StateRAMP Authorized Vendors
StateRAMP establishes common security criteria to standardize cloud security verification.
To manage cyber risk and protect critical data, systems, and infrastructure from cyber-attacks and ransomware, it is recommended that state and local governments verify the cybersecurity posture of their cloud solution providers.
What this means for Service Providers: This standardized approach allows providers serving state and local governments to verify their security posture and prove their cybersecurity compliance to their government clients.
What this means for States and Local Government: StateRAMP’s shared resource model and continuous monitoring simplifies cloud compliance and risk management for government agencies who participate with StateRAMP.
Verified offerings and those in the process of working toward an authorization are listed on the Authorized Vendor List (AVL) below. The AVL, first published September 14, 2021, is updated weekly.
|Company||Product Name||Security Status||Service Model||Impact Level||Sponsors||Authorization Date||3PAO||Point of Contact||Contact Email||Sponsor Names||Service Description|
|Zscaler||Zscaler Internet Access - Government (Secure Web Gateway - vTIC)||Ready||SaaS||Moderate||1||9/10/2021||Schellman and Company, LLC||Bradley Josephsfirstname.lastname@example.org||State of Arizona Department of Homeland Security||Zscaler Internet Access delivers your security stack as a service from the cloud, eliminating the cost and complexity of traditional secure web gateway approaches.|
|Zscaler||Zscaler Private Access - Government (Zero Trust Networking - VPN Replacement)||Ready||SaaS||High||1||9/10/2021||Schellman and Company, LLC||Bradley Josephsemail@example.com||State of Arizona Department of Homeland Security||Zscaler Private Access solves the challenges posed by a traditional VPN infrastructure by decoupling your internal assets and applications from the limitations, cost, and complexity of direct IP network connections.|
|Aurigo Software Technologies Inc.||Masterworks Cloud and Aurigo Essentials||Ready||SaaS||Moderate||0||10/15/2021||The Cadence Group||Vivek Siddegowdafirstname.lastname@example.org||The Aurigo Masterworks Cloud is an integrated suite of enterprise software products for owners to plan, build, and maintain large capital assets, infrastructure, and facilities. Aurigo Essentials is an all-in-one product for small to mid-size agencies with easy-to-deploy and industry-ready configurations.|
|OCLC||WorldShare Management Services||Ready||SaaS||Low||0||9/29/2021||Schellman and Company, LLC||Anthony Fisicemail@example.com||OCLC is a nonprofit global library organization. Through OCLC, member libraries cooperatively produce and maintain WorldCat, the world’s most comprehensive global network of data about library collections and services.|
|Project Hosts, Inc.||Project Hosts Federal Private Cloud||Ready||PaaS||Moderate||0||9/10/2021||Coalfire Systems||Joshua Kruegerfirstname.lastname@example.org||The Federal Private Cloud (FPC) is a General Support System (GSS) is composed of systems and services that manage access control, authentication, auditing, monitoring, scanning, patching, configuration management, malware prevention, intrusion prevention, incident response, backup, and disaster recovery for each Application deployed on the FPC.|
|Knowledge Services||dotStaff||Ready||SaaS||Moderate||0||9/13/2021||A-Lign||Dave Stengeremail@example.com||Knowledge Services dotStaff™ is a Software as a Service (SaaS) offering that includes a Vendor Management System and a Survey Management module.|
|TTEC||Humanify Enterprise||Ready||SaaS||Moderate||0||10/15/2021||Coalfire Systems||Jeff Smithfirstname.lastname@example.org||The TTEC Humanify Enterprise - G is an OmniChannel Contact Center as a Service solution that enables routing of Voice, eMail, Chat, Artificial Intelligence, and SMS interactions between citizens and government entities.|
|Avaya||Avaya OneCloud for Government||Pending||SaaS||Moderate||0||Coalfire Systems||Lodovico Loquercioemail@example.com||Full UcaaS offering including audio/video conferencing and audio contact center.|
|BlackBerry||BlackBerry Government Mobility Suite (BGMS)||Pending||SaaS||Moderate||0||Kratos||Rashad Munawarfirstname.lastname@example.org||BlackBerry Government Mobility Suite (BGMS) is a cloud-based endpoint management solution. BGMS provides customers the ability to utilize a single, integrated view of users, devices, applications, and policies within their IT environment. Customers can use BGMS to unify multi-OS endpoints across all ownership models while securing sensitive data. BGMS is deployed in Microsoft Azure FedRAMP approved Government cloud as a multi-tenant, government-only community cloud deployment model. The BGMS architecture will serve as the baseline infrastructure for BlackBerry FedRAMP authorized productivity applications such as BlackBerry Work and BlackBerry Workspaces; these solutions will provide mobile access to key business tools like email, calendars, contacts, and tasks as well provide secure access to enterprise file repositories.|
