built to provide government-level security so that organizations can collaborate with anyone, anywhere, on any device. The service is hosted by Cisco, sold by Cisco Powered partners. Cisco UCM Cloud for Government provides these core services: Voice and Video Calling:Simplify with industry-leading voice and video as a service. Cisco UCM Cloud for Government provides voice and video call control and supports Cisco's newest voice and video endpoints ranging from desktop phones, immersive video rooms and mobile and desktop clients. Voicemail and Integrated Messaging:Access messages the way you prefer from your desk phone, mobile phone, or desktop client. Instant Messaging and Presence:Cisco Jabber lets you find the right people, see if and how they are available, and collaborate using your preferred method. Use Cisco Jabber for presence, instant messaging (IM), voice and video calling, voice messaging, desktop sharing, and conferencing. Single App Experience:Webex for Government and Webex App allows customers to call, meet, and message on any device with a single unified application from Webex. Webex App brings together Cisco UCM Cloud for Government call control along with market leading Webex Meetings technology and advanced team collaboration capabilities including persistent messaging and file sharing. Conferencing:Use Cisco conferencing solutions to meet and manage meetings and projects in real time, to present, share, or collaborate from anywhere, anytime, on any device. Mobility:Cisco UCM Cloud for Government gives your mobile and remote users the freedom to be productive from anywhere, on any device. Give users one number to dial, redirect incoming calls to designated phones, move calls between a Cisco desktop and mobile phones, create personalized access lists, and give access to all your corporate collaboration features from mobile phones using Webex App or Cisco Jabber. | Access Management,Learning Management System,Cloud Security, | |
| Druva Inc. | Druva inSync | Authorized | SaaS | Moderate | 2023-03-28 | SR22021 | Coalfire | Balaji Kalyanasundaram | balajik@druva.com | StateRAMP Approvals Committee | Druva inSync is a fully automated enterprise class endpoint protection solution offered as a Software-as-a-Service (SaaS). Powered by state-of-the-art technology from AWS, Druva inSync offers elastic, on-demand storage that can grow to accommodate any number of users and data. Full administrative control over Druva inSync is provided via a secure Web-based administrator control panel over HTTPS. Druva inSync offers cloud native backup and data protection solutions for information stored on endpoints and in cloud applications. Druva inSync allows immediate access to back up files and folders across all devices and SaaS application like O365. Druva inSync is hosted in Amazon AWS GovCloud Region, which delivers a highly scalable cloud computing platform with high availability, dependability and flexibility. | ||
| Dynatrace | Dynatrace for Government | Authorized | SaaS | Moderate | 2022-07-26 | 2022-11-30 | SR21038 | Schellman and Company, LLC | Willie Hicks | willie.hicks@dynatrace.com | State of Michigan | Dynatrace exists to make software work perfectly. Our platform combines broad and deep observability and continuous runtime application security with advanced AIOps to provide answers and intelligent automation from data. This enables agencies to modernize and automate cloud operations, deliver software faster and more securely, and ensure flawless digital experiences. | |
| Anthology | Occupation Insight | Authorized | SaaS | Moderate | 2024-04-25 | SR23067 | A-Lign | Josh Rector | josh.rector@anthology.com | Anthology Occupation Insight aligns academic programs and student skills with the needs of the marketplace. Anthology’s career readiness and workforce analytics tool improves students’ preparation for their future careers. | |||
| Cisco | Cisco Meraki for Government | Authorized | saaS | Moderate | 2024-07-25 | SR24008 | Coalfire | James huan | jamhuan2@cisco.com | Cisco Meraki for Government provides a secure and efficient way to support your networking transformation within budget. Our cloud-managed platform simplifies networking to make it easier to deploy, manage, and optimize networks – driving IT modernization and enabling hybrid work. Meraki helps future proof networks and allows agencies to stay ahead of changing citizen and regulatory demands while improving employee productivity. Meraki has developed the most sophisticated platform in the industry based on cloud-first operations, network intelligence (AI), and open APIs to better integrate and automate processes, while providing a way to customize the monitoring and management of a network. The Meraki platform is built with a modern cloud-managed architecture that is able to quickly scale to meet the needs of customers worldwide. We have taken that knowledge and technical sophistication to create a tailored solution for the U.S. Government. Our solution gives government agencies the ability to quickly deploy, scale and manage cloud networks anywhere in the world in an effort to help meet their cloud-first initiatives. Security is a high priority of our solution, which is why we created a separate platform that stores data on U.S. soil and includes FIPS to further protect government telemetry data from device to cloud. Meraki will offer certain MS (Switching), MR (Wireless) and MX (Security and SD-WAN) devices as part of the offering. | |||
