StateRAMP Authorized Products

StateRAMP establishes common security criteria to standardize cloud security verification.

To manage cyber risk and protect critical data, systems, and infrastructure from cyber-attacks and ransomware, it is recommended that state and local governments verify the cybersecurity posture of their cloud solution providers.

What this means for Service Providers:
This standardized approach allows providers serving governments to verify their security posture and prove their cybersecurity compliance to their government clients.

What this means for Governments:
StateRAMP’s shared resource model and continuous monitoring simplifies cloud compliance and risk management for government agencies who participate with StateRAMP.

Authorized Product List

Verified offerings with a security status of Ready, Provisional, or Authorized are listed on the Authorized Product List (APL) below. The APL was first published September 14, 2021, and is updated at the end of every business day.

To be verified, the product must meet minimum security requirements and provide an independent audit conducted by a Third Party Assessment Organization (3PAO). StateRAMP recognizes three verified statuses, including Ready, Provisional, and Authorized. Ready products meet minimum requirements; Provisional products exceed minimum requirements and have a government sponsor; Authorized products satisfy all requirements and have a government sponsor. To ensure ongoing security compliance and risk mitigation, providers must comply with continuous monitoring requirements to maintain a verified security status.

CompanyProduct NameSecurity StatusService ModelImpact LevelSponsorsReady Date:Authorization Date:3PAO:Point Of Contact:Contact Email:Sponsor Names:Service Description:
Actsoft, IncWorkforce Manager for GovernmentAuthorizedSaaSModerate12023-04-18A-LignJames Armstrongjarmstrong@actsoft.comStateRAMP Approvals CommitteeWorkforce Manager for Government is a fully integrated platform, which facilitates the business needs of an Agency with mobile employees. On top of robust features such as Wireless Forms, Timekeeping, Job Dispatching, and GPS Tracking, customers with vehicles can leverage the solution’s fleet components to monitor vehicle activities like stop times, idling, driver behavior, score cards, and telematics.
This intuitive, yet flexible solution addresses key market challenges such as ease of use, data collection, mobile resource management, implementation costs, worker compliance and overall accountability. The synergy of tools in Workforce Manager for Government brings customers greater efficiency and productivity gains by automating and streamlining processes that help them save time, reduce labor costs, and lower vehicle-related expenses such as fuel and maintenance. Government Customers benefit from an easily deployable solution that provides a significant return on investment.
Workforce Manager for Government is equipped with enterprise-grade workforce management tools that are typically only found in high-priced business applications, making it affordable and accessible to all Government Agencies. This approach provides Government customers with a solution that delivers relevant information about daily field operations, helping agencies craft new business strategies to save both time and money.
AppianAppianAuthorizedPaaSModerate12023-01-05CoalfireThomas Simmonsthomas.simmons@appian.comStateRAMP Approvals CommitteeAppian software is delivered to the Appian Cloud through a Platform-as-a-Service (PaaS) model and leverages cloud-native robotic process automation (RPA), simplifying control management and reducing overhead for customers. Government agencies should consider the Appian Government Cloud (at Impact Level 5) for critical acquisitions, case management and logistics, especially when process and business rule complexities are high. The Appian Low-Code Platform unifies the key capabilities needed to get work done faster.
BlackBerryBlackBerry Cloud - AtHoc Services for Government (ACSforGov)AuthorizedSaaSModerate12021-12-132022-05-20KratosRashad Munawarrmunawar@blackberry.comStateRAMP Approvals CommitteeBlackBerry’s AtHoc is a networked crisis communication platform enabling corporations and government agencies to communicate and collaborate securely with their personnel and with other organizations through multiple devices during times of crises. BlackBerry’s AtHoc platform addresses critical communications needs including: Account: AtHoc Account enables real-time visibility into location and status for effective personnel accountability and crisis handling before, during, and after emergencies. This integrated approach to personnel accountability enables inputs from managers about their team, call center operators, data streams from HR and travel systems, as well as self-reporting by individuals. Alert: AtHoc Alert provides a comprehensive crisis communication solution that unifies all channels and devices, empowering organizations, people, and communities to collaborate during critical events. AtHoc’s flexible deployment options safeguards important personal information and enables enterprise-level command and control. Connect: AtHoc Connect empowers organizations to create their own permission-based network to establish interoperable communication and information sharing with organizations in their community. Collect: AtHoc Collect empowers your personnel in the field to be the "eyes and ears" of the operations center. AtHoc Collect enables on-scene personnel to report events, work progress, along with rich geo-tagged media that are worth a thousand words.
BlackBerryBlackBerry CylanceProtect & CylanceOpticsAuthorizedSaaSModerate12022-01-102022-06-29Booz Allen HamiltonRashad Munawarrmunawar@blackberry.comStateRAMP Approvals CommitteeBlackBerry’s CylanceProtect redefines what antivirus (AV) can and should do for your organization by leveraging artificial intelligence to detect and prevent malware from executing on your endpoints in real time. By taking a mathematical approach to malware identification utilizing patent-pending, machine learning techniques instead of reactive signatures and sandboxes, BlackBerry’s CylanceProtect renders new malware, viruses, bots and unknown future variants useless. BlackBerry’s CylanceProtect has developed the most accurate, efficient and effective solution for preventing advanced persistent threats and malware from executing on your organization’s endpoints. At the core of BlackBerry’s CylanceProtect unprecedented malware identification capability is a revolutionary machine learning research platform that harnesses the power of algorithmic science and artificial intelligence. It analyzes and classifies hundreds of thousands of characteristics per file, breaking them down to an atomic level to discern whether an object is “good” or “bad” in real time. BlackBerry’s CylanceOptics, part of the prevention-first BlackBerry’s CylanceProtect Security Platform, is an artificial intelligence (AI) driven endpoint detection and response (EDR) solution designed to extend the prevention delivered by BlackBerry’s CylanceProtect through root cause analysis, scalable threat hunting, and automated threat detection and response without increasing costs or security team workloads. BlackBerry’s CylanceProtect and BlackBerry’s CylanceOptics are managed through a single web interface within the FedRAMP boundary, and both capabilities are included in the BlackBerry’s CylanceProtect and CylanceOptics cloud service offering.
BlackboardBlackboard Learn SaaS GovCloudAuthorizedSaaSModerate12023-03-27A-LignAndrew Keeneyandrew.keeney@blackboard.comStateRAMP Approvals CommitteeBlackboard's Learn SaaS solution offers government and military agencies next-generation online, social and mobile tools that create a continuous learning environment, built around peer-to-peer interaction, content, and discussions
Box, Inc.Box Enterprise Cloud Content Collaboration PlatformAuthorizedSaaS, PaaSModerate12022-05-192022-06-16Schellman & CompanyTom Cowlescompliance@box.comLos Angeles City Employees' Retirement System (LACERS)
The Box Enterprise Content Cloud Collaboration Platform enables business to easily share, manage and secure their content. In today’s mobile-first, cloud-first world, providing employees with secure access to content at any time using any device is critical to creating a more productive, connected workforce and improved customer experiences. Beyond secure file sharing, Box enables easy access to content and collaboration tools from any device with the security, scalability and administrative controls that IT requires.
Casepoint LLCCasepoint Government EdiscoveryAuthorizedSaaSModerate12023-01-05Schellman Compliance, LLC.StateRAMP Approvals CommitteeCasepoint Government is a web-based SaaS application hosted in the Microsoft Azure cloud. Casepoint Government is a completely isolated tenant of Casepoint’s product software. Casepoint Government is purpose built to provide advanced security controls for a client needing additional security. Casepoint Government is a full-spectrum e-discovery solution that allows processing and review of extensive types of case data files.
Continuum GRC, Inc.Continuum GRC ITAMAuthorizedSaaSModerate12022-02-112022-04-26Sentar, Inc. Michael Petersmichael.peters@continuumgrc.comStateRAMP Approvals CommitteeAuto-mapped standards, automated documentation, real-time status, risk & maturity. When it comes to Compliance Cartography, no one is more comprehensive, secure and automated, saving you time, trouble and money. Serving the enterprise to the start-up community. Continuum GRC is a software as a service (SaaS) product that is purpose built for users who perform audit & compliance assessments, risk assessment & risk management, governance & policy development, and all other manner of audits and assessments.

Continuum GRC modules include support for the world’s frameworks, including NIST 800-53. DoD SRG, CMMC, 800-171, 800-66, 800-30, FedRAMP, StateRAMP, CJIS, DFARS, HIPAA, ITRM, AICPA SOC 1, SOC 2, GDPR, ISO 27001, NERC CIP, EUCS, C5, PCI DSS, LADMF and hundreds of others.

In addition to pre-configured questionnaires, assessment modules, and forms, the Continuum GRC ITAM SaaS application has creation tools that provide drag-n-drop easy custom creation for system administrators to construct their own assessment modules in 26 languages. Real time reports on Compliance Status, Risk Scores, Maturity Scores, workflows, tasking records, evidence management, and historical performance helping you stay proactive; not reactive.

