Authorized Product List - StateRAMP (original) (raw)

Grouper Plus Content Services (GPCS)

Authorized

SaaS

Moderate

2024-01-24

Coalfire

Jeanette Beaudry

3M Grouper Plus Content Services (GPCS) provides reliable, secure processing of patient claims and other coded data in the cloud. The web-based delivery system hosts a selection of classification and reimbursement content users need to group, edit and calculate reimbursement of claims.
The system is responsible for processing markup language (machine readable) grouping, editing, and reimbursement claims over the internet through a secured channel and processing them for customers. There are multiple content versions and interface versions supported for backwards compatibility. The system includes an interface managing users, payment processing schedules, and interactive claims processing.

Cloud Services,Content Collaboration,

Actsoft, Inc

Workforce Manager for Government

Authorized

SaaS

Moderate

2023-04-18

A-Lign

James Armstrong

jarmstrong@actsoft.com

StateRAMP Approvals Committee

Workforce Manager for Government is a fully integrated platform, which facilitates the business needs of an Agency with mobile employees. On top of robust features such as Wireless Forms, Timekeeping, Job Dispatching, and GPS Tracking, customers with vehicles can leverage the solution’s fleet components to monitor vehicle activities like stop times, idling, driver behavior, score cards, and telematics.
This intuitive, yet flexible solution addresses key market challenges such as ease of use, data collection, mobile resource management, implementation costs, worker compliance and overall accountability. The synergy of tools in Workforce Manager for Government brings customers greater efficiency and productivity gains by automating and streamlining processes that help them save time, reduce labor costs, and lower vehicle-related expenses such as fuel and maintenance. Government Customers benefit from an easily deployable solution that provides a significant return on investment.
Workforce Manager for Government is equipped with enterprise-grade workforce management tools that are typically only found in high-priced business applications, making it affordable and accessible to all Government Agencies. This approach provides Government customers with a solution that delivers relevant information about daily field operations, helping agencies craft new business strategies to save both time and money.

Anthology

Finance and Human Capital Management

Authorized

SaaS

Moderate

2024-06-24

A-Lign

Michael Ball

michael.ball@anthology.com

A feature-rich program that brings together finance and Human Capital Management in one solution to help you focus on your learners. Modules include: General Ledger, Faculty and Program ROI, Fund Source Management, Budgeting, and Human Resource Management

Anthology

Occupation Insight

Authorized

SaaS

Moderate

2024-04-25

A-Lign

Michael Ball

michael.ball@anthology.com

Anthology Occupation Insight aligns academic programs and student skills with the needs of the marketplace. Anthology’s career readiness and workforce analytics tool improves students’ preparation for their future careers.

Learning Management System,

Anthology

Anthology Reach

Authorized

SaaS

Moderate

2024-08-20

A-Lign

Michael Ball

michael.ball@anthology.com

Anthology Reach is a solution for reaching across campus, from admissions to student success to alumni engagement. It guides and encourages an individual along their experience with the institution. The experience becomes a collection of interactions, building the unique story that each person’s journey tells. Institutions use those interactions, combined with the data gathered, to strengthen connections with their community in a personalized way. With powerful insights from that data, institutions can be strategic and agile in making the decisions that make a difference in bringing in the next class, driving retention initiatives, and meeting advancement goals. Anthology® Reach combines Anthology’s deep CRM solutions expertise with Microsoft’s application and cloud infrastructure to deliver a system of intelligence for higher education.

Customer Management and Experience Solutions,

Anthology

Anthology Student Verification

Authorized

SaaS

Moderate

A-Lign

Michael Ball

michael.ball@anthology.com

Anthology Student Verification helps students and staff navigate the crucial but potentially burdensome world of financial aid verification. With smooth integration into any SIS and a straightforward setup, our tool simplifies and manages workflows to keep your students focused on learning and staff focused on allocating aid.

Appian

Authorized

PaaS

Moderate

2023-01-05

Coalfire

Appian FedRAMP/StateRAMP Team

fedramp@appian.com

StateRAMP Approvals Committee

Appian software is delivered to the Appian Cloud through a Platform-as-a-Service (PaaS) model and leverages cloud-native robotic process automation (RPA), simplifying control management and reducing overhead for customers. Government agencies should consider the Appian Government Cloud (at Impact Level 5) for critical acquisitions, case management and logistics, especially when process and business rule complexities are high. The Appian Low-Code Platform unifies the key capabilities needed to get work done faster.

Authorium

Authorium Systems

Authorized

SaaS

Moderate

2024-07-19

Schellman & Company

Chris Mayhew

Chris.mayhew@authorium.com

StateRAMP Approvals Committee

Authorium's cloud-based, no-code platform for Document Process Automation radically reduces the time it takes to develop complex document sets that form the backbone of government processes for procurement, contracting, grants, and budgeting. With built-in project management tools, powerful collaboration capabilities and easy integration with existing government systems, Document Process Automation speeds up the fundamental processes of procurement, contracting, grants, and budgeting by 50-70%.

BetterUp, Inc.

BetterUp For Government (BUFG)

Authorized

SaaS

Moderate

2024-06-27

Schellman & Company

Eva Pellegrini

eva.pellegrini@betterup.co

StateRAMP Approvals Committee

BetterUp For Government (BUFG) is a Software as a Service (SaaS), web-based application, 1-on-1 coaching platform for government employees. BUFG provides government employees with access to a certified professional coach to focus on achieving personal and professional goals. BUFG provides government leaders with near real-time insights into emerging behavioral trends across their workforce through the Partner Analytics Dashboard (PAD), and it does so in a way that maintains the individual privacy of BetterUp program participants.

BlackBerry

BlackBerry Cloud - AtHoc Services for Government (ACSforGov)

Authorized

SaaS

Moderate

2021-12-13

2022-05-20

Kratos

Rashad Munawar

rmunawar@blackberry.com

StateRAMP Approvals Committee

BlackBerry’s AtHoc is a networked crisis communication platform enabling corporations and government agencies to communicate and collaborate securely with their personnel and with other organizations through multiple devices during times of crises. BlackBerry’s AtHoc platform addresses critical communications needs including: Account: AtHoc Account enables real-time visibility into location and status for effective personnel accountability and crisis handling before, during, and after emergencies. This integrated approach to personnel accountability enables inputs from managers about their team, call center operators, data streams from HR and travel systems, as well as self-reporting by individuals. Alert: AtHoc Alert provides a comprehensive crisis communication solution that unifies all channels and devices, empowering organizations, people, and communities to collaborate during critical events. AtHoc’s flexible deployment options safeguards important personal information and enables enterprise-level command and control. Connect: AtHoc Connect empowers organizations to create their own permission-based network to establish interoperable communication and information sharing with organizations in their community. Collect: AtHoc Collect empowers your personnel in the field to be the "eyes and ears" of the operations center. AtHoc Collect enables on-scene personnel to report events, work progress, along with rich geo-tagged media that are worth a thousand words.

BlackBerry

BlackBerry CylanceProtect & CylanceOptics

Authorized

SaaS

Moderate

2022-01-10

2022-06-29

Booz Allen Hamilton

Rashad Munawar

rmunawar@blackberry.com

StateRAMP Approvals Committee

BlackBerry’s CylanceProtect redefines what antivirus (AV) can and should do for your organization by leveraging artificial intelligence to detect and prevent malware from executing on your endpoints in real time. By taking a mathematical approach to malware identification utilizing patent-pending, machine learning techniques instead of reactive signatures and sandboxes, BlackBerry’s CylanceProtect renders new malware, viruses, bots and unknown future variants useless. BlackBerry’s CylanceProtect has developed the most accurate, efficient and effective solution for preventing advanced persistent threats and malware from executing on your organization’s endpoints. At the core of BlackBerry’s CylanceProtect unprecedented malware identification capability is a revolutionary machine learning research platform that harnesses the power of algorithmic science and artificial intelligence. It analyzes and classifies hundreds of thousands of characteristics per file, breaking them down to an atomic level to discern whether an object is “good” or “bad” in real time. BlackBerry’s CylanceOptics, part of the prevention-first BlackBerry’s CylanceProtect Security Platform, is an artificial intelligence (AI) driven endpoint detection and response (EDR) solution designed to extend the prevention delivered by BlackBerry’s CylanceProtect through root cause analysis, scalable threat hunting, and automated threat detection and response without increasing costs or security team workloads. BlackBerry’s CylanceProtect and BlackBerry’s CylanceOptics are managed through a single web interface within the FedRAMP boundary, and both capabilities are included in the BlackBerry’s CylanceProtect and CylanceOptics cloud service offering.