| Appian | Appian | Authorized | PaaS | Moderate | 2023-01-05 | SR22018 | Coalfire | Appian FedRAMP/StateRAMP Team | fedramp@appian.com | StateRAMP Approvals Committee | Appian software is delivered to the Appian Cloud through a Platform-as-a-Service (PaaS) model and leverages cloud-native robotic process automation (RPA), simplifying control management and reducing overhead for customers. Government agencies should consider the Appian Government Cloud (at Impact Level 5) for critical acquisitions, case management and logistics, especially when process and business rule complexities are high. The Appian Low-Code Platform unifies the key capabilities needed to get work done faster. | ||
| Authorium | Authorium Systems | Authorized | SaaS | Moderate | 2024-07-19 | SR24015 | Schellman & Company | Chris Mayhew | Chris.mayhew@authorium.com | StateRAMP Approvals Committee | Authorium's cloud-based, no-code platform for Document Process Automation radically reduces the time it takes to develop complex document sets that form the backbone of government processes for procurement, contracting, grants, and budgeting. With built-in project management tools, powerful collaboration capabilities and easy integration with existing government systems, Document Process Automation speeds up the fundamental processes of procurement, contracting, grants, and budgeting by 50-70%. | ||
| Infoblox | BloxOne Threat Defense Federal Cloud | Authorized | SaaS | Moderate | 2024-04-29 | SR23074 | Kratos Defense | Chris Carlson | ccarlson@infoblox.com | StateRAMP Approvals Committee | B1TD FedCloud is a suite of capabilities that enable organizations to defend their networks, conduct threat investigations and research, and provide rapid correlation and contextualization to minimize incident response times. B1TD FedCloud contains millions of verified indicators in vendor-agnostic formats that may be exported to facilitate detection, blocking, and containment of modern malware (e.g., Advanced Persistent Threats (APTs), ransomware, phishing, exploits) via an open application programming interface (API) and an analyst research portal. | ||
| MicroStrategy, Inc. | MicroStrategy Cloud for Government | Authorized | SaaS | Moderate | 2023-03-27 | SR22040 | A-Lign | Samuel Petreski | spetreski@microstrategy.com | StateRAMP Approvals Committee | MicroStrategy is the world’s top-rated platform for enterprise analytics. The MicroStrategy Intelligence Platform offers a full range of trusted, modern BI experiences, and is designed to help departments and agencies build data-driven cultures and make faster, smarter decisions. Built for performance at scale, MicroStrategy delivers concrete answers to users where and when they’re needed. Foundationally, the platform offers out-of-the-box drivers and gateways for a variety of data sources, types, and formats, and APIs/SDKs which are hosted within the MicroStrategy Platform Deployed within Customer Tenant. Using the platform’s proprietary enterprise semantic graph, agencies can establish a unified, governed, secure, and reusable data model on which a variety of intelligence solutions can be built to deliver accurate, personalized, and trusted information to individual users based on each agency’s enterprise data dictionary. The MicroStrategy Cloud for Government is a fully managed enterprise analytics solution that offers all the market-leading capabilities of the MicroStrategy Intelligence Platform on a unique Amazon Web Services (AWS) GovCloud implementation. MicroStrategy Cloud for Government features a fully optimized reference architecture built specifically for deployment in a customer-licensed AWS environment, offered as a software-as-a-service (SaaS) solution. MicroStrategy administers each unique MicroStrategy Cloud for Government environment on the behalf of each government department or agency, including steady state operations, routine application of software upgrades, robust system monitoring and alerting, and 24/7/365 technical support for priority issues. The components that directly support the MicroStrategy Cloud for Government cloud service offering are described in the subsections below. MicroStrategy Cloud for Government is a SaaS service built on top of AWS GovCloud (US) IaaS servers. MicroStrategy utilizes AWS GovCloud (US) to provide the resources that host the MicroStrategy Cloud for Government platform and leverages the experience and resources of AWS to scale quickly and securely as necessary to meet current and future demand. MicroStrategy is responsible for designing and configuring the MicroStrategy Cloud for Government architecture within AWS GovCloud (US) to ensure that the availability, security, and resiliency requirements are met. | ||