Use Continuum GRC to replace existing tools, templates, and manual processes in place to support internal compliance and GRC requirements. The automation of Continuum GRC reduces manual labor, complexity of and between frameworks, produces reports, SSPs, POA&Ms, graphics, dashboards, and related outputs all sustained over the entire lifecycle of the program all within a single view with a unified source for governance, risk and compliance that supercharges performance and eliminates complexity. For a complete list of features and capabilities, please visit
Druva Inc.Druva inSyncAuthorizedSaaSModerate12023-03-28CoalfireBalaji Kalyanasundarambalajik@druva.comStateRAMP Approvals CommitteeDruva inSync is a fully automated enterprise class endpoint protection solution offered as a Software-as-a-Service (SaaS). Powered by state-of-the-art technology from AWS, Druva inSync offers elastic, on-demand storage that can grow to accommodate any number of users and data.
Full administrative control over Druva inSync is provided via a secure Web-based administrator control panel over HTTPS.
Druva inSync offers cloud native backup and data protection solutions for information stored on endpoints and in cloud applications. Druva inSync allows immediate access to back up files and folders across all devices and SaaS application like O365.
Druva inSync is hosted in Amazon AWS GovCloud Region, which delivers a highly scalable cloud computing platform with high availability, dependability and flexibility.
DynatraceDynatrace for GovernmentAuthorizedSaaSModerate12022-07-262022-11-30Schellman and Company, LLCRush Modirush.modi@dynatrace.comState of MichiganDynatrace provides software intelligence to simplify cloud complexity and accelerate digital transformation. With automatic and intelligent observability at scale, our all-in-one platform delivers precise answers about the performance and security of applications, the underlying infrastructure, and the experience of all users to enable organizations to innovate faster, collaborate more efficiently, and deliver more value with dramatically less effort.
EverlawEverlawAuthorizedSaaSModerate12023-02-08Kratos DefenseAngela Kovachfederal@everlaw.comStateRAMP Approvals CommitteeEverlaw helps legal teams and government agencies navigate the increasingly complex ediscovery landscape to chart a straighter path to the truth. With Everlaw, government agencies of all sizes are able to transform their approach to discovery, litigation, investigations, compliance, and FOIA/Public Records Requests. Combining speed, security, and ease-of-use in a unified discovery platform, cross-functional legal teams are empowered to investigate issues more thoroughly, uncover truth more quickly, and present their findings more clearly. Built natively on AWS GovCloud (US), Everlaw is committed to innovation and future-proofing agencies against emerging data types and other fluctuating needs. Founded in 2010 and based in Oakland, California, Everlaw’s mission is to promote justice by illuminating truth.
GoogleGoogle ServicesAuthorizedIaaS, PaaS, SaaSHigh12022-10-25Coalfire SystemsAshleigh Laoneashleighlaone@google.comArizona Department of Homeland SecurityGoogle Services is comprised of Google’s multi-tenant public cloud Google Cloud Platform and built atop the Google Common Infrastructure. The Google Common Infrastructure powers Google worldwide.
Google, Inc. Google WorkspaceAuthorizedSaaSHigh12023-02-20Coalfire SystemsAshleigh Laoneashleighlaone@google.comArizona Department of Homeland SecurityGoogle Workspace is a cloud-based offering for enterprise and government customers. Google’s product offerings, including Google Workspace and Application Programming Interfaces (APIs), are comprised of communication, productivity, collaboration and security tools that can be accessed virtually from any location with Internet connectivity.
Innovative Discovery, LLCInnovative Driven Government CloudAuthorizedSaaS, IaaSModerate02022-08-022022-10-04LunarlineJamie Neilonjamie.neilon@id-edd.comSacramento CountyThe Innovative Discovery Government Cloud (ID Gov-Cloud) is a Software as a Service (SaaS) offering that provides a secure and scalable environment for government legal document services. ID Gov-Cloud provides software services to agencies within a secure, scalable, and compliant cloud environment, offering Relativity Analytics, and iCONECT Analytics inhouse – as well as expert consulting and application to get the most from them. Agencies can leverage the full scope of eDiscovery services within one scalable platform, to include but not limited to: processing, document review, advanced analytics, assisted review, legal hold services, and production.
Keeper Security Inc.Keeper Security Government CloudAuthorizedSaaSModerate02022-11-30A-LignPatrick Tiquetpatrick@keepersecurity.comCalifornia Department of TechnologyKeeper Security Government Cloud (KSGC) transforms the way government organizations protect their operations against password-related data breaches and cyberthreats including ransomware and phishing attacks. KSGC provides IT administrators with visibility, management and control over their organization’s password security, monitoring and reporting. The KSGC cybersecurity platform utilizes a zero-trust framework and zero-knowledge security architecture and integrates with on-premise, cloud and hybrid-cloud environments. KSGC utilizes granular, role-based administrative controls including delegated administration. IT Administrators can enforce critical internal control policies including password complexity, IP white listing, two-factor authentication and Data Loss Prevention (DLP). KSGC’s modern provisioning tools allow organizations to rapidly deploy cybersecurity protection to thousands of users, on all their devices, and can integrate with any identity stack including AD, LDAP, SSO (SAML), SCIM and APIs. The cybersecurity platform includes robust event logging, reporting and auditing capabilities with seamless integration with Security Information and Event Management (SIEM) systems.
MicroStrategy, Inc.MicroStrategy Cloud for GovernmentAuthorizedSaaSModerate12023-03-27A-LignSamuel Petreskispetreski@microstrategy.comStateRAMP Approvals CommitteeMicroStrategy is the world’s top-rated platform for enterprise analytics. The MicroStrategy Intelligence Platform offers a full range of trusted, modern BI experiences, and is designed to help departments and agencies build data-driven cultures and make faster, smarter decisions. Built for performance at scale, MicroStrategy delivers concrete answers to users where and when they’re needed. Foundationally, the platform offers out-of-the-box drivers and gateways for a variety of data sources, types, and formats, and APIs/SDKs which are hosted within the MicroStrategy Platform Deployed within Customer Tenant.. Using the platform’s proprietary enterprise semantic graph, agencies can establish a unified, governed, secure, and reusable data model on which a variety of intelligence solutions can be built to deliver accurate, personalized, and trusted information to individual users based on each agency’s enterprise data dictionary.
The MicroStrategy Cloud for Government is a fully managed enterprise analytics solution that offers all the market-leading capabilities of the MicroStrategy Intelligence Platform on a unique Amazon Web Services (AWS) GovCloud implementation. MicroStrategy Cloud for Government features a fully optimized reference architecture built specifically for deployment in a customer-licensed AWS environment, offered as a software-as-a-service (SaaS) solution. MicroStrategy administers each unique MicroStrategy Cloud for Government environment on the behalf of each government department or agency, including steady state operations, routine application of software upgrades, robust system monitoring and alerting, and 24/7/365 technical support for priority issues. The components that directly support the MicroStrategy Cloud for Government cloud service offering are described in the subsections below.
MicroStrategy Cloud for Government is a SaaS service built on top of AWS GovCloud (US) IaaS servers. MicroStrategy utilizes AWS GovCloud (US) to provide the resources that host the MicroStrategy Cloud for Government platform and leverages the experience and resources of AWS to scale quickly and securely as necessary to meet current and future demand. MicroStrategy is responsible for designing and configuring the MicroStrategy Cloud for Government architecture within AWS GovCloud (US) to ensure that the availability, security, and resiliency requirements are met.
Paperless InnovationsActusAuthorizedSaaSModerate12023-05-23Earthling SecurityMichael Toccimike@paperless-innovations.comStateRAMP Approvals CommitteeActus is SaaS based Compliance automation solution for P-Card Programs, including item sourcing, approvals workflows, credit card purchasing, reconciliation, and automated audit. Actus is designed according to 3 pillars: Accountability, Compliance , and Transparency.