Blackboard

Blackboard Learn SaaS GovCloud

Authorized

SaaS

Moderate

2023-03-27

A-Lign

Andrew Keeney

andrew.keeney@blackboard.com

StateRAMP Approvals Committee

Blackboard's Learn SaaS solution offers government and military agencies next-generation online, social and mobile tools that create a continuous learning environment, built around peer-to-peer interaction, content, and discussions

Boomi

AtomSphere

Authorized

SaaS

Moderate

2023-12-18

A-Lign

Erika Fry

tech.compliance@boomi.com

Boomi AtomSphere is a cloud-native integration Platform-as-a-Service (iPaaS) technology that lets you connect everyone to everything. The Boomi SaaS AtomSphere Platform solves the needs of our government customers with end-to-end capabilities by integrating applications, systems, and connecting people.

Box, Inc.

Box Enterprise Cloud Content Collaboration Platform

Authorized

SaaS, PaaS

Moderate

2022-05-19

2024-05-15

Schellman & Company

Tom Cowles

compliance@box.com

Los Angeles City Employees' Retirement System (LACERS)

The Box Enterprise Content Cloud Collaboration Platform enables business to easily share, manage and secure their content. In today’s mobile-first, cloud-first world, providing employees with secure access to content at any time using any device is critical to creating a more productive, connected workforce and improved customer experiences. Beyond secure file sharing, Box enables easy access to content and collaboration tools from any device with the security, scalability and administrative controls that IT requires.

Casepoint LLC

Casepoint Government Ediscovery

Authorized

SaaS

High

2024-09-17

Schellman Compliance, LLC.

StateRAMP Approvals Committee

Casepoint is a data discovery platform for legal, investigatory, compliance, and IT teams who struggle to get actionable insights for data-centric business processes like eDiscovery, investigations, and information requests. Casepoint empowers leading corporations and government organizations to reduce costs, lower risk, and improve time-to-insight. Casepoint’s easy-to-use AI-powered platform is purpose-built for organizations that require the highest level of security and scalability to meet the evolving demands of the modern data landscape. Casepoint Government is delivered as a SaaS offering using a multi-tenant government-only cloud computing environment and is used by government agencies to meet their complex needs, including:
• Legal Hold
• Regulatory Enforcement / Investigations
• Litigation (eDiscovery)
• FOIA / PRR
• Congressional Inquiries
• Legal Data Storage
• Task / Case Strategy and Management
The Casepoint Government platform includes Casepoint Legal Hold, Casepoint eDiscovery, Casepoint FOIA, Casepoint Filestore, APIs for cloud collections, task management, and an app builder. Casepoint Government provides agencies with the capabilities needed to manage large volumes of data in litigation, investigations, congressional inquiries, and FOIA requests, including cloud-based collections, processing, culling, review, and highly customizable productions. It also offers built-in artificial intelligence and analytics with advanced tools for predictive analysis, search, and data visualization.

CBORD

CBORD Online Transaction Processing

Authorized

SaaS

Moderate

2024-08-21

Securisea

Josh Elder

jle@cbord.com

NetMenu: NetMenu includes the following modules: CBORD Fusion, NetMenu Planner, NetMenu TrayCard, NetMenu Tray Ticket, Selective Dining, Mobile Inventory, CBORD Patient, Room Service Choice, NetMenu Floor Stock, CBORD C-Store, CBORD Data Analytics, CBORD Hub, NetNutrition, NetRecipe, Tray Logistics, Menu Display Interface (MDI); and its customer-branded applications: Horizon School Technology (HST) Back of House (BOH), BluePrint Menu Management System®, Cycle Menu Management®, Sysco® eNutrition, NetIMPAC, and Menu Wizard+. NetMenu provides an integrated food production, inventory management, and menu planning solution to support retail and patient nutrition. Electronic vendor integration and integration into CBORD customer accounts payable, general ledger, and point-of-sale software allow CBORD customers to leverage current systems when interfacing with NetMenu.

GET: GET serves as a centralized, cloud-based platform tailored for organizations utilizing the CBORD card/cashless system, aimed at elevating the quality of service provided to their patrons, expanding patron engagement with the cashless program, and driving user involvement and revenue growth. GET offers an integrated experience that aligns with the expectations of today's students, particularly within the ever-evolving mobile landscape through the CBORD platform. Within the GET platform, users have access to real-time balance information, transaction history, the capability to report a lost or found card, and the convenience of making deposits using a credit card. Furthermore, GET's core features encompass food ordering, virtual card payment, mobile access, and a loyalty system. GET also supports integration with campus authentication systems and e-commerce merchant accounts for the acceptance of credit card payments.

Odyessy Direct: Through Odyssey Direct, university clients have the ability to establish a comprehensive suite of services linked to a customized campus credential. This encompassing suite includes services such as card printing and credential management, photo capture, management of meal plans, debit and credit accounts, point-of-sale transactions for dining and retail, attendance tracking, as well as eligibility verification. Furthermore, the use of campus card payments is seamlessly integrated into various aspects of university life. These payment capabilities extend to dining services, vending machines, laundry facilities, photocopying and printing services, parking facilities, university bookstores, e-commerce platforms, and even select off-campus dining establishments. A dedicated mobile application ensures round-the-clock accessibility, empowering university students with access to their account information and service details. Beyond the administrative aspects of managing their campus card account, students can leverage this application to peruse dining menus, place food orders, gain access to their rooms, and, when necessary, employ it for identification purposes.

CGI

CGI US Cloud

Authorized

IaaS

Moderate

2023-06-06

Kratos

Patrick Zientek

patrick.zientek@cgi.com

State of Arizona Department of Homeland Security

CGI GTO delivers centralized, highly secure and fully managed solutions specifically designed to support state and local government needs.

CGI

CGI Advantage Cloud

Authorized

SaaS

Moderate

2024-09-10

A-Lign

Rosemary Milliken

rosemary.milliken@cgi.com

State of Arizona Department of Homeland Security

CGI Advantage Cloud is a unified multi-tenant SaaS ERP solution that is designed, built, and optimized for the public sector. Our solution provides financial management, procurement, grants, human capital management, payroll, labor cost distribution, time and leave, budgeting, and advanced analytics capability that addresses the public sector’s most complex requirements out of the box. Advantage Cloud requires minimal workarounds or extensions associated with dual-use ERP systems that are built for private sector and then overlaid with public sector features.

Cisco Systems, Inc.