| DocuSign | DocuSign CLM | Authorized | SaaS | Moderate | 2023-07-05 | SR23080 | Schellman & Company | Rainer VillaMercado | Rainer.Villamercado@docusign.com | State of Arizona Department of Homeland Security | DocuSign CLM is a secure contract lifecycle management product in DocuSign's Agreement Cloud. DocuSign CLM manages contracts in addition to all other types of documents across desktop, mobile, and partner applications like Salesforce. DocuSign CLM goes beyond standard document and contract management with advanced workflows that automate manual tasks and complex processes to speed time-to-revenue. Businesses use DocuSign CLM to optimize collaboration and processes across internal departments, as well as with prospects and customers. | ||
| Boomi | AtomSphere | Authorized | SaaS | Moderate | 2023-12-18 | SR22033 | A-Lign | Erika Fry | tech.compliance@boomi.com | Boomi AtomSphere is a cloud-native integration Platform-as-a-Service (iPaaS) technology that lets you connect everyone to everything. The Boomi SaaS AtomSphere Platform solves the needs of our government customers with end-to-end capabilities by integrating applications, systems, and connecting people. | |||
| Cisco Systems, Inc. | Duo Federal | Authorized | SaaS | Moderate | 2024-01-22 | SR23048 | Coalfire | James Huang | jamhuan2@cisco.com | Duo’s Federal Editions can verify the identity of users with secure and easy to use two-factor authentication methods that helps public sector entities satisfy NIST 800-63-3 and 53/63/171 authentication requirements. In addition to verifying users’ identities, Duo’s solution checks the security health of every device authenticating into the environment, at the time of access. Admins can use Duo to enforce stricter device and application access policies, such as blocking login requests based on location or anonymous networks. Duo ensures only trusted users and devices can access protected applications. This complete security solution prevents modern attackers that often target multiple areas - including credential theft and the exploitation of known software vulnerabilities affecting outdated software versions. | |||
| Geographic Solutions, Inc. | VOS Sapphire | Authorized | SaaS | Moderate | 2025-01-16 | SR24012 | A-Lign | Felipe Medina | fmedina@geosolinc.com | Arizona Department of Homeland Security | The VOS Sapphire® software suite is the only fully integrated workforce system in the country that provides universal employment, unemployment and case management solutions for job seekers, employers, service providers, and state and local agency staff. Offered as a web-based solution to enhance service delivery and employment outcomes, each module has been designed specifically to meet the diverse needs of American Job Centers, economic development agencies, unemployment insurance entities, human service and vocational rehabilitation agencies, correctional and educational institutions. VOS Sapphire® effectively manages all federally funded workforce benefit programs, labor exchange, case management, job aggregation, labor marketing information, service and fund tracking, human services, vocational rehabilitation federal reporting, and unemployment insurance benefits and tax. Flagship products/modules within VOS Sapphire® software suite include Virtual OneStop (VOS)®, VOS Sapphire AI®, Virtual LMI®, Virtual OneStop Reentry Employment Opportunities(VOS REO), America’s Labor Market Analyzer (ALMA)®, America’s Virtual OneStop®, Virtual Career Center (VCC), Reemployment Exchange®(REX), VOSGreeter®, VOScan®, VOSMeets, My Jobs Library, Virtual Job Fair, VOS Flex Pro, and the Geographic Solutions Unemployment System (GUS)® | ||
| Palo Alto Networks | Government Cloud Services (GCS-High) | Authorized | SaaS | High | 2024-02-28 | SR23031 | Fortreum | Lauren Aloway | laloway@paloaltonetworks.com | State of Arizona | Palo Alto Networks Government Cloud Services (GCS-High) includes a variety of cloud-based cybersecurity offerings. As your agency moves forward in its modernization efforts, it needs trusted cybersecurity solutions that will reduce the risk of data breaches while meeting compliance. Develop a comprehensive cloud cybersecurity strategy with solutions that protect workers, data and applications from cyber adversaries and advanced threats. The following products and services make up our offering. Cloud Identity Engine Identity-based security controls are a foundational requirement to achieve Zero Trust. Palo Alto Networks Cloud Identity Engine is an entirely new cloud-based architecture for identity-based security that can consistently authenticate and authorize your users, regardless of location and where user identity stores live—on-premises, in