• Accountability - Actus helps agencies paint a complete and total picture of each expense, eliminating guesswork, human error, and manual data entry tracking. • Compliance - Simplified, structured data is at the heart of compliance automation ensuring adherence to Agency policies and acquisition regulations. The Actus platform streamlines and automates oversight processes while maintaining rich transactional records for instant audit reporting. Artificial Intelligence is used to further the regulatory mission of each agency. Adoption of Actus itself satisfies and supplements Federal paperless mandate compliance as well. • Transparency - Actus utilizes dashboards enabling full visualization of all workflow processes, transactional data and documents on a need to know basis. Audit automation occurs with every download of bank transactions without requiring manual packet creation by the cardholder. Active Audit enables inspection of every detail of each purchase made within a selected time frame—in a unified, streamlined format.
P-Card Compliance Automation Features: • Custom Approval Workflows • Financial Data Capture • Full Lifecycle Spend Tracking • Cloud Storage of Reconciliation Packets • Dashboard Visualization of data & documents • Automated Reconciliation Statements • Structured Item Level (Level 3) Data • Merchant Class Code Tracking • Suspicious Pattern & Activity Detection • Alerts for Each Stage of Transaction • Transactional Keyword Search • Bank Statement Transaction Matching • Auto-Matched Transactions • Daily, Weekly, or Monthly Reconciliation • PIV/CAC authentication
Project Hosts, Inc.GSS One- AzureAuthorizedPaaSModerate12021-09-102022-06-27Coalfire SystemsJoshua Kruegerjosh.krueger@projecthosts.comStateRAMP Approvals Committee
The GSS One- Azure is a General Support System (GSS) platform (PaaS) built primarily on Microsoft Azure Government. Project Hosts also deploys customer dedicated subnets on Azure commercial for those customers/ agencies that request this. The GSS is composed of systems and services that manage access control, authentication, auditing, monitoring, scanning, patching, configuration management, malware prevention, intrusion prevention, incident response, backup, and disaster recovery for each Application deployed on the GSS One- Azure. The GSS One- Azure is classified as a hybrid cloud deployment model to enable state and local agencies as well as commercial entities to deploy applications in a secure environment on top of the GSS One- Azure GSS system.
There are two main types of customers who use the GSS One- Azure: (i) Independent Software Vendors (ISVs) deploying multitenant SaaS applications and (ii) Federal, state or local agencies and commercial customers deploying dedicated applications just for their agency or organization (not multitenant). For both types of customers, their applications are deployed on customer-dedicated virtual servers (or Azure PaaS services) inside customer-dedicated subnets. Network security group access controls ensure that each customer’s subnet is completely isolated from and has no access to any other customer’s subnet. PaaS security subnets handling functions such as authentication, DMZ, SIEM, etc. are built on Azure Government. Customers have the option to have their dedicated application subnets built on either Azure Government or Azure Commercial. Either way, customer subnets are connected to the PaaS security subnets through V-net peering as described more fully here: .
For GSS One- Azure customers, Project Hosts also provides services that are over and above the PaaS offering described in the GSS One- Azure FedRAMP package. Namely, Project Hosts deploys, secures, manages, and provides continuous monitoring for applications that are compatible with GSS One- Azure architecture, authentication, operating system, database, and access requirements.
For ISV customers, Project Hosts also creates their SaaS-level FedRAMP package, helps them throughout the agency authorization process, and manages their 3PAO annual assessments.
For agency customers, Project Hosts assists them in the creation of their own SSP, manages annual 3PAO scanning and penetration testing of their dedicated applications, and provides a monthly application-level POA&M. Following is a partial list of applications for which Project Hosts is providing these services over and above the GSS One- Azure platform:
Accenture Federal (Task management Tool)
Blue Prism (Blue Prism)
BrightWork (BrightWork SharePoint-based Project Management)
Checkmarx (CxSAST Source Code Scanner)
Drupal (Drupal CMS)
FlowVU (FlowVU Collaboration)
Gimmal (Gimmal Records Management)
Lexmark (Managed Print Service)
Microsoft (Office, Dynamics, Power BI Server, Project Server, SharePoint, SSRS)
Sopheon (Accolade Enterprise Innovation Management)
UMT360 (SharePoint-based Enterprise Portfolio Management)
Veritas (eVault, eDiscovery, Merge1)
WordPress (WordPress CMS)
Permuta (Defense Ready)
Gimmal (Records Management)
Invoke (UiPath Orchestrator and RPA)
Conga (Contract Lifecycle Management and Conga Approvals)
Davra (WebEx Legislate, Internet of Things)
Ephesoft (Transact)
OM Group Inc (ProjNet)
Nintex (K2 Five, Workflow Cloud)
WordPress As a Service (WPaaS)
C3 AI (C3 AI Suites)
MURAL (MURAL for Government)
WillCo Tech (CyberSTAR)
Kofax (Control Suite, Kofax TotalAgility, Kofax Robotics Process Automation)
If an agency would like to use one of these Applications or bring in another GSS One- Azure-compatible Application, Project Hosts will provide application-level artifacts that will help the agency assess the risk of deploying that application in the GSS One- Azure as well as any other documentation or evidence required in order to grant an Authority to Operate (ATO).
Proofpoint, Inc.Proofpoint Targeted Attack ProtectionAuthorizedSaaSModerate02022-08-242022-09-29SchellmanTariq Iqbaltiqbal@proofpoint.comStateRAMP Approvals CommitteeProofpoint Targeted Attack Protection (TAP) helps detect, mitigate, and block advanced threat that target people through email. It detects both known and new, never-before-seen attacks that use malicious attachments and URLs to install malware on a device or trick users to share their passwords or other sensitive information.
Proofpoint, Inc.Proofpoint Email and Information Protection ServiceAuthorizedSaaSModerate02022-08-242022-09-29SchellmanTariq Iqbaltiqbal@proofpoint.comStateRAMP Approvals CommitteeThe Proofpoint Email and Information Protection Service is a powerful cloud email security service that integrates threat protection, virus protection, spam detection, message encryption, data loss prevention (DLP), and digital asset protection technologies into an extensible message management platform. The service is designed to fit easily into existing messaging infrastructure, providing efficient performance, accurate message analysis, and a web-based interface for reporting, configuration, and management tasks.
Qualtrics, LLC.Qualtrics XM PlatformAuthorizedSaaSModerate12023-04-18SchellmanBen Westbwest@qualtrics.comStateRAMP Approvals Committee
The Qualtrics XM Platform is a web-based application that allows Government agencies to create surveys and then collect, analyze, and store the data produced from those surveys. Government agencies can use the application to collect and analyze citizen, employee, and community feedback to improve services and engagement for both external customers (citizens) and internal customers (public sector employees). The Qualtrics XM Platform enables multiple departments within an agency to collect and analyze survey data within a single enterprise system, allowing all levels of the agency or department to have access to important feedback data. The XM Platform includes an array of services that can be utilized to track, manage, and improve the experience of external and internal customers, such as: • XM Core – Allows agencies to construct surveys, distribute them to participants, and then manage and analyze individual participant responses. Agencies can then create reports that present the results and publish these reports to the web or share the report links with others. • Customer Experience - Allows agencies to study and improve the customer experience by employing Relationship NPS, Transactional NPS, Customer Satisfaction, and Event Feedback programs. • Employee Experience - Allows agencies to measure and manage employee engagement by creating feedback loops for relevant aspects of public sector employment, such as Manager Feedback, Training Feedback, Employee Engagement, and Employee Pulse programs. • Site Intercept – Allows agencies to display a piece of text, graphic, or widget that encourages a visitor to their website to take a survey or redirect to a specific webpage. To implement, the agency administrator places a snippet of Qualtrics’ JavaScript code on the agency’s website. • Actions and Tickets - Allows defining and triggering a workflow when a set of conditions are met, such as creating support tickets or integrating with external systems via web service API. • Data Analytics - Provides ability to perform natural language processing, statistical and predictive analysis of the data collected via the Research Suite. • Reports and Dashboards – Enables agencies to build dashboards that provide visual displays of the data collected from an agency’s surveys combined with other imported data sources. Qualtrics creates a library where each agency can store question templates, graphics, messages, and files to be used in building surveys and sending messages to participants. Agencies can integrate data from other sources, such as their customer relationship management (CRM) tools, and produce and share reports. They can upload a list of contacts as a CSV file or manually enter or edit contacts. Agencies can also view the complete history of interactions that they have had with their contacts via emails or survey responses. The XM Platform allows customers to send surveys, notifications, and other messages via a built-in email mechanism. To enable this, the application provides an outbound mail delivery engine via SMTP. In addition, customers can generate a URL that links to their survey and send the URL out to survey participants via their own email systems. Reports and data can be exported to a variety of formats, including Word, Excel, PDF, and CSV/TSV, etc. The XM Platform provides an Administration tool that allows designated agency admins to create groups and user permissions and assign them to authorized agency users. Permissions can be set up at the agency, division, or organization level. A single sign-on (SSO) capability enables agencies to implement identity federation via LDAP, SAML / Shibboleth, central authentication service (CAS), or OAuth 2.0. Qualtrics also makes available a REST API to allow agencies to automate functions such as connecting Qualtrics surveys with external systems such as a CRM like Salesforce.