Umbrella for Government

Authorized

SaaS

Moderate

2024-01-22

Coalfire

James Huang

jamhuan2@cisco.com

Cisco Umbrella for Government is a Cloud driven Secure Internet Gateway that provides protection from Internet based threats, for users wherever they go. Umbrella’s network is capable of processing billions of requests per day, analyzing and learning internet activity to determine where attacks are being staged, so it can block requests to unwanted and malicious destinations before a connection is even established.
Cisco Umbrella for Government is a SaaS environment hosted on AWS GovCloud providing Cisco Umbrella services to government customers. Umbrella services hosted within Cisco Umbrella for Government are based on Cisco product lines available to end customers. The Cisco Umbrella for Government environment is designed and operated based on security compliance and operations best practice by automating the build and operational processes as much as possible using Infrastructure as Code (IaC), CIS benchmarks, vulnerability scanning, continuous monitoring of critical security controls and a managed system development process to obtain initial and continuous FedRAMP Moderate Approval to Operate (ATO). With the initial ATO, Cisco will be launching DNS-layer-security initially, GovDNS: DNS-layer security helps protect customers users on and off the network by stopping threats over any port or protocol before they reach customer network or endpoints. This will be followed by Secure Web Gateway, Cloud delivered Firewall, CASB, and DLP features.
Cisco Umbrella for Government is hosted within AWS GovCloud as the Cloud Service Provider (CSP) which assures product lines are maintained in a secure and trusted environment. Umbrella for Government boundary includes the Production environment consisting of virtual compute, storage, databases, and internal management web applications. Umbrella for Government’s external Identity Provider (IdP) Okta (IDaaS Regulated Cloud) is used in tandem with AWS IAM supporting Single Sign-on (SSO) services. Duo Federal is used for multifactor authentication (MFA).
Cisco Umbrella for Government meets GovCloud Moderate requirements with specific categorization of Moderate Confidentiality, Moderate Integrity, Moderate Availability (M-M-M) with no privacy data overlay based on the FedRAMP Federal Information Processing Standard (FIPS) 199 Categorization Template. Cisco Umbrella for Government is designed with defense-in-depth protection for hosted applications and workloads using network filtering, multifactor authentication, transport layer security, data-at-rest protection, near real time audit collection and analysis, intrusion detection, vulnerability analysis and system backups.

Application Security,Cloud Security,Network Security,

Cisco Systems, Inc.

Cloudlock

Authorized

SaaS

Moderate

Coalfire

James Huang

jamhuan2@cisco.com

Cisco Cloudlock is the cloud-native Cloud Access Security Broker (CASB) that helps accelerate use of the cloud. Cisco Cloudlock secures your cloud users, data, and apps, combating account compromises, data breaches, and cloud app ecosystem risks, while facilitating compliance through a simple, open, and automated API-driven approach. Cisco Cloudlock is a simple, open, and automated solution that combats cloud account compromises, malicious insiders, data breaches, compliance violations, and cloud app ecosystem risks. With crowd-sourced security analytics across billions of data points, advanced machine learning, and the data scientist-led CyberLab, Cisco Cloudlock provides actionable cybersecurity intelligence that provides visibility and control over the most critical cloud security risks.
Cloud User Security: Cross-platform User and Entity Behavior Analytics (UEBA) for SaaS, IaaS, PaaS, and IDaaS environments leverages advanced machine learning algorithms to detect anomalies. Cloudlock can also detect activities outside of whitelisted countries and actions across distances at impossible speeds. **Cloud Data Security:** Cloud Data Loss Prevention (DLP) continuously monitors cloud environments to detect and secure sensitive information through countless out-of-the-box policies as well as highly-tunable custom policies. Automated response actions can remediate risk in the event of a policy violation, including end-user notifications, encryption, transfer of ownership, quarantine, and more.
Cloud App Security: The Cisco Cloudlock Apps Firewall discovers cloud apps connected via OAuth to your corporate environment, and provides a crowd-sourced Community Trust Rating for individual apps, as well as the ability to ban or whitelist them based on risk profile and access scope, increase employee awareness with email alerts, and revoke apps in bulk across the entire user base.

Application Security,Cloud Security,Network Security,

Cisco Systems, Inc.

Duo Federal

Authorized

SaaS

Moderate

2024-01-22

Coalfire

James Huang

jamhuan2@cisco.com

Duo’s Federal Editions can verify the identity of users with secure and easy to use two-factor authentication methods that helps public sector entities satisfy NIST 800-63-3 and 53/63/171 authentication requirements. In addition to verifying users’ identities, Duo’s solution checks the security health of every device authenticating into the environment, at the time of access. Admins can use Duo to enforce stricter device and application access policies, such as blocking login requests based on location or anonymous networks. Duo ensures only trusted users and devices can access protected applications. This complete security solution prevents modern attackers that often target multiple areas - including credential theft and the exploitation of known software vulnerabilities affecting outdated software versions.

Access Management,Identity and Access Management,

Cisco Systems, Inc.

Catalyst SD WAN

Authorized

SaaS

Moderate

2024-08-20

Lazarus Alliance

James Huang

jamhuan2@cisco.com

StateRAMP Approvals Committee

Cisco Catalyst SD-WAN for Government (SDWAN-G), powered by Cisco Viptela/IOS XE, is a highly secure, cloud-scale architecture that is open, programmable, and scalable. All vetted and monitored through the rigorous FedRAMP authorization process. Use it to connect data centers, branches, campuses, and colocation facilities to improve network speed, security, and efficiency. Cisco Catalyst SDWAN-G is a cloud-delivered overlay WAN architecture connecting branches to data centers and multi-cloud environments through a single fabric and single pane of glass. Cisco Catalyst SDWAN-G helps ensure a predictable user experience for applications optimized for SaaS, IaaS, and PaaS connections. Comprehensive on-premises and cloud-based security protect against cyberthreats while enabling IT teams to accelerate the transition to a Secure Access Service Edge (SASE) architecture where and when it is needed.
Cisco Catalyst SD-WAN Government (SDWAN-G) is owned, operated, and supported directly by Cisco for use in government offerings, providing the following capabilities:
- Enhanced Visibility: Extend your network visibility and observability with our core government self-service portal. You'll gain actionable insights to help you transform network operations from reactive to highly proactive model.
- Right Security, Right Place: On-premises or cloud-based security with secure SDWAN-G helps to accelerate the transition to a secure access service edge (SASE) architecture where and when it's needed.
- Operational Simplicity: With a highly visualized interface and intuitive user experience for simplified configuration, management, operation, and monitoring across the Cisco Catalyst SDWAN-G fabric. The Cisco Catalyst SDWAN-G solution comes with pre-configured templates to automate and expedite the deployment of most common use cases. Guided step-by-step configuration designed to intelligently expedite onboarding of new devices, and full integration of unified communication, and security into Cisco Catalyst SDWAN-G.
The Cisco Catalyst SDWAN-G solution is segregated into four planes with four key components:
Manager
- In the management plane, the Cisco Catalyst SD-WAN Manager is the centralized network management system and represents the user interface of the solution. Network administrators and operators can configure, provision, troubleshoot, and manage the entire overlay network from a simple graphical dashboard.
Validator
- In the orchestration plane, the Cisco Catalyst SD-WAN Validator automatically orchestrates connectivity between edge devices and Controllers. The Validator is largely responsible for the provisioning process as well as first-line authentication, control/management information distribution, and facilitating Network Address Translation (NAT) traversal.
Controller
- In the control plane, the Cisco Catalyst SD-WAN Controller is the component responsible for enforcing policies centrally. When branches come online, their routing information is exchanged with the Controller and not directly with other branches. The Controller works with the Validator to authenticate edge devices as they join the network and to orchestrate connectivity among the edge devices.
Edge Devices
- In the data plane, the Edge devices are responsible for establishing the network fabric and handle the transmission of data traffic. Edge devices come in multiple forms, virtual and physical, and are selected based on the connectivity, throughput, and functional needs of the site. The operating system of the Edge devices is securely developed and tested as part of Cisco’s Secure Development Lifecycle (CSDL) prior to releasing a version for the customer to deploy. In-boundary scanning of the operating system deployed with Edge devices for Cisco Catalyst SDWAN-G are scanned as part of Cisco’s continuous monitoring strategy.
Collectively, the architecture of the Cisco Catalyst SDWAN-G fabric simplifies IT operations with automated provisioning, unified policies, streamlined management to help ensure rapid updates and resolutions, advanced network functionality, resiliency, and security. From a single pane of glass, Cisco Catalyst SDWAN-G helps organizations avoid complex configurations and frequent policy changes that lead to uneven user experiences, thereby increasing overall network efficiency and reliability.

Cisco Systems, Inc.