|BlackBerry||BlackBerry Cloud - AtHoc Services for Government (ACSforGov)||Pending||SaaS||Moderate||0||Kratos||Rashad Munawaremail@example.com||BlackBerry’s AtHoc is a networked crisis communication platform enabling corporations and government agencies to communicate and collaborate securely with their personnel and with other organizations through multiple devices during times of crises. BlackBerry’s AtHoc platform addresses critical communications needs including: Account: AtHoc Account enables real-time visibility into location and status for effective personnel accountability and crisis handling before, during, and after emergencies. This integrated approach to personnel accountability enables inputs from managers about their team, call center operators, data streams from HR and travel systems, as well as self-reporting by individuals. Alert: AtHoc Alert provides a comprehensive crisis communication solution that unifies all channels and devices, empowering organizations, people, and communities to collaborate during critical events. AtHoc’s flexible deployment options safeguards important personal information and enables enterprise-level command and control. Connect: AtHoc Connect empowers organizations to create their own permission-based network to establish interoperable communication and information sharing with organizations in their community. Collect: AtHoc Collect empowers your personnel in the field to be the "eyes and ears" of the operations center. AtHoc Collect enables on-scene personnel to report events, work progress, along with rich geo-tagged media that are worth a thousand words.|
|BlackBerry||BlackBerry Protect||Pending||SaaS||Moderate||0||Booz Allen Hamilton||Rashad Munawarfirstname.lastname@example.org||Blackberry PROTECT redefines what antivirus (AV) can and should do for your organization by leveraging artificial intelligence to detect AND prevent malware from executing on your endpoints in real time. By taking a mathematical approach to malware identification utilizing patent-pending, machine learning techniques instead of reactive signatures and sandboxes, Blackberry PROTECT renders new malware, viruses, bots and unknown future variants useless. Blackberry has developed the most accurate, efficient and effective solution for preventing advanced persistent threats and malware from executing on your organization’s endpoints. At the core of Blackberry ’s unprecedented malware identification capability is a revolutionary machine learning research platform that harnesses the power of algorithmic science and artificial intelligence. It analyzes and classifies hundreds of thousands of characteristics per file, breaking them down to an atomic level to discern whether an object is “good” or “bad” in real time. Blackberry OPTICS, part of the prevention-first Blackberry Security Platform, is an artificial intelligence (AI) driven endpoint detection and response (EDR) solution designed to extend the prevention delivered by Blackberry PROTECT through root cause analysis, scalable threat hunting, and automated threat detection and response without increasing costs or security team workloads. Blackberry PROTECT and Blackberry OPTICS are managed through a single web interface within the FedRAMP boundary, and both capabilities are included in the Blackberry PROTECT cloud service offering.|
|DataBank Holdings||Colocation Managed Services||Pending||IaaS||Moderate||0||Secure IT||Mark Houptemail@example.com||CloudPlus delivers highly availability and secured cloud hosting, which includes monitoring, backups and recovery and 24x7x365 technical support.|
|Lookout Inc.||Lookout Mobile Endpoint Security||Pending||SaaS||Moderate||0||Schellman and Company, LLC||Kimberly Snowfirstname.lastname@example.org||Lookout Mobile Endpoint Security is an enterprise-grade mobile security solution that provides comprehensive risk management across mobile devices, including iOS and Android, to secure against application, device, and network-based threats while providing visibility and control over data leakage. The Lookout Mobile Endpoint Security suite enables government agencies to secure the organization from mobile threats, identify and control non-compliant mobile apps that pose data leakage risks, and gain visibility into mobile endpoints. Lookout empowers government agencies to adopt secure mobility across personal and GFE devices without compromising productivity.|