the cloud, or hybrid. As a result, security teams can effortlessly allow all users access to applications and data everywhere and quickly move toward a Zero Trust security posture. Cortex XDR A cloud-based service providing a prevention, detection and response platform that integrates network, endpoint, and cloud data to stop sophisticated attacks. Cortex XDR leverages logs, alerts, and information from Palo Alto Networks and third-party security products. It also enforces security policies on endpoints, preventing malware and data loss. Cortex XDR correlates security alerts and network logs with the endpoint processes that generated the alerts, allowing customers to investigate security alerts, as well as search for and remotely respond to threats. Cortex XSOAR A comprehensive security orchestration, automation, and response (SOAR) platform that unifies case management, automation, real-time collaboration, and threat intelligence management to serve security teams across the incident lifecycle. Cortex XSIAM A cloud-delivered, integrated SOC platform that unifies key functions, including EDR, XDR, SOAR, ASM, UEBA, TIP, and SIEM, consolidating multiple products into a single, integrated platform. XSIAM delivers an intelligent data foundation by integrating telemetry from any source, providing unified security operations across any hybrid IT architecture. Cortex Xpanse An active attack surface management solution that helps your organization discover, understand and respond to unknown risks in all internet-connected systems and services. Xpanse scans the entire internet automatically and continuously, discovering and indexing previously unknown risks, using supervised ML models to continuously map your attack surface and prioritize remediation efforts, while reducing MTTR with the help of built-in automated playbooks. Prisma Cloud A cloud native security platform that provides comprehensive visibility, threat prevention, compliance assurance and data protection consistently across hybrid and multi-cloud environments. Prisma Cloud Compute A cloud-native platform that delivers cloud workload protection. Prisma Cloud Compute provides holistic protection across hosts, containers, and serverless deployments in any cloud, throughout the software lifecycle. Prisma Cloud Compute protects all workloads regardless of their underlying compute technology or the cloud in which they run. In addition, it provides Web Application and API Security (WAAS) for any cloud native architecture. WildFire Government Cloud An analysis and prevention engine for highly evasive zero-day exploits and malware. The cloud-based service employs a unique multi-technique approach combining dynamic and static analysis and innovative machine learning techniques to detect and prevent even the most evasive threats. It is a subscription service that works with the Palo Alto Networks Next Generation Firewalls (including VM-Series and CN-Series), Prisma Access, Prisma Cloud, Cortex XSIAM, and Cortex XDR. Prisma Access A Secure Access Service Edge (SASE) that provides scalable, cloud-delivered networking and security to branch offices and remote users. With Prisma Access, agencies are able to rapidly enable consistent, secure connectivity for remote locations and employees. Prisma SD-WAN Prisma SD-WAN enables branch services such as networking and security to be delivered from the cloud, simplifying WAN management. The controller provides deep application visibility, with Layer 7 intelligence for network policy creation and traffic engineering. It automates operations and problem avoidance using machine learning and data science methodologies. Cloud Management A cloud delivered management solution used by customers to manage Prisma SASE from Palo Alto Networks. Multi-Tenant Service Provider Portal (MSP) The MSP solution provides hierarchical multi-tenant management for customers and partners PRISMA INSIGHTS Prisma Insights provides a comprehensive platform for global visibility and monitoring for the Prisma Access service. It continuously monitors the health and performance of your Prisma Access environment with Insights in the Prisma Access app. ADEM Autonomous Digital Experience Management (ADEM) provides organizations with segment-wise insights, comprehensive visibility, and SASE-native DEM integrated with Prisma SASE, the secure foundation for agile, cloud-enabled organizations. API Gateway The API Gateway provides authorization services for customers and partners to leverage Palo Alto Networks RESTful API Data Loss Prevention Data Security Palo Alto Networks’ Enterprise DLP software-as-a-service system is a network DLP service to prevent Data Loss of sensitive data. The solution helps facilitate an organization’s data protection and compliance efforts in a simplified and cost-effective manner. SAAS API / Inline / SSPM SaaS Security is a solution that helps Security teams meet the challenges of protecting the growing availability of sanctioned