AppDynamics

Authorized

SaaS

Moderate

2024-08-20

Schellman & Company

James Huang

jamhuan2@cisco.com

StateRAMP Approvals Committee

AppDynamics GovAPM is a software-as-a-service (SaaS) application performance monitoring (APM) solution. AppDynamics GovAPM provides end-to-end visibility into the performance of applications. AppDynamics application performance monitoring and business intelligence solutions provide organizations real-time visibility into application environments and strategic insights that drive business outcomes. By utilizing industry-leading monitoring and analytics features, IT departments can automatically identify performance anomalies and resolve issues before they impact customers or revenue streams. Our unique combination of application performance and business metrics gives enterprises the power to deliver reliable performance and a flawless customer experience.

Cisco Systems, Inc.

CISCO UNIFIED COMMUNICATIONS MANAGER CLOUD FOR GOVERNMENT (CISCO UCM CLOUD FOR GOVERNMENT)

Authorized

SaaS

Moderate

2024-09-17

Coalfire

James Huang

jamhuan2@cisco.com

StateRAMP Approvals Committee

Cisco Unified Communications Manager Cloud for Government (Cisco UCM Cloud for Government) is a complete unified communications service from the Cisco Cloud. It is built to provide government-level security so that organizations can collaborate with anyone, anywhere, on any device. The service is hosted by Cisco, sold by Cisco Powered partners. Cisco UCM Cloud for Government provides these core services:
Voice and Video Calling:Simplify with industry-leading voice and video as a service. Cisco UCM Cloud for Government provides voice and video call control and supports Cisco's newest voice and video endpoints ranging from desktop phones, immersive video rooms and mobile and desktop clients.
Voicemail and Integrated Messaging:Access messages the way you prefer from your desk phone, mobile phone, or desktop client.
Instant Messaging and Presence:Cisco Jabber lets you find the right people, see if and how they are available, and collaborate using your preferred method. Use Cisco Jabber for presence, instant messaging (IM), voice and video calling, voice messaging, desktop sharing, and conferencing.
Single App Experience:Webex for Government and Webex App allows customers to call, meet, and message on any device with a single unified application from Webex. Webex App brings together Cisco UCM Cloud for Government call control along with market leading Webex Meetings technology and advanced team collaboration capabilities including persistent messaging and file sharing.
Conferencing:Use Cisco conferencing solutions to meet and manage meetings and projects in real time, to present, share, or collaborate from anywhere, anytime, on any device.
Mobility:Cisco UCM Cloud for Government gives your mobile and remote users the freedom to be productive from anywhere, on any device. Give users one number to dial, redirect incoming calls to designated phones, move calls between a Cisco desktop and mobile phones, create personalized access lists, and give access to all your corporate collaboration features from mobile phones using Webex App or Cisco Jabber.

Cohesity

Cohesity Cloud Services for Government

Authorized

SaaS

Moderate

2024-05-23

Marlon Hughes

stateramp@cohesity.com

StateRAMP Approvals Committee

Cohesity Cloud Services for Government is a portfolio of fully-managed data
security and management offerings, including backup as a service (BaaS) for
protecting mission-critical cloud-native, SaaS, and on-premises workloads.
The multi-layered data security architecture, policy-based automation, and
global data reduction help secure and protect data, and simplify IT
operations. Flexible data retention and rapid recovery to any point in time
enable organizations to meet their demanding business SLAs and improve
ROI.

Collabware

Collabspace

Authorized

SaaS

Moderate

2024-04-02

Kratos Defense

Douglas Converse

dconverse@collabware.com

Collabspace is a highly scalable, cloud-based records and information management solution. Collabspace enables organizations to stream content from multiple repositories into a data lake for the purposes of managing content lifecycle for regulatory compliance, and to facilitate faster execution of FOIA requests processes. Collabspace employs advanced enterprise search and records management capabilities such as OCR and audio/video transcription to help categorize and analyze records for proper retention and disposition.

Document Management,Data Management,E-Discovery,

Constellation GovCloud

Authorized

PaaS

Moderate

2024-01-22

Fortreum

Jason Oksenhendler

joksenhendler@cgc.cloud

Constellation GovCloud® is a cloud marketplace where partners are able to not only accelerate StateRAMP authorization, but also accelerate their time to revenue by leveraging the same GovCloud to connect to public-sector buyers.

General Support System,

Continuum GRC, Inc.

Continuum GRC ITAM

Authorized

SaaS

Moderate

2022-02-11

2022-04-26

Sentar, Inc.

Michael Peters

michael.peters@continuumgrc.com

StateRAMP Approvals Committee

Auto-mapped standards, automated documentation, real-time status, risk & maturity. When it comes to Compliance Cartography, no one is more comprehensive, secure and automated, saving you time, trouble and money. Serving the enterprise to the start-up community. Continuum GRC is a software as a service (SaaS) product that is purpose built for users who perform audit & compliance assessments, risk assessment & risk management, governance & policy development, and all other manner of audits and assessments.

Continuum GRC modules include support for the world’s frameworks, including NIST 800-53. DoD SRG, CMMC, 800-171, 800-66, 800-30, FedRAMP, StateRAMP, CJIS, DFARS, HIPAA, ITRM, AICPA SOC 1, SOC 2, GDPR, ISO 27001, NERC CIP, EUCS, C5, PCI DSS, LADMF and hundreds of others.

In addition to pre-configured questionnaires, assessment modules, and forms, the Continuum GRC ITAM SaaS application has creation tools that provide drag-n-drop easy custom creation for system administrators to construct their own assessment modules in 26 languages. Real time reports on Compliance Status, Risk Scores, Maturity Scores, workflows, tasking records, evidence management, and historical performance helping you stay proactive; not reactive.

Use Continuum GRC to replace existing tools, templates, and manual processes in place to support internal compliance and GRC requirements. The automation of Continuum GRC reduces manual labor, complexity of and between frameworks, produces reports, SSPs, POA&Ms, graphics, dashboards, and related outputs all sustained over the entire lifecycle of the program all within a single view with a unified source for governance, risk and compliance that supercharges performance and eliminates complexity. For a complete list of features and capabilities, please visit https://continuumgrc.com/subscription-options/

Devo Technology Inc.

Devo Intelligent SIEM

Authorized

SaaS

Moderate

2024-04-18

Coalfire

Melanie Huffman

melanie.huffman@devo.com

Devo is a cloud-native logging and security analytics platform. Devo ingests logs at cloud scale, stores all logs in their native format, and allows the customer to query the data immediately upon initial ingesting. Devo provides multiple applications on the platform including Devo Security Operations and MITRE ATT&CK Advisor allowing the customer’s SOC and IT Operations teams to leverage and collaborate on the same data. Customer-side components have not been included in the FedRAMP authorization process. Note: Client-side data and logging tools such as the Devo Relay, Devo Endpoint Agent, or third-party tools are excluded from the FedRAMP Authorized security boundary however, Devo specific client-side tools will be included within the boundary as part of an upcoming material change.

Network Security,Cloud Security,Application Security,Security Information and Event Management,Incident Response and Management,Data Management,

DocuSign

DocuSign Federal (eSign)

Authorized

SaaS

Moderate

2023-07-05

Schellman & Company

Rainer VillaMercado

rainer.villamercado@docusign.com

State of Arizona Department of Homeland Security

DocuSign is a San Francisco- and Seattle-based company that provides electronic signature technology and Digital Transaction Management services to facilitate electronic exchanges of contracts and signed documents. DocuSign’s features include authentication services, user identity management and workflow automation. Signatures processed by DocuSign are comparable to traditional signatures based on the product's compliance with the ESIGN Act as well as the European Union’s Directive 1999/93/EC on electronic signatures. DocuSign eSign for government entities is operated and managed as a government community cloud and provides government customers with an enterprise signing service to facilitate paperless workflow management.

DocuSign

DocuSign CLM

Authorized

SaaS

Moderate

2023-07-05

Schellman & Company

Rainer VillaMercado

Rainer.Villamercado@docusign.com

State of Arizona Department of Homeland Security

DocuSign CLM is a secure contract lifecycle management product in DocuSign's Agreement Cloud. DocuSign CLM manages contracts in addition to all other types of documents across desktop, mobile, and partner applications like Salesforce. DocuSign CLM goes beyond standard document and contract management with advanced workflows that automate manual tasks and complex processes to speed time-to-revenue. Businesses use DocuSign CLM to optimize collaboration and processes across internal departments, as well as with prospects and customers.