|Microsoft||Azure Commercial||Pending||SaaS||Moderate||0||Kratos||John Gallagheremail@example.com||Azure Commercial is an open and flexible cloud platform that enables customers to quickly build, test, deploy, and manage their applications, services, and product development across a network of Microsoft-managed datacenters within the United States. The Azure platform exports savings to the customer by delivering the software, platform, and IT infrastructure resources where and when it is needed via the Internet. Azure provides a multi-tenant public cloud services platform that offers functionality to support capacities such as Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS) cloud service models.|
|Microsoft||Azure Government||Pending||SaaS||High||0||Kratos||John Gallagherfirstname.lastname@example.org||Azure Government is a government-community cloud that offers hyper-scale compute, storage, networking, and identity management services, with world-class security. A physically and network-isolated instance of Azure, operated by screened U.S. citizens, Azure Government provides standards-compliant IaaS, PaaS, and SaaS. All services are available immediately for supporting secure US government workloads, including CJIS, IRS 1075 FTI, HIPAA, DoD, and federal agency data.|
|Microsoft||Office365||Pending||SaaS||Moderate||1||Coalfire Systems||Shawn Veneyemail@example.com||State of Arizona||Office365 provides customers with cloud versions of Exchange Online (EXO), SharePoint Online (SPO) (including Access Online, Project Online, and OneDrive for Business), and Teams. Exchange Online is an email service. SharePoint Online is a solution for creating sites to share documents and information. Teams is a communication service that offers instant messaging, audio/video calling, online/broadcast meetings and PSTN (public switched telephone network) services.|
|Okta||Okta IDaaS||Pending||SaaS||Moderate||1||Schellman and Company, LLC||Mark Forreiderfirstname.lastname@example.org||State of Arizona||The Okta IDaaS Regulated package includes a number of components that may be used to provide methods of authentication and provisioning control including Okta core, Okta Mobile, Okta Verify, Okta Directory Agent, and Okta IWA Agent.|
|ORock Technologies, Inc.||ORockCloud||Pending||IaaS||Moderate||0||Schellman and Company, LLC||Abigail Halderemail@example.com||This secure, open source cloud provides a highly scalable, bi-coastal environment with elastic, on-demand access to computing, storage, virtualization, networking, performance monitoring, and applications in ORock’s service catalog.|
|Smartronix||Cloud Assured Managed Services (CAMS)||Pending||PaaS||Moderate||0||Coalfire Systems||Razaq Ahmedfirstname.lastname@example.org||The Smartronix Cloud Assured Managed Services (CAMS) solution gives an organization the ability to leverage the power and scalability of the cloud while reducing the cost and complexity of managing and monitoring cloud solutions in-house. CAMS has been designed to deliver the flexibility customers demand from today’s cloud managed service providers.|
|Zoom||Zoom for Government||Pending||SaaS||Moderate||0||Schellman and Company, LLC||Chamon Gaytonemail@example.com||The Zoom For Government Platform unifies cloud video conferencing, cloud phone system, messaging, simple online meetings, and a software-defined conference room solution into one easy-to-use platform. The solution offers video, audio, phone, and wireless screen-sharing across Windows, Mac, Linux, Chrome OS, iOS, Android, Blackberry, Zoom Rooms, and H.323/SIP room systems. Zoom Products include:
Zoom Cloud Video Conferencing – a cloud-based collaboration service which includes video, audio, content sharing webinars and collaboration.
Zoom Phone - a cloud-based phone system with traditional PBX features, integrated PSTN connectivity, enhanced emergency services, and support for calling from mobile apps, desktop apps, and legacy desk phone devices.
Zoom Chat - send chat messages in public or private channels organized by projects, teams, or topics with the ability to share files, emojis, screenshots, and more.
Zoom Rooms – software-based group video conferencing for conference and huddle rooms that run off-the-shelf hardware including a dedicated MAC or PC, camera, and speaker with an iPad controller.
Zoom Room Connector – a gateway allowing H.323 and Session Initiation Protocol (SIP) systems to connect to Zoom meetings. Room Connector is available in both cloud computing and as software (VM) for installation on the customer premise.
Zoom Meeting Connector – a software (VM) version of the Zoom Cloud infrastructure intended for installation on the customer premise.
Zoom API - provides the ability for developers to easily add Video, Voice and Screen Sharing to your application. Our API is a server side implementation designed around REST. The Zoom API helps manage the pre-meeting experience such as creating, editing and deleting resources like users, meetings and webinars.