and unsanctioned SaaS applications and maintaining compliance consistently in the cloud while stopping threats to sensitive information, users and resources. SaaS Security options include SaaS Security API, SaaS Security Inline, and SaaS Security Posture Management (SSPM). Advanced WildFire An analysis and prevention engine for highly evasive zero-day exploits and malware. The cloud-based service employs a unique multi-technique approach combining dynamic and static analysis and innovative machine learning techniques to detect and prevent even the most evasive threats. APP-ID Cloud Engine - ACE A platform that enables the firewall or Panorama to download App-IDs from the cloud for applications that do not have specific predefined App-IDs from the Palo Alto Networks content releases. Threat Prevention The Palo Alto Networks® Threat Prevention protects and defends your network from commodity threats and advanced persistent threats (APTs). The multi-pronged detection mechanisms include a signature-based (IPS/Command and Control/Antivirus) approach, heuristics-based (bot detection) approach, sandbox-based (WildFire) approach, and Layer 7 protocol analysis-based (App-ID) approach. URL Filtering URL filtering technology protects users from web-based threats by providing granular control over user access and interaction with content on the Internet. You can develop a URL filtering policy that limits access to sites based on URL categories, users, and groups. Cortex Data Lake Collects, normalizes, and integrates data from Palo Alto Networks products with public cloud scale. | ||
| Cisco Systems, Inc. | Umbrella for Government | Authorized | SaaS | Moderate | 2024-01-22 | SR23050 | Coalfire | James Huang | jamhuan2@cisco.com | Cisco Umbrella for Government is a Cloud driven Secure Internet Gateway that provides protection from Internet based threats, for users wherever they go. Umbrella’s network is capable of processing billions of requests per day, analyzing and learning internet activity to determine where attacks are being staged, so it can block requests to unwanted and malicious destinations before a connection is even established. Cisco Umbrella for Government is a SaaS environment hosted on AWS GovCloud providing Cisco Umbrella services to government customers. Umbrella services hosted within Cisco Umbrella for Government are based on Cisco product lines available to end customers. The Cisco Umbrella for Government environment is designed and operated based on security compliance and operations best practice by automating the build and operational processes as much as possible using Infrastructure as Code (IaC), CIS benchmarks, vulnerability scanning, continuous monitoring of critical security controls and a managed system development process to obtain initial and continuous FedRAMP Moderate Approval to Operate (ATO). With the initial ATO, Cisco will be launching DNS-layer-security initially, GovDNS: DNS-layer security helps protect customers users on and off the network by stopping threats over any port or protocol before they reach customer network or endpoints. This will be followed by Secure Web Gateway, Cloud delivered Firewall, CASB, and DLP features. Cisco Umbrella for Government is hosted within AWS GovCloud as the Cloud Service Provider (CSP) which assures product lines are maintained in a secure and trusted environment. Umbrella for Government boundary includes the Production environment consisting of virtual compute, storage, databases, and internal management web applications. Umbrella for Government’s external Identity Provider (IdP) Okta (IDaaS Regulated Cloud) is used in tandem with AWS IAM supporting Single Sign-on (SSO) services. Duo Federal is used for multifactor authentication (MFA). Cisco Umbrella for Government meets GovCloud Moderate requirements with specific categorization of Moderate Confidentiality, Moderate Integrity, Moderate Availability (M-M-M) with no privacy data overlay based on the FedRAMP Federal Information Processing Standard (FIPS) 199 Categorization Template. Cisco Umbrella for Government is designed with defense-in-depth protection for hosted applications and workloads using network filtering, multifactor authentication, transport layer security, data-at-rest protection, near real time audit collection and analysis, intrusion detection, vulnerability analysis and system backups. | Content Collaboration, |
Showing 1 to 20 of 115 entries
Progressing Product List
StateRAMP recognizes cloud service offerings in the process of working toward a verified offering.
To have a product listed as in progress, the product must: 1) be enrolled in the StateRAMP Progressing Snapshot Program, or 2) Have engaged with a Third-Party Assessment Organization (3PAO) to conduct an independent audit for Ready or Authorized.
The progressing statuses include:
Security Snapshot
- Enrolled products are enrolled in the Progressing Snapshot Program and working toward their initial Snapshot score.