Druva Inc.

Druva inSync

Authorized

SaaS

Moderate

2023-03-28

Coalfire

Balaji Kalyanasundaram

balajik@druva.com

StateRAMP Approvals Committee

Druva inSync is a fully automated enterprise class endpoint protection solution offered as a Software-as-a-Service (SaaS). Powered by state-of-the-art technology from AWS, Druva inSync offers elastic, on-demand storage that can grow to accommodate any number of users and data.
Full administrative control over Druva inSync is provided via a secure Web-based administrator control panel over HTTPS.
Druva inSync offers cloud native backup and data protection solutions for information stored on endpoints and in cloud applications. Druva inSync allows immediate access to back up files and folders across all devices and SaaS application like O365.
Druva inSync is hosted in Amazon AWS GovCloud Region, which delivers a highly scalable cloud computing platform with high availability, dependability and flexibility.

Dynatrace

Dynatrace for Government

Authorized

SaaS

Moderate

2022-07-26

2022-11-30

Schellman and Company, LLC

Willie Hicks

willie.hicks@dynatrace.com

State of Michigan

Dynatrace exists to make software work perfectly. Our platform combines broad and deep observability and continuous runtime application security with advanced AIOps to provide answers and intelligent automation from data. This enables agencies to modernize and automate cloud operations, deliver software faster and more securely, and ensure flawless digital experiences.

e-Builder - A Trimble Company

e-Builder Enterprise Government Edition

Authorized

SaaS

Moderate

2024-05-28

Schellman & Company

Jim Beckner III

jim_beckner@trimble.com

e-Builder is a cloud-based construction program management solution for capital projects that delivers trusted insight into performance across the entire project lifecycle. Facility owners improve project outcomes by streamlining business processes and centralizing project information. Business intelligence provides on-demand forecasts for informed decisions, improved change control, and fewer unwanted surprises. Designed to help facility owners and those who act on their behalf throughout the entire construction lifecycle, e-Builder Enterprise combines capital planning, cost management and controls, process automation, reports and dashboards, scheduling, document management, and resource management in one integrated suite. Established in 1995, e-Builder’s software manages critical project data through the planning, design, procurement, and construction phases. With a focus on collaborative communication, e-Builder features solutions that offer various levels of user accessibility, report generation, and a configurable dashboard.

Everlaw

Authorized

SaaS

Moderate

2024-04-26

Kratos Defense

Angela Kovach

federal@everlaw.com

StateRAMP Approvals Committee

Everlaw helps legal teams and government agencies navigate the increasingly complex ediscovery landscape to chart a straighter path to the truth. With Everlaw, government agencies of all sizes are able to transform their approach to discovery, litigation, investigations, compliance, and FOIA/Public Records Requests. Combining speed, security, and ease-of-use in a unified discovery platform, cross-functional legal teams are empowered to investigate issues more thoroughly, uncover truth more quickly, and present their findings more clearly. Built natively on AWS GovCloud (US), Everlaw is committed to innovation and future-proofing agencies against emerging data types and other fluctuating needs. Founded in 2010 and based in Oakland, California, Everlaw’s mission is to promote justice by illuminating truth.

Genesys

Genesys Cloud CX

Authorized

SaaS

Moderate

2023-11-29

A-Lign

Richard Brown

rich.brown@genesys.com

Genesys Cloud CX is a suite of cloud services for enterprise-grade communication, collaboration, and contact center management. Genesys Cloud CX provides the ability to securely communicate with customers over a range of channels, including voice, text, and video conference. Genesys Cloud CX can also integrate seamlessly with customer call center systems to provide visibility into customer interactions with existing communication channels. To provide additional functionality, Genesys Cloud CX allows customers to enable third-party integrations through AppFoundry, a Genesys marketplace of integrations supported by the Genesys Cloud CX application. Users of the application can also leverage self-service tools that provide speech-enabled Interactive Voice Response (IVR), voicebots, and chatbots, as well as tools to enhance workforce engagement management (WEM). These tools allow users to optimize Genesys Cloud CX for their unique requirements. A microservices-based architecture and API-first development supports rapid deployment and highly configurable components within the Genesys Cloud CX system.

Google

Google Services

Authorized

IaaS, PaaS, SaaS

High

2022-10-25

Coalfire Systems

Ashleigh Laone

stateramp@google.com

Arizona Department of Homeland Security

Google Services is comprised of Google’s multi-tenant public cloud Google Cloud Platform and built atop the Google Common Infrastructure. The Google Common Infrastructure powers Google worldwide.

Google, Inc.

Google Workspace

Authorized

SaaS

High

2024-04-08

Coalfire Systems

Ashleigh Laone

stateramp@google.com

Arizona Department of Homeland Security

Google Workspace is a cloud-based offering for enterprise and government customers. Google’s product offerings, including Google Workspace and Application Programming Interfaces (APIs), are comprised of communication, productivity, collaboration and security tools that can be accessed virtually from any location with Internet connectivity.

iboss

iboss Government Cloud Platform (IGCP)

Authorized

SaaS

Moderate

2023-07-24

NCC Group

Heath Crocker

heath.crocker@iboss.com

StateRAMP Approvals Committee

With over 4,000 customers, including the largest government, financial, insurance, energy and technology organizations, iboss enables government to reduce cyber risk by delivering a FedRAMP Authorized Zero Trust Secure Service Edge that protects resources and users from wherever they work. iboss delivers security capabilities such as SWG, malware defense, browser isolation, CASB and data loss prevention within a completely unified cloud platform to protect all resources, instantaneously and at scale. This shifts the focus from protecting buildings to protecting people and resources wherever they are located. Backed by 230+ issued and pending patents, iboss processes and secures over 150 billion daily network transactions globally, blocking 4 billion threats per day. The iboss Government Cloud Platform enables federal agencies to migrate rapidly into a Zero Trust architecture as mandated by the Presidential Executive Order on Cyber. Jump-start your transformational journey and experience the future of Zero Trust cloud security today. Visit http://www.iboss.com to learn more.

Infoblox

BloxOne Threat Defense Federal Cloud

Authorized

SaaS

Moderate

2024-04-29

Kratos Defense

Chris Carlson

ccarlson@infoblox.com

StateRAMP Approvals Committee

B1TD FedCloud is a suite of capabilities that enable organizations to defend their networks, conduct threat investigations and research, and provide rapid correlation and contextualization to minimize incident response times. B1TD FedCloud contains millions of verified indicators in vendor-agnostic formats that may be exported to facilitate detection, blocking, and containment of modern malware (e.g., Advanced Persistent Threats (APTs), ransomware, phishing, exploits) via an open application programming interface (API) and an analyst research portal.

Innovative Driven

Innovative Driven Government Cloud

Authorized

SaaS, IaaS

Moderate

2022-08-02

2022-10-04

Lunarline

Jamie Neilon

jamie.neilon@id-edd.com

Sacramento County

The Innovative Driven Government Cloud (ID Gov-Cloud) is a Software as a Service (SaaS) offering that provides secure and scalable government legal document services within a compliant cloud environment. Built on industry-leading technologies Relativity and Nuix and paired with expert consulting, agencies can leverage the full scope of eDiscovery services within one scalable platform, including (but not limited to) processing, document review, advanced analytics, assisted review, legal hold services, and production.

Every service package is within a secure and user-friendly customer interface. Government agencies also gain the added capabilities of Innovative Discovery's government project management teams and optimal workflows, benefitting from years of experience supporting complex government electronic discovery requests.