|Blackboard||Blackboard Learn SaaS||In-Process||SaaS||Moderate||0||A-Lign||Andrew Keeneyfirstname.lastname@example.org||Blackboard's Learn SaaS solution offers government and military agencies next-generation online, social and mobile tools that create a continuous learning environment, built around peer-to-peer interaction, content, and discussions|
|Boomi||AtomSphere||In-Process||SaaS||Moderate||0||Schellman and Company, LLC||Cameron Hass||Cameron_hass@dell.com||Boomi AtomSphere is a cloud-native integration Platform-as-a-Service (iPaaS) technology that lets you connect everyone to everything. The Boomi SaaS AtomSphere Platform solves the needs of our government customers with end-to-end capabilities by integrating applications, systems, and connecting people.|
|Dynatrace||Dynatrace for Government||In-Process||SaaS||Moderate||0||Schellman and Company, LLC||Rush Modiemail@example.com||Dynatrace provides software intelligence to simplify cloud complexity and accelerate digital transformation. With automatic and intelligent observability at scale, our all-in-one platform delivers precise answers about the performance and security of applications, the underlying infrastructure, and the experience of all users to enable organizations to innovate faster, collaborate more efficiently, and deliver more value with dramatically less effort.|
|Geographic Solutions, Inc.||Virtual OneStop - GUS||In-Process||SaaS||Moderate||0||A-Lign||Paul Toomeyfirstname.lastname@example.org||Designed specifically for the diverse needs of the American Job Center system, VOS Sapphire is a Commercial Off-The-Shelf solution that offers over 50 functional modules and components that can be adapted to meet the exact requirements of any state or local workforce organization. We continuously enhance the system based on technological advances and user feedback to ensure it continues to be the most effective online workforce development solution available on the market today.|
|Google Services||In-Process||IaaS, PaaS, SaaS||High||1||Coalfire Systems||Rodney Nelsonemail@example.com||Arizona Department of Homeland Security||Google Services is comprised of Google’s multi-tenant public cloud Google Cloud Platform and built atop the Google Common Infrastructure. The Google Common Infrastructure powers Google worldwide.|
|McAfee Enterprise||MVISION for Endpoint||In-Process||SaaS||Moderate||0||Kratos||Patrick McEnanyfirstname.lastname@example.org||McAfee MVISION for Endpoint is a SaaS offering that is deployed on AWS GovCloud IaaS. The SaaS offering is made up of a suite of solutions developed by McAfee. McAfee MVISION for Endpoint enables customers to centrally manage security for their organization while leveraging real-time monitoring and protection of the environment. Machine learning, artificial intelligence, and behavioral analysis are used to detect and respond to suspicious activity based on comparing observed activity to real-world adversarial attack techniques.|
|McAfee Enterprise||MVISION Cloud||In-Process||SaaS||High||0||Kratos||Patrick McEnanyemail@example.com||McAfee MVISION Cloud discovers all cloud services in use across an organization’s network. It provides a corresponding readiness rating that allows system and data owners to assess cloud risk. It detects anomalous activity that may be indicative of a security breach or insider threat, enabling the organization to respond immediately to potential incidents. Additionally, McAfee MVISION Cloud enhances privacy controls by applying standards-based encryption or tokenization mechanisms to structured or unstructured data while maintaining searching, sorting, and formatting capabilities. McAfee MVISION Cloud enforces risk-based, inline, or offline compliance policies using notifications, blocking, or selective encryption to prevent the leakage of Personally Identifiable Information (PII) and offers the ability to synchronize policies with existing data loss prevention (DLP) solutions.|
|Qualys||Qualys Cloud Platform||In-Process||SaaS||Moderate||0||Coalfire Systems||Samuel Aydlettefirstname.lastname@example.org||The Qualys Cloud Platform (QCP) is a multi-tenant shared cloud service environment. Its unique computing power is capable of continuously analyzing and correlating information, to assist IT management with identifying and homing-in on threats and eliminating vulnerabilities.|
|Relativity||RelativityOne Government||In-Process||SaaS||Moderate||0||Coalfire Systems||Kristal Davyemail@example.com||RelativityOne Government brings the entire e-discovery process together in one secure and extensible platform, connected to your organization’s most sensitive data—and supported by the community of experts you need to untangle it all. Start and finish e-discovery in one solution with best-in-class security, scale, and performance and extend the functionality of the platform to meet your unique needs by leaning on apps built by our ecosystem of Relativity developer partners or building them yourself. With the latest in advanced searching and analytics, machine learning, and visualizations all built in, RelativityOne Government is your complete platform for organizing data, discovering the truth, and acting on it.|
|VMware||VMC on AWS GovCloud||In-Process||IaaS||High||0||Coalfire Systems||Joe Witlesfirstname.lastname@example.org||VMware Cloud on AWS GovCloud (US) brings VMware’s rich Software-Defined Data Center software to the AWS GovCloud (US) Region, and enables U.S public sector agencies to securely run production applications across VMware vSphere®-based private, public and hybrid cloud environments, with optimized access to AWS services. Jointly engineered by VMware and AWS, this on-demand service enables IT teams to seamlessly extend, migrate and manage their cloud-based resources with familiar VMware tools – without the hassles of learning new skills or utilizing new tools. VMware Cloud on AWS GovCloud (US) integrates VMware’s flagship compute, storage and network virtualization products (VMware vSphere®, VMware vSANTM and VMware NSX®) along with VMware vCenter® management as well as robust disaster protection, and optimizes it to run on dedicated, elastic, Amazon EC2 bare-metal infrastructure that is fully integrated as part of the AWS GovCloud (US). This service is delivered, sold and supported by VMware and its partners. With the same architecture and operational experience on-premises and in the cloud, IT teams can now quickly derive instant business value from use of the AWS and VMware hybrid cloud experience.|
|VMware||WorkSpace One||In-Process||SaaS||Moderate||0||Coalfire Systems||Joe Witlesemail@example.com||VMware Workspace ONE® is a FedRAMP Moderate Authorized solution, providing a digital workspace platform that combines endpoint device deployment and management with secure Zero Trust Access for agencies %26 branches.