SMXCloud Assured Managed Services (CAMS)AuthorizedPaaSModerate12021-11-082022-05-20Coalfire SystemsRazaq Ahmedmahmed@smartronix.comStateRAMP Approvals CommitteeThe SMX Cloud Assured Managed Services (CAMS) solution gives an organization the ability to leverage the power and scalability of the cloud while reducing the cost and complexity of managing and monitoring cloud solutions in-house. CAMS has been designed to deliver the flexibility customers demand from today’s cloud managed service providers.
Snowflake Inc.Snowflake Data Cloud on Azure GovernmentAuthorizedSaaSModerate02023-02-21FortreumSiddique ChaudhrySiddique.chaudhry@snowflake.comSnowflake is the only data warehouse built for the cloud, enabling the data-driven enterprise with instant elasticity, secure data sharing and per-second pricing, across multiple clouds. Snowflake combines the power of data warehousing, the flexibility of big data platforms and the elasticity of the cloud at a fraction of the cost of traditional solutions. Find out more at
Snowflake Inc.Snowflake Data Cloud on AWSAuthorizedSaaSModerate02022-11-23FortreumSiddique ChaudhrySiddique.chaudhry@snowflake.comStateRAMP Approvals CommitteeSnowflake is the only data warehouse built for the cloud, enabling the data-driven enterprise with instant elasticity, secure data sharing and per-second pricing, across multiple clouds. Snowflake combines the power of data warehousing, the flexibility of big data platforms and the elasticity of the cloud at a fraction of the cost of traditional solutions. Find out more at
Snowflake Inc.Snowflake Data Cloud on AWS GovCloudAuthorizedSaaSHigh12023-04-24FortreumSiddique ChaudhrySiddique.chaudhry@snowflake.comStateRAMP Approvals CommitteeSnowflake is the only data warehouse built for the cloud, enabling the data-driven enterprise with instant elasticity, secure data sharing and per-second pricing, across multiple clouds. Snowflake combines the power of data warehousing, the flexibility of big data platforms and the elasticity of the cloud at a fraction of the cost of traditional solutions. Find out more at
Splunk IncSplunk CloudAuthorizedSaaSModerateSchellmanSplunk StateRAMP Teamssg-StateRAMP@splunk.comSplunk Cloud Platform delivers the benefits of award-winning Splunk® Enterprise as a cloud-based service. Using Splunk Cloud Platform, you gain the functionality of Splunk Enterprise for collecting, searching, monitoring, reporting, and analyzing all of your real-time and historical machine data using a cloud service that is centrally and uniformly delivered by Splunk to its large number of cloud customers, from Fortune 100 companies to small and medium-size businesses. Splunk manages and updates the Splunk Cloud Platform service uniformly, so all customers of Splunk Cloud Platform receive the most current features and functionality.
TalaTekTalaTek intelligent Governance and Risk Integrated Solution (TiGRIS)AuthorizedSaaSModerate12022-03-032022-04-28Earthling SecurityJohann Dettweilerjdettweiler@talatek.comStateRAMP Approvals CommitteeThe TiGRIS SaaS manages a customer’s information system requirements through the life cycle of its initial security assessment and then throughout the ongoing continuous monitoring of the set of security standards and controls selected by the customer. The TiGRIS application was developed in-house, by TalaTek developers and was designed, by TalaTek, to deliver its Governance, Risk Management and Compliance (GRC) services.
Tanium, Inc.Tanium Cloud for US Government (TC-USG)AuthorizedSaaSModerate12023-05-05LunarlineEric Kirscherstateramp@tanium.comState of Arizona, Department of Homeland Security"Tanium Cloud for US Government (TC-USG) delivers an agent-based endpoint management and security platform, managed and delivered as a cloud-hosted SaaS. The Tanium Core Platform and its services are automatically configured and maintained. For more information, please visit The following TC-USG services are included within authorization boundary and are offered to customers individually or as desired: Tanium Interact, Tanium Asset, Tanium Comply, Tanium Connect, Tanium Deploy, Tanium Discover, Tanium Enforce, Tanium Impact, Tanium Integrity Monitor, Tanium Map, Tanium Patch, Tanium Performance, Tanium Provision, Tanium Reveal, Tanium Risk, Tanium Threat Response, Tanium Trends." From FedRAMP Marketplace.
TenableTenable.ioAuthorizedSaaSModerate12022-02-112022-05-09EmagineITInfoSec-Compliancecompliance@tenable.comOwen Zorge, City of Chandler, is a risk-based vulnerability management platform. Built on an open and elastic platform, it continuously tracks and assess known and unknown assets and their vulnerabilities in your environment to provide a risk-based view of your entire attack surface- from IT to cloud and web applications. Powered by Nessus technology, provides the industry's most comprehensive vulnerability coverage with the ability to understand your cyber risk and predict which vulnerabilities you need to remediate first. Its streamlined and intuitive user experience, gives you immediate insight with intuitive dashboards to quickly deliver value and help your team identify, investigate and prioritize vulnerabilities.
T-Metrics, Inc.T-Metrics Cloud Contact CenterAuthorizedSaaSModerate12023-05-23A-LignJim Beckner IIIstateramp@tmetrics.comStateRAMP Approvals CommitteeThe T-Metrics Cloud Contact Center is an Omnichannel Contact Center as a Service (CCaaS) solution that offers voice, email, SMS, artificial intelligence, analytics, ACD, call and screen recording, scorecard, and survey to state and local agencies to improve constituent services. The advanced SaaS solution enables agencies to leverage their investments in Unified Communications, Phones, Carrier and SMS Services with its unique design. The architecture offers agencies the flexibility to consume the service however they decide - premises, hybrid, cloud.
VeracodeVeracode Application Security Scanning PlatformAuthorizedSaaSModerate12023-04-18Schellman and Company, LLCClaire Baileycbailey@veracode.comStateRAMP Approvals CommitteeVeracode’s unified platform helps Government developers and application security teams assess and improve the security of applications from inception through production. With a combination of automation, process, and speed, Veracode integrates application security into the software lifecycle, effectively eliminating vulnerabilities during the development/deployment chain. This solution is widely used by enterprises to secure web, mobile, legacy, and third-party enterprise applications, with a simpler and more scalable way to help reduce software security risk across software infrastructure.
VMwareVMware Government ServicesAuthorizedIaaSHigh02022-11-09Coalfire SystemsJoe Witlesjwitles@vmware.comStateRAMP Approvals CommitteeVMware Government Services (VGS) is a set of cloud service offerings designed to allow US government agencies and customers supporting the US government to migrate, manage, and operate more sensitive workloads in the cloud. The VGS authorization boundary provides Software-as-a-Service (SaaS) and Infrastructure-as-a-Service (IaaS) capabilities to deliver modern applications at the speed the US government demands and operate across the data center, the edge, and the cloud. VGS provides the following FedRAMP authorized services at the High baseline: VMware Cloud on AWS GovCloud (US) (VMC), Hybrid Cloud Extension (HCX), Carbon Black Cloud (CBC), and Software Defined WAN (SD-WAN) and Horizon Cloud Service (HCS), and VMware vRealize Suite Cloud for Public Sector. More information on the VGS public sector roadmap can be found on the VMware Trust Center.
VMwareWorkSpace OneAuthorizedSaaSModerate02022-11-09Coalfire SystemsJoe Witlesjwitles@vmware.comStateRAMP Approvals CommitteeVMware Workspace ONE® is a FedRAMP Moderate Authorized solution, providing a digital workspace platform that combines endpoint device deployment and management with secure Zero Trust Access for agencies & branches.