Juniper Networks

Juniper Mist

Authorized

SaaS

Moderate

2024-01-22

A-Lign

Marquel Waites

mist-security@juniper.net

Juniper Mist Government Cloud uses a combination of artificial intelligence, machine learning, and data science techniques to optimize user experiences and simplify operations across the wireless, wired, and SD-WAN branch and campus environments. Data is ingested from numerous sources, including Juniper Mist Access Points, Switches, Session Smart Routers (SSR), and Firewalls (SRX) for end-to-end insight into user experiences. These devices work in concert with Mist AI to optimize user experiences from client to cloud, including automated event correlation, root cause identification, Self-Driving Network? operations, network assurance, proactive anomaly detection, and more. Juniper also leverages Mist AI for next-generation customer support. For example, it is the foundational element behind Marvis, the industry’s first AI-driven Virtual Network Assistant, providing extensive insight and guidance to IT staff via a natural language conversational interface. As a result, Mist AI saves operators time and money with faster problem resolution and fewer onsite visits. In addition, users benefit from a network infrastructure that is more predictable, reliable, and measurable.
Marvis Virtual Network Assistant is the first virtual network assistant (VNA) purpose-built with Mist AI for enterprise WLANs, LANs, and WANs. It transforms network operations from reactive troubleshooting to proactive remediation through self-driving actions.
Juniper Wi-Fi Assurance service is based on machine learning and driven by Mist AI. It replaces manual troubleshooting tasks with automated wireless operations to make Wi-Fi predictable, reliable, and measurable, providing unique visibility into user service levels.
Juniper Mist Wired Assurance service brings Mist AI to switching. It sets a new network management standard with AI-driven operations and automation, improving the experiences of devices connected to resources through Juniper EX/QFX Series Ethernet Switches for branch and campus deployments.
Juniper Mist WAN Assurance service simplifies operations and improves visibility into end-user experiences while shortening the time to repair wired and wireless devices.
Premium Analytics offers network visibility and business intelligence to drive your digital transformation journey.

Kahua

Kahua Federal Network

Authorized

SaaS

Moderate

2023-12-06

Schellman & Company

Colin Whitlatch

cwhitlatch@kahua.com

Government, contractors and public entities use Kahua`s collaborative construction management solutions to improve efficiency, lower costs and reduce project risk throughout the lifecycle of their capital programs. Kahua’s purpose-built solutions for government, program managers and contractors enable rapid implementation that minimizes time-to-value and enhances user adoption. And with the industry’s only low-code application platform agencies can easily customize existing Kahua apps or even build their own new apps to run their programs and projects at peak efficiency today and rapidly adapt as conditions dictate.

Keeper Security Inc.

Keeper Security Government Cloud

Authorized

SaaS

Moderate

2022-11-30

A-Lign

Patrick Tiquet

patrick@keepersecurity.com

California Department of Technology

Keeper Security Government Cloud (KSGC) transforms the way government organizations protect their operations against password-related data breaches and cyberthreats including ransomware and phishing attacks. KSGC provides IT administrators with visibility, management and control over their organization’s password security, monitoring and reporting. The KSGC cybersecurity platform utilizes a zero-trust framework and zero-knowledge security architecture and integrates with on-premise, cloud and hybrid-cloud environments. KSGC utilizes granular, role-based administrative controls including delegated administration. IT Administrators can enforce critical internal control policies including password complexity, IP white listing, two-factor authentication and Data Loss Prevention (DLP). KSGC’s modern provisioning tools allow organizations to rapidly deploy cybersecurity protection to thousands of users, on all their devices, and can integrate with any identity stack including AD, LDAP, SSO (SAML), SCIM and APIs. The cybersecurity platform includes robust event logging, reporting and auditing capabilities with seamless integration with Security Information and Event Management (SIEM) systems.

Access Management,Cloud Security,

Kelmar Associates

KAPS

Authorized

SaaS

Moderate

2024-09-17

Jon Dougherty

jon.dougherty@kelmarassoc.com

Not Required

KAPS is delivered by Kelmar as a software-as-a-service solution. KAPS builds on three generations of unclaimed property systems and utilizes the latest technology advancements to provide a cost effective, highly scalable, configurable unclaimed property management solution for state governments. KAPS allows unclaimed property government agencies to automate and efficiently administer aspects of their programs utilizing a business intelligence platform that is user friendly and intuitive. KAPS provides complete on-screen capabilities to manage the entire unclaimed property process from the initial loading of reports and receipts to the ultimate payment of successful claims. KAPS features management tools for: Administrative and Workflow handling
Holder Reports
Receipts Processing
Securities
Tangible Property
Claims
Owner Outreach
Holder Compliance
and Reporting. KAPS also integrates with additional Kelmar offerings inclusive of Kelmar’s State Website Solution
Claims Fast Track Integration and Identification Verification
Kelmar’s Fraud Index and related LexisNexis® ThreatMetrix® Solution.

MapLarge, INC

MapLarge

Authorized

SaaS

Moderate

2024-09-17

Marvell Summerow

marvell.summerow@maplarge.com

Not Required

MapLarge provides software for location intelligence analysis that runs on servers either in the cloud or on premise. MapLarge user interfaces accessed by users in web browsers or native applications on any desktop of mobile device. Customers are typically large enterprises that build their own custom
solutions on top of MapLarge in a wide variety of use cases ranging from visualizing business trends, to planning flight paths, to global situational awareness for large security teams.
MapLarge supports data import, editing, visualization and alerting based on a wide variety of data sources including both flat files, real time streaming connections and numerous other industry specific like ArcGIS data connectors.
MapLarge processes customer data that may take any form supported by the product but typically has one or more location intelligence attributes like latitude and longitude or street address. Customer data can be visualized in a wide variety of ways including as maps, charts, lists, or exported as Portable Document Formats (PDFs), images or data files.

Mark43

Mark43 Public Safety Platform

Authorized

SaaS

High

2023-10-04

Kratos Defense

N/A

registrations@mark43.com

The Mark43 service offering provides a public safety CAD, RMS, analytics, and property and evidence platform. The Mark43 platform provides security and law enforcement capabilities to support functions such as situational awareness, information sharing, investigations, homeland defense, security missions, domestic emergency responses, and military support to civil authorities. Additionally, the platform provides emergency management and critical communications capabilities in support of public safety organizations, facilities, first responders, and force protection activities.

Microsoft

Office 365 Multi-Tenant & Supporting Services

Authorized

SaaS

Moderate

2024-07-22

Kratos Defense

Brian Smith

smith.brian@microsoft.com

Office 365 (O365) Multi-Tenant & Supporting Services (MT) is a product family of cloud-hosted messaging and collaboration services with non-government and government instances. These cloud-based services are designed to provide organizations with streamlined communication, high availability, comprehensive security, and simplified information technology (IT) management. O365 MT provides the interactivity of on-premises client and server applications with the flexibility and scalability of web-based services. O365 leverages Azure as the IaaS/PaaS for the underlying infrastructure and hardware. Therefore, O365 relies on Azure-inherited services. For more information on these Azure services, refer to the Azure ATO package.

Document Management,Content Collaboration,Communications Systems,Cloud Services,Cloud Security,

MicroStrategy, Inc.

MicroStrategy Cloud for Government

Authorized

SaaS

Moderate

2023-03-27

A-Lign

Samuel Petreski

spetreski@microstrategy.com

StateRAMP Approvals Committee

MicroStrategy is the world’s top-rated platform for enterprise analytics. The MicroStrategy Intelligence Platform offers a full range of trusted, modern BI experiences, and is designed to help departments and agencies build data-driven cultures and make faster, smarter decisions. Built for performance at scale, MicroStrategy delivers concrete answers to users where and when they’re needed. Foundationally, the platform offers out-of-the-box drivers and gateways for a variety of data sources, types, and formats, and APIs/SDKs which are hosted within the MicroStrategy Platform Deployed within Customer Tenant. Using the platform’s proprietary enterprise semantic graph, agencies can establish a unified, governed, secure, and reusable data model on which a variety of intelligence solutions can be built to deliver accurate, personalized, and trusted information to individual users based on each agency’s enterprise data dictionary.
The MicroStrategy Cloud for Government is a fully managed enterprise analytics solution that offers all the market-leading capabilities of the MicroStrategy Intelligence Platform on a unique Amazon Web Services (AWS) GovCloud implementation. MicroStrategy Cloud for Government features a fully optimized reference architecture built specifically for deployment in a customer-licensed AWS environment, offered as a software-as-a-service (SaaS) solution. MicroStrategy administers each unique MicroStrategy Cloud for Government environment on the behalf of each government department or agency, including steady state operations, routine application of software upgrades, robust system monitoring and alerting, and 24/7/365 technical support for priority issues. The components that directly support the MicroStrategy Cloud for Government cloud service offering are described in the subsections below.
MicroStrategy Cloud for Government is a SaaS service built on top of AWS GovCloud (US) IaaS servers. MicroStrategy utilizes AWS GovCloud (US) to provide the resources that host the MicroStrategy Cloud for Government platform and leverages the experience and resources of AWS to scale quickly and securely as necessary to meet current and future demand. MicroStrategy is responsible for designing and configuring the MicroStrategy Cloud for Government architecture within AWS GovCloud (US) to ensure that the availability, security, and resiliency requirements are met.