Consistently ranked as a leader by industry analysts, Workspace ONE delivers consumer-simple, single sign-on (SSO) access to cloud, web, and Windows apps in one unified catalog that engages employees. Agencies can enable employees with a broad range of devices including iOS, Android, Mac, Windows and rugged devices to meets the needs or preferences of a user or their mission while enforcing fine-grained, conditional access policies that also take into account device compliance information delivered by unified endpoint management (UEM) technology.
The Workspace ONE FedRAMP environment now includes ‘Workspace ONE Access’, (formerly VMware Identity Manager), which provides multi-factor and derived credentials authentication, conditional access and single sign-on to SaaS and web apps, and Workspace ONE Intelligent Hub, which offers a unified catalog, actionable notifications of potential interest to employees, and a people directory for a full digital workspace experience.
|Zimperium||Zimperium zIPS||In-Process||SaaS||Moderate||0||Coalfire Systems||Brian Caldwellfirstname.lastname@example.org||Zimperium zIPS is an advanced mobile threat defense solution for enterprises, providing persistent, on-device protection to corporate-owned and BYOD devices. Leveraging advanced machine learning, Zimperium zIPS detects both known and unknown threats across the kill chain: device, network, phishing, and app attacks. Once deployed on a mobile device, zIPS begins protecting the device against all primary attack vectors, even when the device is not connected to a network.|
|Cisco Systems, Inc.||Cisco Webex||Active||SaaS||Moderate||0||Kratos||Debbie Bidwellemail@example.com||Create and join meetings easily from your computer or mobile device. Invite participants to share content in real time. See who you’re talking to. All in a highly secure environment. This is now reality for government agencies, thanks to Cisco WebEx® Web Conferencing.|
|Cisco Systems, Inc.||Webex for Government||Active||SaaS||Moderate||0||Kratos||Debbie Bidwellfirstname.lastname@example.org||Cisco Webex for Government is a cloud collaboration service that allows customers to call, meet, and message on any device with a single unified application from Webex.|
|Cisco Systems, Inc.||Cisco Unified Communications Manager Cloud for Government||Active||SaaS||Moderate||0||Kratos||Debbie Bidwellemail@example.com||Cisco Hosted Collaboration Solution for Government (HCS-G) is a complete unified communications service from the Cisco cloud. It is built to provide government-level security so that organizations can collaborate with anyone, anywhere, on any device.|
|Cisco Systems, Inc.||AppDynamics GovAPM||Active||SaaS||Moderate||0||Coalfire Systems||Claudio Bellolifirstname.lastname@example.org||AppDynamics GovAPM is a software-as-a-service (SaaS) application performance monitoring (APM) solution. AppDynamics GovAPM provides end-to-end visibility into the performance of applications.|
|Cisco Systems, Inc.||Cisco Cloudlock for Government||Active||SaaS||Moderate||0||Kratos||Claudio Belloliemail@example.com||Cisco Cloudlock is the cloud-native Cloud Access Security Broker (CASB) that helps accelerate use of the cloud. Cisco Cloudlock secures your cloud users, data, and apps, combating account compromises, data breaches, and cloud app ecosystem risks, while facilitating compliance through a simple, open, and automated API-driven approach.|
|Cisco Systems, Inc.||Cisco Managed Services Accelerator||Active||SaaS||Moderate||0||Kratos||Claudio Bellolifirstname.lastname@example.org||MSX FedRAMP is a multi-tenant SaaS orchestration platform created for Federal agencies, Federal service providers, and Federal service integrators to deliver managed services to market. MSX FedRAMP reduces the time to deploy a cloud service from 18 months to a few weeks by accelerating service creation, orchestration, and integration with external services via vendor APIs as well as supporting zero-touch provisioning.|
|Cisco Systems, Inc.||Webex Contact Center Enterprise for Government||Active||SaaS||Moderate||0||Coalfire Systems||Claudio Belloliemail@example.com||Webex® Contact Center Enterprise for Government provides a comprehensive, customizable, highly secure solution to meet the complex needs of the world’s largest contact centers. With readily extensible via open APIs and backed by the security and support benefits only available from a trusted brand like Cisco, Webex® Contact Center Enterprise for Government opens a path to the cloud for even the most business-critical contact centers.|
|Cisco Systems, Inc.||Cisco Meraki||Active||SaaS||Moderate||0||Coalfire Systems||Claudio Bellolifirstname.lastname@example.org||Cisco Meraki’s cloud management provides centralized visibility & control over Meraki’s hardware, without the cost and complexity of on-premise based management servers and software, wireless controllers or overlay management systems. Integrated with Meraki’s entire product portfolio, cloud management provides feature rich, scalable, and intuitive centralized management for networks of any size.