- Progressing products are enrolled in the Progressing Snapshot Program and have submitted artifacts to receive their Snapshot scores.
Security Product Review (Non-Snapshot)
- Active products are working toward Ready.
- In Process products are working toward Authorized status.
- Pending products are currently being reviewed by the StateRAMP Program Management Office (PMO) and are awaiting a determination for a verified status.
| Company | Product Name | Security Status | Service Model | Impact Level | Ready Date | Authorization Date | Package ID | 3PAO | Point Of Contact | Contact Email | Sponsor Names | Service Description |
|---|
Company | Product Name | Security Status | Service Model | Impact Level | Ready Date | Authorization Date | Package ID | 3PAO | Point Of Contact | Contact Email | Sponsor Names | Service Description |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Anthology | Blackboard Core and Premium Solutions (includes Blackboard, Outcomes, Evaluate, Core Data and Milestone) | Progressing | SaaS | Moderate | Nicole Anderson | nanderson@anthology.com | Not Required | Blackboard solution offers agencies next-generation online, social and mobile tools that create a continuous learning environment, built around peer-to-peer interaction, content and discussions. Outcomes enables institutions to effectively manage their outcomes assessment processes at their institution. The application helps standardize the process of outcome assessment which in turn makes it easier to compare the achievement levels across the institution. Evaluate streamlines the course evaluation process so that perceptions of a student’s learning experience can be easily used to gain a deeper understanding of where course adjustments can be made. It supplies analysis with recommendations for development that considers both instructors’ goals and students’ self-rated progress. Milestone Enable learners to certify and showcase their skills and accomplishments. Support them by aligning paths and outcomes as they transition into the next stage of their educational or professional journey. | ||||
| American Telephysicians | SmartClinix | Progressing | SaaS | Moderate | Faisal Saleem | faisal.saleem@amercantelephysicians.com | Not Required | Healthcare needs a unified solution that meets requirements and makes care delivery truly digital. The New and Improved SmartClinix system is a complete virtual solution that can speed up healthcare progress on all fronts. The recently upgraded SmartClinix is meant for Physicians, Hospitals, Facilities, International Practices, and other areas where efficient care delivery is required. | ||||
| Anthology | Anthology Engage and Federation Provider | Progressing | SaaS | Moderate | Nicole Anderson | nanderson@anthology.com | Not Required | Data-empowered innovation that transforms the student experience. Build and foster an unmatched student engagement experience. Meaningfully involve students and strengthen your data-driven insights with an accessible | ||||
| Anthology Inc. | Anthology Encompass | Progressing | SaaS | Moderate | Nicole Anderson | nanderson@anthology.com | Not Required | Encourage your alumni and supporters to do more than just engage. By combining analytics with leading engagement tools, you benefit from a seamless constituent experience to further build involvement and support. | ||||
| Aztec Software | Aztec Learning System | Progressing | SaaS | Moderate | Phillip Thompson | pthompson@aztecsoftware.com | Not required | Aztec Learning System combines a customized Learning Management System (LMS) and Courseware to help transform the lives of adult learners. The LMS includes innovative an unique features allowing automatic per student learning customization, linear and non linear learning and coaching. The learning experience is delivered at Desktop like performance using a robust, secure, scale SAAS architecture with configurations that can be matched to the school's unique needs | ||||
| Automox | Automox | Progressing | SaaS | Moderate | Tom Bowyer | tom.bowyer@automox.com | Not Required | Established in 2015 and originally from Boulder, Colorado, Automox now operates as a fully remote company headquartered in Austin, Texas. Offering a groundbreaking, Autonomous Endpoint Management (AEM) platform, Automox provides a comprehensive array of cloud-based patching, configuration, and remote control services, including third-party software patching, to customers worldwide. The Automox agent manages updates for devices running on Windows, macOS, and Linux while also keeping hundreds of crucial applications up to date, including Chrome, Firefox, Adobe, Zoom, and Slack. Moreover, Automox excels in providing robust configuration management and automation services. All these functionalities can be seamlessly accessed and administered from a unified dashboard, underscoring Automox's commitment to delivering modern, all-inclusive, remote IT solutions. | ||||