Consistently ranked as a leader by industry analysts, Workspace ONE delivers consumer-simple, single sign-on (SSO) access to cloud, web, and Windows apps in one unified catalog that engages employees. Agencies can enable employees with a broad range of devices including iOS, Android, Mac, Windows and rugged devices to meets the needs or preferences of a user or their mission while enforcing fine-grained, conditional access policies that also take into account device compliance information delivered by unified endpoint management (UEM) technology.

The Workspace ONE FedRAMP environment now includes ‘Workspace ONE Access’, (formerly VMware Identity Manager), which provides multi-factor and derived credentials authentication, conditional access and single sign-on to SaaS and web apps, and Workspace ONE Intelligent Hub, which offers a unified catalog, actionable notifications of potential interest to employees, and a people directory for a full digital workspace experience.
WellspringSophia Knowledge Management SystemAuthorizedSaaSModerate02022-06-302022-08-29LunarlineMatthew Hamiltonmatt.hamilton@wellspring.comStateRAMP Approvals CommitteeWellspring Knowledge Management System (Sophia) is a Software-as-Service (SaaS) solution designed to manage technology transfer operations and knowledge asset tracking for those working in the area of research and innovation. The product services solutions within intellectual property (patent) management, licensing and contract management, invention and ideas disclosure, along research and development (R&D) portfolios and project management.