Meraki’s access points, switches, SD-WAN/Security, video surveillance cameras, wireless WAN, mobile device management, IoT sensors, and WAN insight products are purpose built for cloud management. Cisco Meraki Cloud Networking Architecture allows you to turn your entire network deployment into one platform. With centralized visibility, you control campus or distributed sites and perform diagnostics remotely, eliminating the need for on-premise troubleshooting. You can also enhance network security measures centrally without having to manually install security patches and definition updates in all your branches.
|Cisco Systems, Inc.||Cisco Viptela SD-WAN||Active||SaaS||Moderate||0||Coalfire Systems||Claudio Belloliemail@example.com||Cisco SD-WAN powered by Viptela/IOS XE is a highly secure, cloud-scale architecture that is open, programmable, and scalable. Through the Cisco vManage console, you can quickly establish an SD-WAN overlay fabric. Use it to connect data centers, branches, campuses, and colocation facilities to improve network speed, security, and efficiency.|
|Cisco Systems, Inc.||Cisco Umbrella Secure Internet Gateway||Active||SaaS||Moderate||0||Coalfire Systems||Claudio Bellolifirstname.lastname@example.org||Cisco Umbrella unifies multiple security functions in a single cloud service to secure internet access and control cloud app usage from your network, branch offices, and roaming users. Delivered from the cloud with 100% business uptime, Umbrella integrates secure web gateway, DNS-layer security, cloud-delivered firewall, cloud access security broker (CASB) functionality, and threat intelligence for the most effective protection against threats.|
|Cisco Systems, Inc.||Cisco Umbrella DNS||Active||SaaS||Moderate||0||Coalfire Systems||Claudio Belloliemail@example.com||Cisco Umbrella provides DNS-layer security by enforcing security at the DNS and IP layers, Umbrella blocks requests to malicious and unwanted destinations before a connection is even established — stopping threats over any port or protocol before they reach your network or endpoints.|
|Cisco Systems, Inc.||Cisco Secure Cloud Analytics (Stealthwatch Cloud)||Active||SaaS||Moderate||0||Coalfire Systems||Claudio Bellolifirstname.lastname@example.org||Cisco Secure Cloud Analytics is a cloud-delivered, SaaS-based solution that provides end-to-end visibility, behavioral analysis, and threat detection across your private network, public cloud, and hybrid environments. It uses dynamic entity modeling, based on network telemetry and cloud data sources, to rapidly identify threat activity and indicators of compromise to drastically improve your awareness and overall security posture.|
|Cisco Systems, Inc.||Cisco Nexus Dashboard||Active||SaaS||Moderate||0||Coalfire Systems||Claudio Belloliemail@example.com||Cisco Nexus Dashboard brings together unified proactive operations, actionable insights across data center networks, open to any fabric or domain, empowering seamless native and fabric agnostic solutions. It’s a powerful easy to use, easy to scale and easy to monitor data center to help operators open to any fabric and domain, leverage the power of NetOps/AIOps with easy to use consumption models across Cisco ACI and DCNM data center fabrics.|
|Cisco Systems, Inc.||Cisco Secure Workload (Tetration)||Active||SaaS||Moderate||0||Coalfire Systems||Claudio Bellolifirstname.lastname@example.org||Cisco Secure Workload is a hybrid-cloud workload protection platform designed to secure compute instances in both the on-premises data center and the public cloud. These compute instances could be virtual machines, bare-metal servers, or containers. It uses machine learning, behavior analysis, and algorithmic approaches to offer this holistic workload protection strategy.|
|Cisco Systems, Inc.||Cisco CX Cloud||Active||SaaS||Moderate||0||Coalfire Systems||Claudio Belloliemail@example.com||Cisco CX Cloud is a cloud-based Software as a Service (SaaS). With CX Cloud, we help drive speed to value from your investment with Cisco and our technology. We do that by delivering the right information at the right time to help you achieve your desired outcomes faster. CX Cloud is a one-stop destination that combines Cisco expertise and best practices with telemetry, AI/ML-driven insights, use cases, and contextual learning.|
|Cisco Systems, Inc.||Cisco Defense Orchestrator||Active||SaaS||Moderate||0||Coalfire Systems||Claudio Bellolifirstname.lastname@example.org||Cisco Defense Orchestrator is a cloud-based management solution that allows you to manage security policies and device configurations with ease across multiple Cisco and cloud-native security platforms.|
|Cisco Systems, Inc.||Cisco Secure Endpoint||Active||SaaS||Moderate||0||Coalfire Systems||Claudio Belloliemail@example.com||Cisco Secure Endpoint (formerly AMP for Endpoints) offers cloud-delivered endpoint protection plus advanced endpoint detection and response across multi-domain control points.|