Motorola Solutions

Motorola Solutions Federal Cloud

Authorized

SaaS

High

Kratos Defense

MSFC Compliance Team

MSIFedRAMPCompliance@motorolasolutions.com

StateRAMP Approvals Committee

Motorola Solutions is expanding its “Mission Critical Ecosystem” which consists of a suite of software and technology that supports mission critical communications in evolving ways and that provides fast access to actionable information. The purpose of the Motorola Solutions Federal Cloud (MSFC) is to serve as the platform upon which the applications and solutions that are part of this Mission Critical Ecosystem will securely operate to provide our U.S. state and local users with enhanced capabilities. Primary to our cloud offering as our initial secure cloud application is the APX NEXT smart radio, a next-generation P25 platform purpose-built for first responders to access and act on information while maintaining focus in critical situations. The Motorola Solutions Federal Cloud enables APX NEXT and additional SaaS services to provide new Common Operating Picture (COP) capabilities to U.S. state and local users, law enforcement officers (LEOs), first responders, and public safety personnel in the field with a new ownership experience to operations and support personnel. The underlying Motorola Solutions Federal Cloud architecture is reinforced by a modern and comprehensive application of security technology. Once deployed, our cloud services production systems are monitored 24x7x365 by Motorola Solutions’ Security Operations Center using state-of-the-art Security Information and Event Management (SIEM) technology.

Communications Systems,Infrastructure,

OCLC

WorldShare Management Services

Authorized

SaaS

Low

2021-09-29

2023-12-28

Schellman and Company, LLC

Tina Price

pricet@oclc.org

OCLC is a nonprofit global library organization. Through OCLC, member libraries cooperatively produce and maintain WorldCat, the world’s most comprehensive global network of data about library collections and services.

Okta

Okta IDaaS

Authorized

SaaS

Moderate

2021-11-19

2024-09-04

Schellman and Company, LLC

Sean Frazier

sean.frazier@okta.com

State of Arizona

The Okta IDaaS Regulated package includes a number of components that may be used to provide methods of authentication and provisioning control including Okta core, Okta Mobile, Okta Verify, Okta Directory Agent, and Okta IWA Agent.

OPEXUS

eCase

Authorized

SaaS

Moderate

2023-07-24

Fortreum

Srinivas

Sristy

StateRAMP Approvals Committee

eCase is a dynamic case management and rapid application development platform that empowers professionals to elevate trust in public institutions. With secure and collaborative information and document management, robust reporting, adaptive workflows, role-based security, and comprehensive audit trail capabilities, eCase helps public sector clients automate processes, reduce costs, improve transparency, and ultimately achieve better outcomes with less risk while maintaining compliance within demanding regulatory environments. eCase and eCase COTS solutions (including FOIAXpress Correspondence, OIG Audits and Investigations, and Government Workforce Management) are FedRAMP-moderate certified PaaS/SaaS. For more information, visit opexustech.com.

Oracle

Oracle Taleo Cloud

Authorized

SaaS

Moderate

2024-07-30

Coalfire

Ben Ware

ben.ware@oracle.com

StateRAMP Approvals Committee

Oracle Taleo Cloud services are Oracle’s Software as a Service (SaaS) solution, providing a comprehensive talent management and learning service. Taleo Enterprise Edition offers a comprehensive talent management suite that spans the entire employee lifecycle and helps companies hire, manage, reward, and develop their employees with a full talent management solution for recruiting and on boarding, performance management, employee development and succession planning. Since Taleo Enterprise Edition is built on a single unified platform and delivered on demand, you can implement a single module or the full solution based on your needs. Oracle’s Taleo Learn Cloud offers an employee development and training software solution that supports the learning challenges of large complex enterprises. Taleo Learn links human resources management to learning with Talent Intelligence. The Taleo Learn Cloud Service is a solution for delivering, tracking, managing, and reporting on formal and informal learning. Users have access to learning through a single platform for online, classroom, virtual, and on-the-job training, as well as assessments, blended learning, social learning, and self-reported training. Organizations can design a tailored user experience with complete control of the user interface.

Oracle

ORACLE CLOUD INFRASTRUCTURE-GOVERNMENT CLOUD

Authorized

IaaS, Paas

Moderate

2024-06-24

Coalfire

Rico McGee

rico.mcgee@oracle.com

StateRAMP Approvals Committee

Oracle Cloud Infrastructure is a set of complementary cloud services that enable you to build and run a wide range of applications and services in a highly available hosted environment. Oracle GovCloud Infrastructure (OCI) offers high-performance compute capabilities (as physical hardware instances) and storage capacity in a flexible overlay virtual network that is securely accessible from your on-premises network.

Orca Security, Inc.

Orca Cloud Security Platform

Authorized

SaaS

Moderate

2024-07-08

Fortreum

Louis Simonen

louis@orca.security

Orca Security provides an agentless Cloud Security Platform that discovers all cloud assets, and identifies, prioritizes, and remediates risks and compliance issues across your cloud environments. The platform detects cloud risks, including vulnerabilities, malware, misconfigurations, API risks, lateral movement risks, weak and leaked passwords, and overly permissive identities. Orca deploys in minutes, provides visibility into all your assets, and automatically includes new assets as they are added.
The Orca Platform helps federal agencies and contractors achieve regulatory compliance with over 65 out-of-the-box frameworks, CIS Benchmarks, and custom compliance checks. Leveraging a Unified Data Model, Orca performs contextual analysis of all the risks in your cloud estate, uncovering potential attack paths (with references to the MITRE ATT&CK framework), enabling rapid identification of which risks present the highest danger to mission data and security objectives.

Palo Alto Networks

Government Cloud Services (GCS-High)

Authorized

SaaS

High

2024-02-28

Fortreum

Lauren Aloway

laloway@paloaltonetworks.com

State of Arizona

Palo Alto Networks Government Cloud Services (GCS-High) includes a variety of cloud-based cybersecurity offerings. As your agency moves forward in its modernization efforts, it needs trusted cybersecurity solutions that will reduce the risk of data breaches while meeting compliance. Develop a comprehensive cloud cybersecurity strategy with solutions that protect workers, data and applications from cyber adversaries and advanced threats. The following products and services make up our offering.

Cloud Identity Engine
Identity-based security controls are a foundational requirement to achieve Zero Trust. Palo Alto Networks Cloud Identity Engine is an entirely new cloud-based architecture for identity-based security that can consistently authenticate and authorize your users, regardless of location and where user identity stores live—on-premises, in the cloud, or hybrid. As a result, security teams can effortlessly allow all users access to applications and data everywhere and quickly move toward a Zero Trust security posture.

Cortex XDR
A cloud-based service providing a prevention, detection and response platform that integrates network, endpoint, and cloud data to stop sophisticated attacks. Cortex XDR leverages logs, alerts, and information from Palo Alto Networks and third-party security products. It also enforces security policies on endpoints, preventing malware and data loss. Cortex XDR correlates security alerts and network logs with the endpoint processes that generated the alerts, allowing customers to investigate security alerts, as well as search for and remotely respond to threats.