The data in the system is typically directly entered by users and includes storage of various metadata around invention, patents, projects, contracts, and contacts associated with those records. Users may supplement these with uploaded notes, related files, workflow status, financial information, contract terms and other information that is critical to the tracking of the end users portfolio. Key functional areas of the system are:

idea disclosure from researchers and inventors.
evaluation of inventions and Intellectual property protection
support of patent prosecution and monitoring
tracking contracts and technology licensing terms
financial management of patent expenses and licensing revenue
compliance with contract terms and invention reporting
project and portfolio management
WingSweptCase Management & Tracking System (CMTS)AuthorizedSaaSModerate12023-02-27LunarlineAllison Lehmanallison.lehman@wingswept.comStateRAMP Approvals CommitteeWingSwept has provided case management solutions to investigators at government agencies for more than a decade. WingSwept converted its Case Management & Tracking System (CMTS) into a Commercial Off-The-Shelf (COTS) service offering in 2010. Built with both security and flexibility in mind, CMTS provides for the secure storage, retrieval, and reporting of case management data for investigative offices at all levels of government. The CMTS design is neither static nor monolithic. Intentionally flexible, CMTS provides government agencies with the ability to establish unique naming conventions, tailor agency-specific workflows, and to support a wide range of other user-preferred configurations. An idle-case tracking function also includes both time and activity-based notifications in order to establish and maintain a seamless agency workflow. As an added layer of security, each CMTS customer operates in a secure environment with data separated by customer. Hosted on Amazon Web Services (AWS), CMTS is a web-based, browser-accessible application that requires no device-specific software for implementation. Highly customizable dashboards, combined with specialized labels and entry fields provide investigators with the ability to compile and display comprehensive case metrics in a simplified, user-friendly format. CMTS can display ad-hoc and pre-defined reports in minutes, drastically reducing processing times and increasing staff efficiency. This flexible design allows agencies to tailor workflows in order to match existing processes and to provide for continuity in ongoing investigations. As a result, CMTS may be readily adapted to serve investigative offices of any size. Many of the CMTS customers leverage our optional Online Intake Service (OIS) which allows customers to host or leverage OIS hosted internet facing forms which can collect case intakes to be later securely picked up by the agency CMTS server for potential ingestion as a case.
ZoomZoom for GovernmentAuthorizedSaaSModerate12022-02-112022-07-12Schellman and Company, LLCChristina Gathzfgcompliance@zoom.usSacramento County, CaliforniaThe Zoom For Government Platform unifies cloud video conferencing, cloud phone system, messaging, simple online meetings, and a software-defined conference room solution into one easy-to-use platform. The solution offers video, audio, phone, and wireless screen-sharing across Windows, Mac, Linux, Chrome OS, iOS, Android, Blackberry, Zoom Rooms, and H.323/SIP room systems. Zoom Products include:

Zoom Cloud Video Conferencing – a cloud-based collaboration service which includes video, audio, content sharing webinars and collaboration.
Zoom Phone - a cloud-based phone system with traditional PBX features, integrated PSTN connectivity, enhanced emergency services, and support for calling from mobile apps, desktop apps, and legacy desk phone devices.
Zoom Chat - send chat messages in public or private channels organized by projects, teams, or topics with the ability to share files, emojis, screenshots, and more.
Zoom Rooms – software-based group video conferencing for conference and huddle rooms that run off-the-shelf hardware including a dedicated MAC or PC, camera, and speaker with an iPad controller.
Zoom Room Connector – a gateway allowing H.323 and Session Initiation Protocol (SIP) systems to connect to Zoom meetings. Room Connector is available in both cloud computing and as software (VM) for installation on the customer premise.
Zoom Meeting Connector – a software (VM) version of the Zoom Cloud infrastructure intended for installation on the customer premise.
Zoom API - provides the ability for developers to easily add Video, Voice and Screen Sharing to your application. Our API is a server side implementation designed around REST. The Zoom API helps manage the pre-meeting experience such as creating, editing and deleting resources like users, meetings and webinars.
Aurigo Software Technologies Inc.Masterworks Cloud and Aurigo EssentialsReadySaaSModerate02021-10-15The Cadence GroupVivek Siddegowdavivek.siddegowda@aurigo.comThe Aurigo Masterworks Cloud is an integrated suite of enterprise software products for owners to plan, build, and maintain large capital assets, infrastructure, and facilities. Aurigo Essentials is an all-in-one product for small to mid-size agencies with easy-to-deploy and industry-ready configurations.
AvayaAvaya OneCloud for GovernmentReadySaaSModerate02021-11-05Coalfire SystemsLodovico Loquerciolloquercio@avaya.comFull UcaaS offering including audio/video conferencing and audio contact center.
BlackBerryBlackBerry Government Mobility Suite (BGMS)ReadySaaSModerate02021-12-03KratosRashad Munawarrmunawar@blackberry.comBlackBerry Government Mobility Suite (BGMS) is a cloud-based endpoint management solution. BGMS provides customers the ability to utilize a single, integrated view of users, devices, applications, and policies within their IT environment. Customers can use BGMS to unify multi-OS endpoints across all ownership models while securing sensitive data. BGMS is deployed in Microsoft Azure FedRAMP approved Government cloud as a multi-tenant, government-only community cloud deployment model. The BGMS architecture will serve as the baseline infrastructure for BlackBerry FedRAMP authorized productivity applications such as BlackBerry Work and BlackBerry Workspaces; these solutions will provide mobile access to key business tools like email, calendars, contacts, and tasks as well provide secure access to enterprise file repositories. Inc, d/b/a NEOGOVNEOGOVReadySaaSModerateThe Cadence GroupWally Finleyinfosec@neogov.netNEOGOV is a Software as a Service (SaaS) cloud provider of Human Capital Management (HCM) software. Our software meets the unique needs of government sector human resource (HR) management by managing the entire employee lifecycle, streamlining processes, and automating routine tasks. We provide HRMS and talent management software (TMS) that enable government agencies to source, recruit, hire, onboard, develop, and retain a high quality workforce that represents the communities they serve. Our HCM platform includes specific solutions for:
Recruiting: applicant tracking, diversity (DEI) hiring, candidate relationship management (CRM), and employee onboarding.
Employee training, development, and retention: learning management system (LMS), electronic forms, and performance management.
Managing employee data: human resources information system (HRIS) that includes core HR, time and attendance, benefits management, payroll, and payroll services.
Knowledge ServicesdotStaffReadySaaSModerate02021-09-13A-LignDave Stengerdaves@knowledgeservices.comKnowledge Services dotStaff™ is a Software as a Service (SaaS) offering that includes a Vendor Management System and a Survey Management module.
OCLCWorldShare Management ServicesReadySaaSLow02021-09-29Schellman and Company, LLCTina Pricepricet@oclc.orgOCLC is a nonprofit global library organization. Through OCLC, member libraries cooperatively produce and maintain WorldCat, the world’s most comprehensive global network of data about library collections and services.
OktaOkta IDaaSReadySaaSModerate12021-11-19Schellman and Company, LLCMark Forreidermark.forreider@okta.comState of ArizonaThe Okta IDaaS Regulated package includes a number of components that may be used to provide methods of authentication and provisioning control including Okta core, Okta Mobile, Okta Verify, Okta Directory Agent, and Okta IWA Agent.
PexipPexip Government CloudReadySaaSModerateSchellman & Companystateramp@pexip.comPexip Government Cloud (PGC) provides a standards-based video teleconferencing (VTC) Software as a Service (SaaS) capability to United States (US) federal, state, and local government customers. The PGC SaaS features two core capabilities:
· Microsoft (MS) Qualified Cloud Video Interop (CVI) for MS Teams
· Standards-based Virtual Meeting Rooms (VMRs) for customer VTC endpoint devices
PGC offers government customers the ability to replace or augment their existing on-premise VTC infrastructure with a subscription-based service model using compliant purpose-built secure communication protocols.
Quzara, LLCCybertorchReadySaaS, PaaSHigh02022-07-25Schellman & Company, LLCSaif Rahmansrahman@quzara.comQuzara Cybertorch™ (Cybertorch) is a Managed Detection and Response (MDR) Platform providing Soc-As-A-Service (SocaaS). The system is intended solely for use by United States Federal, State, Local, and Tribal Governments, Government Consultants, and Federally Funded Research and Development Centers (FFRDC) (referred to throughout the following sections as “customers”) delivered through a Government Community Cloud Deployment Model. Cybertorch delivers Managed Vulnerability Management and Security Monitoring solutions and services. The security monitoring capabilities extend to cloud, datacenters, on-premises, IoT, OT signals converging to a single correlation, aggregation and analysis fusion capability driven and built on Zero trust principles, purpose-built to FedRAMP HIGH and DoD Security Requirements Guide (SRG). These services are delivered through a Platform which leverages components of Software-as-a-Service (SaaS) and Platform-as-a-Service (PaaS) as defined in NIST SP 800-145 (NIST Definition of Cloud Computing. Cybertorch services and security architecture are based on Zero Trust Architecture principles described in NIST SP 200-207 (Zero Trust Architecture) for Enclave-based deployments and Enhanced Identity Government. Further, concepts of control plane and data plane are used throughout the architecture to segregate and isolate customers data.
Building on these security and trust architecture concepts, Cybertorch’ s unified platform allows the delivery and support of full end to end security coverage utilizing in-house security analysts along with Artificial Intelligence engines. Cybertorch provides managed Security Operations Services providing prevention, detection, and remediation services for the Customer. Cybertorch is supported by an enterprise-class cloud computing architecture that is delivered on the Government regions of Azure Infrastructure-as-a-Service (IaaS) platform.
Lookout Inc.Lookout Security PlatformAuthorized, Federal JABSaaSModerate12021-10-262022-01-28Schellman and Company, LLCKimberly Snowkimberly.snow@lookout.comTravis County, TexasThe Lookout Security Platform is a scalable cloud-delivered solution to protect agency data accessed by any endpoint from any location in any application including on-premises apps, SaaS apps and enterprise apps running in IaaS. The platform enables government agencies to meet the Zero Trust Architecture requirements in the Executive Orders and mitigate risk when enabling critical initiatives like telework. To secure agency data, the platform delivers a triple-play integration of User and Entity Behavior Analytics (UEBA), Data Loss Prevention (DLP), and Enterprise Digital Rights Management (EDRM) across secure access technologies – Cloud Access Security Broker (CASB), and Zero Trust Network Access (ZTNA) – and Secure Email Gateway (SEG) and Mobile Endpoint Security (MES). This triple-play protects data against insider threats and credential theft, dynamically adapts to changes in user and device risk posture and prevents agency data from being exposed to unauthorized users. This enables unified data protection policies to be consistently applied across all users, devices and applications, improving security administration.
MicrosoftMicrosoft AzureAuthorized, Federal JABSaaSHigh12021-12-152022-04-25KratosJohn Gallagherjogallag@microsoft.comState of Arizona, Department of Homeland SecurityMicrosoft Azure is a cloud platform with more than 200 products and cloud services designed to help deliver solutions across different deployment scenarios – Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), and Software-as-a-Service (SaaS). Microsoft Azure supports more than 90 compliance standards including FedRAMP High.
MicrosoftMicrosoft Azure GovernmentAuthorized, Federal JABSaaSHigh12021-12-152022-04-25KratosJohn Gallagherjogallag@microsoft.comState of Arizona, Department of Homeland SecurityMicrosoft Azure Government is a separate cloud platform to support US federal, state, local, and tribal government agencies. It can support data that’s subject to the CJIS Security Policy and IRS Publication 1075 along with FedRAMP High and other compliance standards. Microsoft Azure Government is delivered through separate datacenters with physical, logical, and network isolation from the commercial cloud and is operated by US persons who have passed fingerprint-based background checks performed by the states.
MicrosoftMicrosoft Dynamics 365Authorized, Federal JABSaaSHigh12021-12-152022-04-25KratosJohn Gallagherjogallag@microsoftState of Arizona, Department of Homeland SecurityMicrosoft Dynamics 365 is the next generation of intelligent business applications that enable organizations to grow, evolve, and transform. These applications enable organizations to quickly deliver new purpose-built applications that work seamlessly together to help manage mission-critical functions. Microsoft Dynamics 365 supports more than 90 compliance standards including FedRAMP High.
MicrosoftMicrosoft Dynamics 365 US GovernmentAuthorized, Federal JABSaaSHigh12021-12-152022-04-25KratosJohn Gallagherjogallag@microsoftState of Arizona, Department of Homeland SecurityMicrosoft Dynamics 365 US Government is the next generation of intelligent business applications that enable US federal, state, local, and tribal government organizations to grow, evolve, and transform. It’s delivered through separate datacenters with physical, logical, and network isolation from the commercial cloud, is operated by US persons who have passed fingerprint-based background checks performed by the states, and can support data that’s subject to the CJIS Security Policy and IRS Publication 1075 along with FedRAMP High and other compliance standards.
TTECHumanify EnterpriseAuthorized, Federal JABSaaSModerate02021-10-152022-09-29Coalfire SystemsKip Jameskip.james@ttec.comStateRAMP Approvals Committee
The TTEC Humanify Enterprise - G is an OmniChannel Contact Center as a Service solution that enables routing of Voice, eMail, Chat, Artificial Intelligence, and SMS interactions between citizens and government entities.
ZscalerZscaler Private Access - Government (Zero Trust Networking - VPN Replacement)Authorized, Federal JABSaaSHigh12021-09-102022-03-18Schellman and Company, LLCVidya Meenakshisundaramvidya@zscaler.comState of Arizona Department of Homeland SecurityZscaler Private Access solves the challenges posed by a traditional VPN infrastructure by decoupling your internal assets and applications from the limitations, cost, and complexity of direct IP network connections.
ZscalerZscaler Internet Access - Government (Secure Web Gateway - vTIC)Authorized, Federal JABSaaSModerate12021-09-102022-01-28Schellman and Company, LLCHoon Pattersonhpatterson@zscaler.comState of Arizona Department of Homeland SecurityZscaler Internet Access delivers your security stack as a service from the cloud, eliminating the cost and complexity of traditional secure web gateway approaches.