|Cisco Systems, Inc.||Cisco Intersight||Active||SaaS||Moderate||0||Coalfire Systems||Claudio Bellolifirstname.lastname@example.org||Cisco Intersight is a cloud operations platform that consists of optional, modular capabilities of advanced infrastructure, workload optimization, and Kubernetes services. Cisco Intersight infrastructure services include the deployment, monitoring, management, and support of your physical and virtual infrastructure.|
|Cisco Systems, Inc.||Cisco Cloud Email Security||Active||SaaS||Moderate||0||Coalfire Systems||Claudio Belloliemail@example.com||Cisco SecureX is a cloud-native, built-in platform that connects Cisco Secure Email to the rest of the Cisco Secure Portfolio as well as 3rd party solutions. The broadest, most integrated platform on the market, SecureX removes bottlenecks that currently hinder convoluted security workflows.|
|Cisco Systems, Inc.||Cisco SecureX||Active||SaaS||Moderate||0||Coalfire Systems||Claudio Bellolifirstname.lastname@example.org||Cisco SecureX is the broadest, most integrated security platform that connects the breadth of Cisco's integrated security portfolio and the customer's infrastructure for a consistent experience. It unifies visibility, enables automation, and strengthens your security across network, endpoints, cloud, and applications--all without replacing your current security infrastructure or layering on new technology.|
|Cisco Systems, Inc.||Cisco Smart Licensing||Active||SaaS||Moderate||0||Coalfire Systems||Claudio Belloliemail@example.com||Smart Licensing is a cloud-based, software license management solution that enables you to automate time-consuming, manual licensing tasks. ... Smart Licensing offers you Cisco Smart Software Manager, a centralized portal that enables you to manage all your Cisco software licenses from one centralized website.|
|Cisco Systems, Inc.||ThousandEyes||Active||SaaS||Moderate||0||Coalfire Systems||Claudio Bellolifirstname.lastname@example.org||ThousandEyes integrates monitoring and visualization of device health, end-to-end network paths and the performance of your internally hosted and cloud applications in one place. Identify critical dependencies in your internal network and monitor how device health impacts application performance.|
|Duo Security||Duo Federal||Active||SaaS||Moderate||0||Coalfire Systems||Minh Tranemail@example.com||Duo’s Federal Editions can verify the identity of users with secure and easy to use two-factor authentication methods that helps public sector entities satisfy NIST 800-63-3 and 53/63/171 authentication requirements. This complete security solution prevents modern attackers that often target multiple areas - including credential theft and the exploitation of known software vulnerabilities affecting outdated software versions.|
|Mimecast Ltd.||Mimecast Federal Grid||Active||SaaS||Moderate||0||Schellman and Company, LLC||Harvey Sealefirstname.lastname@example.org||Mimecast Federal Grid is a set of cloud services designed to provide next generation protection against advanced email-borne threats such as but not limited to malicious URLs, malware, impersonation attacks, as well as internally generated threats.|
|SAP National Security Systems||Commercial Regulated Environment (CRE)||Active||SaaS, PaaS||Moderate||0||Forterum||Penny Kleinemail@example.com||SAP NS2 Commercial Regulated Environment (CRE) includes a suite of intelligent applications and experience management tools. Our intelligent suite includes applications for managing the operational transactions, HR and people management, analytics, and other innovative capabilities. The applications are integration-ready, include embedded intelligence, and offer a consistent and intuitive user interface.|
|Secure Code Warrior Inc.||Secure Code Warrior Learning Platform||Active||SaaS||Low||0||A-Lign||Dimithri Liyanagefirstname.lastname@example.org||Secure Code Warrior Training and Learning Platform - We guide each coder along their own preferred learning pathway, so that security-skilled developers become the everyday superheroes of our connected world. We succeed through a human approach that uncovers the secure developer inside of every coder - helping development teams ship quality code faster, so they can focus on creating amazing, safe software for our world.|
|Sophos||Sophos Intercept X||Active||SaaS||Moderate||0||A-Lign||Joe Donahueemail@example.com||Sophos Intercept X is the world’s best endpoint protection. It stops the latest cybersecurity threats with a combination of deep learning AI, anti-ransomware capabilities, exploit prevention and other techniques.|
|Terida, LLC||The Terida RegTech Framework - CLASsoft™||Active||SaaS||Moderate||1||Kratos||Teri Princefirstname.lastname@example.org||North Carolina Military Business Center||The Terida RegTech Framework - CLASsoft™ is a cloud-based e-operations (business, government, finance, insurance, legal, health, defence / defense) solutions to receive, manage, track, monitor, analyze, evaluate, resolve and audit registrations, applications, users, communications, claims, cases, files, forms and documents
With CLASsoft™ all information collected and processed, and their chain of custody and access, are:
secured, managed and protected for the term(s) necessitated by rules, regulations, laws, and evidentiary, audit and risk standards, and operational requirements.