| Barnes and Noble Education | Adoptions & Insights Portal (AIP), First Day Complete (FDC), Direct Digitial Platform (DDP), inSite ECommerce and Advanced Retail Center (ARC) | Progressing | SaaS | Moderate | Rich Davidson | security@bned.com | Not Required | AIP, FDC and DDP provide courseware services to students and faculty on college campuses. inSIte and ARC provide retail and ecommerce management services to college bookstores | ||||
| CompBase, Inc. dba ClerkBase | OnBoardGOV | Progressing | SaaS | Moderate | Jay Rosenfield | jay@clerkbase.com | Not Required | OnBoardGOV is a board and commission management solution for city, county, state government. | ||||
| Blue Hill Data Services | Mainframe as a Service | Progressing | PaaS, IaaS | Moderate | Scott Jones | sjones@bluehilldata.com | Not Required | Mainframe hosting, remote systems support, applications support. | ||||
| Anthology | Anthology Student | Progressing | SaaS | Moderate | Nicole Anderson | nanderson@anthology.com | Not Required | Anthology Student is a cloud-based Student Information System (SIS) that enables institutions to manage the entire academic lifecycle of a student from Acceptance to Graduation, including financial aid, student accounts, career services, and a robust analytics repository for informed decision making. Anthology Student supports traditional, entrepreneurial, and online institutions, by managing the diversity of academic delivery and financial models. Program credentials can include badges, competencies, diplomas, certificates, or degrees. Anthology Student is a convenient and comprehensive platform built on Microsoft Azure. | ||||
| Compansol | BOT - Blumen Online for TRIO | Progressing | SaaS | Moderate | Gunjan Seth | gunjan@compansol.com | Not Required | BOT software is used by TRIO programs (Title IV Federal Program) for student data management. It helps them prepare the APR (Annual Performance Report) as per Department of Education guidelines. It has several mass communication tools like bulk email, bulk text. etc. for TRIO programs to stay in touch with student participants. BOT has over 200 reports, labels, graphs for tracking and data analysis purposes. | ||||
| CommScope | Cloudpath | Progressing | SaaS | Moderate | Adam Cutts | adam.cutts@commscope.com | Not Required | RUCKUS® Cloudpath® Enrollment System is a cloud service that delivers secure network access for any user, and any device, on any network. Cloudpath secures every connection with WPA2/WPA3-Enterprise, protecting data in transit between the device and the access point with powerful encryption. Cloudpath provides visibility and control over which devices are on the network, and can define and manage policies so every user sees only the network resources they should see. The Cloudpath service checks the security posture of devices during onboarding to ensure they comply with organizational security policies. The system redirects users with noncompliant devices to remediate them before granting access. It associates every device with a user, and access can easily be revoked at any time—for example, when a BYOD user leaves the organization. The service supports any Wi-Fi enabled device, including headless and IoT devices. | ||||
| Fortinet | FortiCare Support System | Progressing | SaaS | Moderate | Bryan Schneider | bschneider@fortinet.com | Not Required | FortiCare Support System is a CRM platform that enbales Fortinet to provide customer technical support to its customers and manage their account users, assets, product entitlements and renewal of their services and subscriptions. | ||||
| Flock Safety | FlockOS | Progressing | SaaS | Moderate | Robert Otten | robert.otten@flocksafety.com | Not Required | Integrated real-time intelligence platform | ||||
| Anaplan | Anaplan | Progressing | SaaS | Moderate | Cameron Tinsler | cameron.tinsler@anaplan.com | Not Required | Connected planning platform | ||||
| Active Network | JumpForward | Progressing | SaaS | Moderate | Blake Gladfelter | blake.gladfelter@globalpay.com | Not Required | Active Network is the leading provider of cloud-based activity and participant management solutions serving a wide range of customer groups including community activities, the public sector, non-profits, and sports. Our proprietary technology platforms transform the way organizations manage their activities, facilities, and events by facilitating online and in-person commerce and streamlining other critical management functions, while also driving consumer participation to their events. | ||||