Progressing Product List

The list below recognizes offerings in the process of working toward a verified status of Ready or Authorized. To be included in this list, the provider must be engaged with a Third Party Assessment Organization (3PAO) for an independent audit. The progressing statuses include Active, In Process, and Pending. Active products are working towards Ready; In Process products are working toward Authorized; Pending products are currently being reviewed by the StateRAMP Program Management Office (PMO) and are awaiting a determination for a verified status.
CompanyProduct NameSecurity StatusService ModelImpact LevelSponsorsReady Date:Authorization Date:3PAO:Point Of Contact:Contact Email:Sponsor Names:Service Description:
AINS, LLC dba OPEXUSeCasePendingSaaSModerate0FortreumSrinivasSristyeCase is a dynamic case management and rapid application development platform that empowers professionals to elevate trust in public institutions. With secure and collaborative information and document management, robust reporting, adaptive workflows, role-based security, and comprehensive audit trail capabilities, eCase helps public sector clients automate processes, reduce costs, improve transparency, and ultimately achieve better outcomes with less risk while maintaining compliance within demanding regulatory environments. eCase and eCase COTS solutions (including Correspondence, OIG Audits and Investigations, and HR applications) are FedRAMP-moderate certified PaaS/SaaS. For more information, visit
CGICGI US CloudPendingIaaSModerate1A-LignRosemary Millikenrosemary.milliken@cgi.comState of Arizona Department of Homeland SecurityCGI GTO delivers centralized, highly secure and fully managed solutions specifically designed to support state and local government needs.
CoSo Cloud, LLCCoSo Cloud FedRAMP Managed Service ProviderPendingSaaSModerateCoalfireDavid Thompsondavid.thompson@cosocloud.comCoSo Cloud's FedRAMP authorized environment provides three separate offerings, all on the same SAR:
Adobe Connect
Adobe Learning Manager (ALM)
MicrosoftMicrosoft Office365PendingSaaSHigh0Coalfire SystemsShawn Veneyshawn.veney@microsoft.comState of ArizonaOffice 365 combines the Microsoft Office desktop suite with cloud-based versions of Microsoft's next-generation communications and collaboration services—including Microsoft Exchange Online, Microsoft Teams, and Office for the web. Microsoft Office 365 supports many compliance standards including FedRAMP Moderate.
MicrosoftMicrosoft Office365 Government Community CloudPendingSaaSHigh0Coalfire SystemsShawn Veneyshawn.veney@microsoft.comOffice 365 Government Community Cloud is built for US federal, state, local, and tribal government organizations and combines the Microsoft Office desktop suite with cloud-based versions of Microsoft's next-generation communications and collaboration services—including Microsoft Exchange Online, Microsoft Teams, and Office for the web. Microsoft Office 365 Government Community Cloud can support data that’s subject to the CJIS Security Policy and IRS Publication 1075 along with FedRAMP Moderate and other compliance standards.
ORock Technologies, Inc.ORockCloudPendingIaaSModerate0Schellman and Company, LLCAbigail Halderahalder@orocktech.comThis secure, open source cloud provides a highly scalable, bi-coastal environment with elastic, on-demand access to computing, storage, virtualization, networking, performance monitoring, and applications in ORock’s service catalog.
QlikQlik Cloud GovernmentPendingSaaSModerateA-LignMarie
Rackspace TechnologyRackspace Government CloudPendingModerateSchellmanAbel Sanchezabel.sanchez@rackspace.comRackspace Government Cloud (RGC) is purpose-built to help organizations achieve Assessment & Authorization faster and with cost savings of up to 70%. The platform is designed to support a government agency, systems integrator, or independent software vendor. Rackspace Government Cloud (RGC) wraps VMware and AWS in a secure-by-design management platform to meet the compliance requirements for FedRAMP and DoD Cloud Computing SRG. Customer solutions are deployed and managed in secured enclaves within US Rackspace datacenters and/or AWS East/West and GovCloud. Customers are provided with dedicated application stacks to maintain data security at the necessary levels. All this is backed by a 24x7x365 U.S. only support model that allows Rackspace to provide the highest levels of assurance and security to our government customers.
Wolters KluwerTeamMate+PendingSaaSModerate0Schellman & Company, LLCAlberto De Benito AznarTeamMate-FedRAMP@wolterskluwer.comThe TeamMate+ FedRAMP platform is a suite of services that provides tooling and functionality to auditors for management and tracking of the entire auditing process. The product suite includes TeamMate+ Audit, TeamMate+ Controls, and TeamMate+ Public Sector. The TeamMate+ FedRAMP suite allows auditors and audit organizations to define, track, and manage the audit process within their own standards. TeamMate+ FedRAMP leverages tooling and software to integrate with various services and resources across many systems, enabling auditors to achieve a holistic view of the organization. Through use of cloud technology and wide tooling integration, TeamMate+ FedRAMP enables organizations to align processes and goals for better strategic and tactical insights. TeamMate+ FedRAMP's environment utilizes higher standards for security and compliance, this system has very well-defined boundaries and controlled data ingress and egress patterns.
ZibaSecPhishTACOPendingSaaSModerate0Coalfire SystemsJulie Davilaj@zibasec.ioZibaSec PhishTACO is a cloud-based SaaS solution that enables organizations of all sizes to accurately assess their risk levels using sophisticated email phishing campaigns.
ZscalerZscaler Private AccessPendingSaaSModerate1Schellman and Company, LLCBradley Josephsbjosephs@zscaler.comState of Arizona Department of Homeland SecurityZscaler Private Access delivers your security stack as a service from the cloud, eliminating the cost and complexity of traditional secure web gateway approaches.
AvePoint, Inc.AvePoint Online Services for US GovernmentIn ProcessSaaSModerate0LunarlineLauren Darnislauren.darnis@avepoint.comvePoint Online Services for US Government is the industry’s first and only 100 percent Microsoft Azure-based Software-as-a-Service (SaaS) platform for Office 365 MT. Requiring no installation or agents, AvePoint Online Services for US Government provides centralized management, governance, backup, reporting and ECM/records management for your Office 365 MT environments.
BoomiAtomSphereIn ProcessSaaSModerate0Schellman and Company, LLCCameron HassCameron_hass@dell.comBoomi AtomSphere is a cloud-native integration Platform-as-a-Service (iPaaS) technology that lets you connect everyone to everything. The Boomi SaaS AtomSphere Platform solves the needs of our government customers with end-to-end capabilities by integrating applications, systems, and connecting people.
CGICGI Advantage CloudIn ProcessSaaSModerate1A-LignRosemary Millikenrosemary.milliken@cgi.comState of Arizona Department of Homeland SecurityCGI Advantage Cloud is a unified multi-tenant SaaS ERP solution that is designed, built, and optimized for the public sector. Our solution provides financial management, procurement, grants, human capital management, payroll, labor cost distribution, time and leave, budgeting, and advanced analytics capability that addresses the public sector’s most complex requirements out of the box. Advantage Cloud requires minimal workarounds or extensions associated with dual-use ERP systems that are built for private sector and then overlaid with public sector features.
Cisco Systems, Inc.Webex for GovernmentIn ProcessSaaSModerate0KratosDebbie Bidwelldbidwell@cisco.comCisco Webex for Government is a cloud collaboration service that allows customers to call, meet, and message on any device with a single unified application from Webex.
CobbleStone SoftwareCobbleStone Contract InsightIn ProcessSaaSModerateA-LignTiffany Salmonitcg@cobblestonesystems.comCobbleStone Software is a best-of-breed leader with providing enterprise eProcurement & contract management software solutions since 1995 and has years of client feedback and industry knowledge. CobbleStone has been selected by thousands of users worldwide. CobbleStone is a United States Federal Contractor on the GSA Schedule (contract number: GS-35f-0186W) and is rated by Dunn & Bradstreet Gartner and the Better Business Bureau.
DataBank HoldingsColocation Managed ServicesIn ProcessIaaSModerate0Secure ITMark Houptmhoupt@databank.comCloudPlus delivers highly availability and secured cloud hosting, which includes monitoring, backups and recovery and 24x7x365 technical support.
EllucianEllucian Platform for GovernmentIn ProcessSaaSModerate1Schellman & CompanyJennifer Steelejennifer.steele@ellucian.comEllucian drives innovation for the business of higher education, continuously delivering new solutions for more than 2,900 customers across 50 countries, serving 22 million students. A recognized market leader in student systems for decades, Ellucian builds technology that empowers institutions with the insights they need now and into the future. The Ellucian platform offers open, powerful solutions built uniquely for the needs and challenges of learning institutions, from community colleges to large public university systems and more.
ibossiboss Government Cloud Platform (IGCP)In ProcessSaaSModerateNCC GroupHeath Crockerheath.crocker@iboss.comWith over 4,000 customers, including the largest government, financial, insurance, energy and technology organizations, iboss enables government to reduce cyber risk by delivering a FedRAMP Authorized Zero Trust Secure Service Edge that protects resources and users from wherever they work. iboss delivers security capabilities such as SWG, malware defense, browser isolation, CASB and data loss prevention within a completely unified cloud platform to protect all resources, instantaneously and at scale. This shifts the focus from protecting buildings to protecting people and resources wherever they are located. Backed by 230+ issued and pending patents, iboss processes and secures over 150 billion daily network transactions globally, blocking 4 billion threats per day. The iboss Government Cloud Platform enables federal agencies to migrate rapidly into a Zero Trust architecture as mandated by the Presidential Executive Order on Cyber. Jump-start your transformational journey and experience the future of Zero Trust cloud security today. Visit to learn more.
Mark43Mark43 Public Safety PlatformIn ProcessSaaSHighKratos DefenseN/Aregistrations@mark43.comThe Mark43 service offering provides a public safety CAD, RMS, analytics, and property and evidence platform. The Mark43 platform provides security and law enforcement capabilities to support functions such as situational awareness, information sharing, investigations, homeland defense, security missions, domestic emergency responses, and military support to civil authorities. Additionally, the platform provides emergency management and critical communications capabilities in support of public safety organizations, facilities, first responders, and force protection activities.
McAfee EnterpriseMVISION for EndpointIn ProcessSaaSModerate0KratosPatrick McEnanypatrick_mcenany@mcafee.comMcAfee MVISION for Endpoint is a SaaS offering that is deployed on AWS GovCloud IaaS. The SaaS offering is made up of a suite of solutions developed by McAfee. McAfee MVISION for Endpoint enables customers to centrally manage security for their organization while leveraging real-time monitoring and protection of the environment. Machine learning, artificial intelligence, and behavioral analysis are used to detect and respond to suspicious activity based on comparing observed activity to real-world adversarial attack techniques.