|Workday||Workday Government Cloud||Active||SaaS||Moderate||0||Coalfire Systems||Leigh Ann Montgomeryemail@example.com||Workday is a provider of enterprise applications for financial management, human capital management, planning, and analytics. Workday Government Cloud is a multi-tenant public cloud-based offering for U.S. federal, state and local government customers, as well as U.S. government contractors, and Federally Funded Research and Development Centers (FFRDCs). It comprises the following enterprise management cloud applications: Workday Core Financial Management, Projects, Project Billing, Expenses, Procurement, Inventory, Grants Management, Human Capital Management, Cloud Connect for Benefits, Payroll for the United States, Cloud Connect for Third-Party Payroll, Time Tracking, Recruiting, Prism Analytics, and Student. Also available is Workday Success Plans, a subscription-based success package that provides education, tools, and expertise to help agencies maximize their use of Workday.|
|ZibaSec||PhishTACO||Active||SaaS||Moderate||0||Coalfire Systems||Julie Davilafirstname.lastname@example.org||ZibaSec PhishTACO is a cloud-based SaaS solution that enables organizations of all sizes to accurately assess their risk levels using sophisticated email phishing campaigns.|
|Zscaler||Zscaler Internet Access - Government (Secure Web Gateway - vTIC)||Active||SaaS||High||1||Schellman and Company, LLC||Bradley Josephsemail@example.com||State of Arizona Department of Homeland Security||Zscaler Internet Access delivers your security stack as a service from the cloud, eliminating the cost and complexity of traditional secure web gateway approaches.|
|Quzara, LLC||Cybertorch||Active||SaaS, PaaS||High||0||Schellman and Company, LLC||Saif Rahmanfirstname.lastname@example.org||Quzara Cybertorch™ (Cybertorch) is a Managed Detection and Response (MDR) Platform providing Soc-As-A-Service (SocaaS). The system is intended solely for use by United States Federal, State, Local, and Tribal Governments, Government Consultants, and Federally Funded Research and Development Centers (FFRDC) (referred to throughout the following sections as “customers”) delivered through a Government Community Cloud Deployment Model.
Cybertorch delivers Managed Vulnerability Management and Security Monitoring solutions and services. The security monitoring capabilities extend to cloud, datacenters, on-premises, IoT, OT signals converging to a single correlation, aggregation and analysis fusion capability driven and built on Zero trust principles, purpose-built to FedRAMP HIGH and DoD Security Requirements Guide (SRG).
These services are delivered through a Platform which leverages components of Software-as-a-Service (SaaS) and
Platform-as-a-Service (PaaS) as defined in NIST SP 800-145 (NIST Definition of Cloud Computing. Cybertorch services and security architecture are based on Zero Trust Architecture principles described in NIST SP 200-207 (Zero Trust Architecture) for Enclave-based deployments and Enhanced Identity Government. Further, concepts of control plane and data plane are used throughout the architecture to segregate and isolate customers data.
Building on these security and trust architecture concepts, Cybertorch’ s unified platform allows the delivery and support of full end to end security coverage utilizing in-house security analysts along with Artificial Intelligence engines. Cybertorch provides managed Security Operations Services providing prevention, detection, and remediation services for the Customer.
Cybertorch is supported by an enterprise-class cloud computing architecture that is delivered on the Government regions of Azure Infrastructure-as-a-Service (IaaS) platform.
Security Status Categories
To be verified, the provider must meet minimum security requirements and provide an independent audit conducted by a third party assessing organization (3PAO). StateRAMP recognizes three verified statuses, including Ready, Provisional, and Authorized. Ready meets minimum requirements; Provisional exceeds minimum requirements and has a government sponsor; Authorized satisfies all requirements and has a government sponsor. To ensure ongoing security compliance and risk mitigation, providers must comply with continuous monitoring requirements to maintain a verified security status.
StateRAMP recognizes offerings in the process of working toward a verified offering. To be listed in progress, the provider must be engaged with a third party assessing organization (3PAO) for an independent audit. The progressing statuses include Active, In Process, and Pending. Active is working toward Ready; In Process is working toward Authorized; Pending has submitted a security package to the Program Management Office (PMO) and is awaiting a determination for a verified status.