| Fortinet | FortiGuard | Progressing | SaaS | Moderate | Bryan Schneider | bschneider@fortinet.com | Not Required | FortiGuard security services is a set of cybersecurity intelligence services provided to subscribed Fortinet customers for countering threats in real time. It provides AI-powered, coordinated protection through security packages and query services over the secured FortiGuard delivery network. | ||||
| Liaison International LLC | Othot | Progressing | SaaS | Moderate | Eric Chailler | echailler@liaisonedu.com | Not Required | Liaison’s Othot cloud-based predictive analytics platform uses artificial intelligence to deliver insights that help you make informed decisions across the student lifecycle. Through simple interactions, our software identifies who is most likely to enroll and to persist, and where to focus your resources for the greatest positive outcome. You can do more in less time and with fewer resources. Our Othot analytics software delivers made-to-order predictive and prescriptive models with: - Immediate predictions - Explainable AI - Continuous intelligence |
||||
| ByWater Solutions | Koha/Libki/Metabase/Aspen | Progressing | SaaS | Moderate | Evelyn Hartline | security@bywatersolutions.com | Not Required | Suite of Physical library software, Open Source | ||||
| Butterfly Network, Inc. | Butterfly iQ / Butterfly iQ+ / iQ3 Ultrasound Probe System (aka: Butterfly Ultrasound Probe System) | Progressing | SaaS | Moderate | Mike Tiemeyer | mtiemeyer@butterflynetinc.com | Not Required | Butterfly Network’s Inc.’s Butterfly Ultrasound Probe System enables universal access to superior medical imaging, making high quality ultrasound easy-to-use, globally accessible, and intelligently connected. Butterfly iQ™ (aka Butterfly Ultrasound Probe System) is the only ultrasound transducer that can perform “whole-body imaging” with a single handheld probe using semiconductor technology. Connected to a mobile phone or tablet, it is powered by Butterfly’s proprietary Ultrasound-on-Chip™ technology and harnesses the advantages of AI to deliver advanced imaging that is easy-to-use and improves patient outcomes. |
Showing 1 to 20 of 203 entries
See Who’s Leading the Way in Cybersecurity Alignment
Explore our list of participating government organizations & educational institutions recognizing a common standard for cybersecurity.
These SLED (State, Local, and Education) organizations have engaged StateRAMP to recognize and adopt standards that provide effective and efficient cloud security solutions for their organizations and vendor communities. Browse the listings below and check back regularly for new additions.
Federal JAB Attestations
StateRAMP seeks to provide recognition to those products who have achieved a FedRAMP Authorization through Joint Authorization Board (JAB) approval. These products have undergone a rigorous audit and review from both a Third Party Assessment Organization (3PAO) and the FedRAMP JAB. StateRAMP wishes to highlight their efforts and provide an avenue for these products to be included in StateRAMP.
| Company | Product Name | Security Status | Service Model | Impact Level | Ready Date | Authorization Date | Package ID | 3PAO | Point Of Contact | Contact Email | Sponsor Names | Service Description | Category |
|---|
Company | Product Name | Security Status | Service Model | Impact Level | Ready Date | Authorization Date | Package ID | 3PAO | Point Of Contact | Contact Email | Sponsor Names | Service Description | Category |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Amazon | AWS US East/West | Federal JAB | IaaS, PaaS, SaaS | Coalfire | Robert Siple | siprober@amazon.com | Amazon US East/West is a multi-tenant public cloud for Federal, State and Local Government customers, as well as commercial customers, designed to meet a wide range of regulatory requirements, to include government compliance and security requirements. AWS leverages the Infrastructure-as-a-Service (IaaS) cloud computing model, which enables convenient, on-demand Internet access to a shared pool of configurable computing resources such as servers, storage, network infrastructure, and various other web services. Customers can rapidly provision or release computing resources on demand. | ||||||
| Amazon | AWS GovCloud | Federal JAB | IaaS, PaaS, SaaS | Coalfire | Robert Siple | siprober@amazon.com | AWS GovCloud (US) is an AWS Region designed to allow US government agencies and customers supporting the US government to move more sensitive workloads into the cloud. In addition to complying with FedRAMP requirements, the AWS GovCloud (US) framework adheres to U.S. International Traffic in Arms Regulations (ITAR) regulations. Additional information is available at http://aws.amazon.com/govcloud-us/. | ||||||
| MIS Sciences Corporation | GovPoint Cloud Services | Federal JAB | SaaS, PaaS, IaaS | SecureIT | Jeff Willis | jeff@mis-sciences.com | Full suite of FedRAMP IaaS/PaaS/SaaS services including Calabrio Workforce Engagement Management |
Showing 1 to 3 of 3 entries