McAfee EnterpriseMVISION CloudIn ProcessSaaSHigh0KratosPatrick McEnanypartick_mcenany@mcafee.comMcAfee MVISION Cloud discovers all cloud services in use across an organization’s network. It provides a corresponding readiness rating that allows system and data owners to assess cloud risk. It detects anomalous activity that may be indicative of a security breach or insider threat, enabling the organization to respond immediately to potential incidents. Additionally, McAfee MVISION Cloud enhances privacy controls by applying standards-based encryption or tokenization mechanisms to structured or unstructured data while maintaining searching, sorting, and formatting capabilities. McAfee MVISION Cloud enforces risk-based, inline, or offline compliance policies using notifications, blocking, or selective encryption to prevent the leakage of Personally Identifiable Information (PII) and offers the ability to synchronize policies with existing data loss prevention (DLP) solutions.
QualysQualys Cloud PlatformIn ProcessSaaSModerate0Coalfire SystemsEric Kibisingoekibisingo@qualys.comThe Qualys Cloud Platform (QCP) is a multi-tenant shared cloud service environment. Its unique computing power is capable of continuously analyzing and correlating information, to assist IT management with identifying and homing-in on threats and eliminating vulnerabilities.
RelativityRelativityOne GovernmentIn ProcessSaaSModerate0Coalfire SystemsKristal Davykristal.morris@relativity.comRelativityOne Government brings the entire e-discovery process together in one secure and extensible platform, connected to your organization’s most sensitive data—and supported by the community of experts you need to untangle it all. Start and finish e-discovery in one solution with best-in-class security, scale, and performance and extend the functionality of the platform to meet your unique needs by leaning on apps built by our ecosystem of Relativity developer partners or building them yourself. With the latest in advanced searching and analytics, machine learning, and visualizations all built in, RelativityOne Government is your complete platform for organizing data, discovering the truth, and acting on it.
RubrikRubrik Security Cloud - Government (RSC-G)In ProcessSaaSModerateKratos DefenseGayle Berkeleygayle.berkeley@rubrik.comRubrik Security Cloud - Government (RSC-G) delivers a radically simplified approach to data management for state & local governments that enable recovery from ransomware attacks, accelerate cloud mobility, and streamline operations.
RSC-G provides Data Protection from cyber attacks with air-gapped, immutable, access-controlled backups. Observability features monitor and remediate data risks, including ransomware, sensitive data exposure, and indicators of compromise. Remediation features enable rapid recovery of apps, files, or users while avoiding malware reinfection. Together, the features and capabilities of RSC-G provide Zero Trust data protection for sensitive government information while streamlining data management and operational backup burdens.
TERIDAThe Terida RegTech Framework - CLASsoft™In ProcessSaaSModerate1A-LIGNTeri Princetprince@terida.comNorth Carolina Military Business CenterThe Terida RegTech Framework – CLASsoft™:
One Framework, Infinite Applications. Robust, scalable, e-operations RegTech platform to receive, manage, track, monitor, analyze, evaluate, resolve, and audit registrations, applications, users, communications, claims, cases, files, forms, and documents.
With CLASsoft, all information collected and processed, and their chain of custody and access, are secured, managed, and protected for the term(s) necessitated by operational requirements and objectives, and rules, regulations, laws, and evidentiary, audit and risk standards.
Credential and connect the enterprise with the Terida RegTech platform’s consistent methodologies and permission layers. Reduce data silos. Decrease costs and risks.
With CLASsoft, the entire flow of information “Persons, Objects, Events, Organizations, Entities, Registrations, Applications, Claims, Cases, Files, Data, Documents, Forms, Communications, Relationships, Requirements, Regulations, Operations, Processes, Protocols, Workflow, Permission Hierarchies, Administration, Evaluation, Resolution, Reporting, Auditing, Archiving” is configured explicitly to the particular business problem and secured within the platform’s authorization boundary.
E-credential, E-submit, E-consent, E-certify, E-participate, E-claim, E-evaluate, E-process, E-learn, E-work, E-connect use cases include:
• government, business, organizations, defense
• education, finance, health, insurance, legal
• emergencies, disasters, evacuations, mass actions, class actions
• device failures, complaints, credentialing, compliance
• claims, settlements, distributions, deferred prosecution agreements
• joint operations, collaborative intelligence, procurement, supply chain.
VexcelWIC MosaicIn ProcessPaaSModerateKratos DefenseJohnny O'Boylejohnnyoboyle@microsoft.comA modern solution for the Women, Infants, and Children Program impacting participation, eligibility, and retention.
ZimperiumZimperium zIPSIn ProcessSaaSModerate0Coalfire SystemsBrian Caldwellbrian.caldwell@zimperium.comZimperium zIPS is an advanced mobile threat defense solution for enterprises, providing persistent, on-device protection to corporate-owned and BYOD devices. Leveraging advanced machine learning, Zimperium zIPS detects both known and unknown threats across the kill chain: device, network, phishing, and app attacks. Once deployed on a mobile device, zIPS begins protecting the device against all primary attack vectors, even when the device is not connected to a network.
ClouderaCDP for GovernmentActivePaaSModerateCoalfireNatalia Belayanbelaya@cloudera.comCloudera for Government is a secure and governed cloud service platform that offers a broad set of enterprise data cloud services with data analytics and artificial intelligence functionality. With Cloudera for Government, users can create and manage secure data lakes, self-service analytics, and machine learning services without installing and managing the data platform software. Cloudera for Government services are managed by Cloudera, but the customer’s data remains under their control in their AWS cloud account.
Cloudera for Government lets customers:
• Control cloud costs by automatically spinning up workloads when needed, scaling them as the load changes over time, and suspending their operation when complete.
• Isolate and control workloads based on user type, workload type, and workload priority.
• Combat proliferating silos and centrally control customer and operational data across multi-cloud and hybrid environments.
Duo SecurityDuo FederalActiveSaaSModerate0Coalfire SystemsMinh Tranmintran2@cisco.comDuo’s Federal Editions can verify the identity of users with secure and easy to use two-factor authentication methods that helps public sector entities satisfy NIST 800-63-3 and 53/63/171 authentication requirements. This complete security solution prevents modern attackers that often target multiple areas - including credential theft and the exploitation of known software vulnerabilities affecting outdated software versions.
EquifaxEquifax EDGEActivePaaSModerate0KratosShea Gieslershea.giesler@equifax.comEquifax Government Data Exchange provides real-time income and employment verification service as well as HR management services to federal customers. These services are cloud-native and delivered using Equifax’s Data Fabric enterprise data management platform to provide maximum availability, scalability, and security.
Evenly Odd Inc. DBA KnackKnackActiveSaaSModerateInformation Technology CompanyEric Kathermaneric@knack.comKnack empowers everyday innovators to easily overcome critical business challenges. By leveraging Knack’s intuitive no-code platform and expert builder network, teams can quickly build custom applications that collect and manage data, automate processes and move workflows online.
FormAssembly, Inc.FormAssembly Gov Cloud (FAGC)ActiveSaaSModerate0A-LIGN Compliance and Security, Inc. dba A-LIGNChad Craglechad@formassembly.comFAGC is a web application developed to help businesses build, design, and manage web forms and surveys. The application is aimed at professionals looking to automate form creation independently and can be used without the help of web developers. FAGC helps organizations in multiple industries quickly create web forms, collect data, and eliminate arduous workflows and manual data entry through smart integrations, all in a secure and compliant manner.
Geographic Solutions, Inc.Virtual OneStop - GUSActiveSaaSModerate0A-LignPaul Toomeyptoomey@geosolinc.comDesigned specifically for the diverse needs of the American Job Center system, VOS Sapphire is a Commercial Off-The-Shelf solution that offers over 50 functional modules and components that can be adapted to meet the exact requirements of any state or local workforce organization. We continuously enhance the system based on technological advances and user feedback to ensure it continues to be the most effective online workforce development solution available on the market today.
JamfJamf SchoolActiveSaaSModerateCoalfireWendy Kongwendy.kong@jamf.comJamf School is a purpose-built mobile device management solution (MDM) for schools. Jamf School enables educators to deploy and manage Apple devices simply.
JamfJamf ProActiveSaaSModerateCoalfireWendy Kongwendy.kong@jamf.comJamf Pro is the flagship product, providing complete Apple mobility management (EMM) solution for information technology professionals. Jamf Pro provides deployment, device management, application management, asset inventory, user self-service, and security services for the enterprise.
Mimecast Ltd.Mimecast Federal GridActiveSaaSModerate0Schellman and Company, LLCHarvey Sealehseale@mimecast.comMimecast Federal Grid is a set of cloud services designed to provide next generation protection against advanced email-borne threats such as but not limited to malicious URLs, malware, impersonation attacks, as well as internally generated threats.
SAP National Security SystemsCommercial Regulated Environment (CIE)ActiveSaaS, PaaSModerate0ForterumPenny Kleinpenny.klein@sapns2.comSAP NS2 Commercial Regulated Environment (CRE) includes a suite of intelligent applications and experience management tools. Our intelligent suite includes applications for managing the operational transactions, HR and people management, analytics, and other innovative capabilities. The applications are integration-ready, include embedded intelligence, and offer a consistent and intuitive user interface.
Socure Inc.ID+ActiveSaaSModerateKratos DefenseMatt Kingmatt.king@socure.comSocure leverages the power of AI / ML to provide digital identity proofing and verification solutions for consumer identity management. Socure’s ID+ analytics platform ingests consumer submitted data, validates the data against authoritative sources, and analyzes every dimension of the digital identity to generate a risk-based assessment of whether someone is who they claim to be online. This includes a comprehensive analysis of name, email, phone, address, date of birth, SSN, IP, device, velocity, network and behavioral intelligence, and more.
SophosSophos Intercept XActiveSaaSModerate1FortreumMinh Tranminh.tran@sophos.comTexas A&MSophos Intercept X is the world’s best endpoint protection. It stops the latest cybersecurity threats with a combination of deep learning AI, anti-ransomware capabilities, exploit prevention and other techniques.
WalkMeDigital Adoption PlatformActiveSaaSModerate0CoalfireBilly Biggsbilly.biggs@walkme.comDigital Adoption Platform - Gain visibility into the tech stack as you constantly identify gaps and problem areas to drive user experience of digital assets.

Federal JAB Attestations

StateRAMP seeks to provide recognition to those products who have achieved a FedRAMP Authorization through Joint Authorization Board (JAB) approval. These products have undergone a rigorous audit and review from both a Third Party Assessment Organization (3PAO) and the FedRAMP JAB. StateRAMP wishes to highlight their efforts and provide an avenue for these products to be included in StateRAMP.

Products that have been awarded both a StateRAMP Authorized status and Federal JAB status are now listed on the APL as Authorized, Federal JAB.

Receive StateRAMP Updates

Interested in StateRAMP? Sign up below to receive StateRAMP Updates.