Cortex XSOAR
A comprehensive security orchestration, automation, and response (SOAR) platform that unifies case management, automation, real-time collaboration, and threat intelligence management to serve security teams across the incident lifecycle.

Cortex XSIAM
A cloud-delivered, integrated SOC platform that unifies key functions, including EDR, XDR, SOAR, ASM, UEBA, TIP, and SIEM, consolidating multiple products into a single, integrated platform. XSIAM delivers an intelligent data foundation by integrating telemetry from any source, providing unified security operations across any hybrid IT architecture.

Cortex Xpanse
An active attack surface management solution that helps your organization discover, understand and respond to unknown risks in all internet-connected systems and services. Xpanse scans the entire internet automatically and continuously, discovering and indexing previously unknown risks, using supervised ML models to continuously map your attack surface and prioritize remediation efforts, while reducing MTTR with the help of built-in automated playbooks.

Prisma Cloud
A cloud native security platform that provides comprehensive visibility, threat prevention, compliance assurance and data protection consistently across hybrid and multi-cloud environments.

Prisma Cloud Compute
A cloud-native platform that delivers cloud workload protection. Prisma Cloud Compute provides holistic protection across hosts, containers, and serverless deployments in any cloud, throughout the software lifecycle. Prisma Cloud Compute protects all workloads regardless of their underlying compute technology or the cloud in which they run. In addition, it provides Web Application and API Security (WAAS) for any cloud native architecture.

WildFire Government Cloud
An analysis and prevention engine for highly evasive zero-day exploits and malware. The cloud-based service employs a unique multi-technique approach combining dynamic and static analysis and innovative machine learning techniques to detect and prevent even the most evasive threats. It is a subscription service that works with the Palo Alto Networks Next Generation Firewalls (including VM-Series and CN-Series), Prisma Access, Prisma Cloud, Cortex XSIAM, and Cortex XDR.

Prisma Access
A Secure Access Service Edge (SASE) that provides scalable, cloud-delivered networking and security to branch offices and remote users. With Prisma Access, agencies are able to rapidly enable consistent, secure connectivity for remote locations and employees.

Prisma SD-WAN
Prisma SD-WAN enables branch services such as networking and security to be delivered from the cloud, simplifying WAN management. The controller provides deep application visibility, with Layer 7 intelligence for network policy creation and traffic engineering. It automates operations and problem avoidance using machine learning and data science methodologies.

Cloud Management
A cloud delivered management solution used by customers to manage Prisma SASE from Palo Alto Networks.

Multi-Tenant Service Provider Portal (MSP)
The MSP solution provides hierarchical multi-tenant management for customers and partners

PRISMA INSIGHTS
Prisma Insights provides a comprehensive platform for global visibility and monitoring for the Prisma Access service. It continuously monitors the health and performance of your Prisma Access environment with Insights in the Prisma Access app.

ADEM
Autonomous Digital Experience Management (ADEM) provides organizations with segment-wise insights, comprehensive visibility, and SASE-native DEM integrated with Prisma SASE, the secure foundation for agile, cloud-enabled organizations.

API Gateway
The API Gateway provides authorization services for customers and partners to leverage Palo Alto Networks RESTful API

Data Loss Prevention Data Security
Palo Alto Networks’ Enterprise DLP software-as-a-service system is a network DLP service to prevent Data Loss of sensitive data. The solution helps facilitate an organization’s data protection and compliance efforts in a simplified and cost-effective manner.

SAAS API / Inline / SSPM
SaaS Security is a solution that helps Security teams meet the challenges of protecting the growing availability of sanctioned and unsanctioned SaaS applications and maintaining compliance consistently in the cloud while stopping threats to sensitive information, users and resources. SaaS Security options include SaaS Security API, SaaS Security Inline, and SaaS Security Posture Management (SSPM).

Advanced WildFire
An analysis and prevention engine for highly evasive zero-day exploits and malware. The cloud-based service employs a unique multi-technique approach combining dynamic and static analysis and innovative machine learning techniques to detect and prevent even the most evasive threats.

APP-ID Cloud Engine - ACE
A platform that enables the firewall or Panorama to download App-IDs from the cloud for applications that do not have specific predefined App-IDs from the Palo Alto Networks content releases.

Threat Prevention
The Palo Alto Networks® Threat Prevention protects and defends your network from commodity threats and advanced persistent threats (APTs). The multi-pronged detection mechanisms include a signature-based (IPS/Command and Control/Antivirus) approach, heuristics-based (bot detection) approach, sandbox-based (WildFire) approach, and Layer 7 protocol analysis-based (App-ID) approach.

URL Filtering
URL filtering technology protects users from web-based threats by providing granular control over user access and interaction with content on the Internet. You can develop a URL filtering policy that limits access to sites based on URL categories, users, and groups.

Cortex Data Lake
Collects, normalizes, and integrates data from Palo Alto Networks products with public cloud scale.

Palo Alto Networks

Prisma Access

Authorized

SaaS

Moderate

2024-04-08

Fortreum

Lauren Aloway

laloway@paloaltonetworks.com

Prisma Access helps you deliver consistent security to your remote networks and mobile users. All your users—at headquarters, office branches, and on the road—connect to Prisma Access to safely use the internet and cloud and data center applications.

Palo Alto Networks

Government Cloud Services (GSC-Mod)

Authorized

SaaS

Moderate

2024-04-12

Fortreum

Lauren Aloway

laloway@paloaltonetworks.com

State of Arizona

Palo Alto Networks Government Cloud Services (GCS-Mod) includes a variety of cloud-based cybersecurity offerings. As your agency moves forward in its modernization efforts, it needs trusted cybersecurity solutions that will reduce the risk of data breaches while meeting compliance. Develop a comprehensive cloud cybersecurity strategy with solutions that protect workers, data and applications from cyber adversaries and advanced threats. The following products and services make up our offering.

Cloud Management
A cloud delivered management solution used by customers to manage Prisma SASE from Palo Alto Networks.

Multi-Tenant Service Provider Portal (MSP)
The MSP solution provides hierarchical multi-tenant management for customers and partners

API Gateway
The API Gateway provides authorization services for customers and partners to leverage Palo Alto Networks RESTful API

Cortex Data Lake
Collects, normalizes, and integrates data from Palo Alto Networks products with public cloud scale.

Paperless Innovations

Actus

Authorized

SaaS

Moderate

2023-05-23

Earthling Security

Michael Tocci

mike@paperless-innovations.com

StateRAMP Approvals Committee

Actus is SaaS based Compliance automation solution for P-Card Programs, including item sourcing, approvals workflows, credit card purchasing, reconciliation, and automated audit. Actus is designed according to 3 pillars: Accountability, Compliance , and Transparency.
• Accountability - Actus helps agencies paint a complete and total picture of each expense, eliminating guesswork, human error, and manual data entry tracking. • Compliance - Simplified, structured data is at the heart of compliance automation ensuring adherence to Agency policies and acquisition regulations. The Actus platform streamlines and automates oversight processes while maintaining rich transactional records for instant audit reporting. Artificial Intelligence is used to further the regulatory mission of each agency. Adoption of Actus itself satisfies and supplements Federal paperless mandate compliance as well. • Transparency - Actus utilizes dashboards enabling full visualization of all workflow processes, transactional data and documents on a need to know basis. Audit automation occurs with every download of bank transactions without requiring manual packet creation by the cardholder. Active Audit enables inspection of every detail of each purchase made within a selected time frame—in a unified, streamlined format.
P-Card Compliance Automation Features: • Custom Approval Workflows • Financial Data Capture • Full Lifecycle Spend Tracking • Cloud Storage of Reconciliation Packets • Dashboard Visualization of data & documents • Automated Reconciliation Statements • Structured Item Level (Level 3) Data • Merchant Class Code Tracking • Suspicious Pattern & Activity Detection • Alerts for Each Stage of Transaction • Transactional Keyword Search • Bank Statement Transaction Matching • Auto-Matched Transactions • Daily, Weekly, or Monthly Reconciliation • PIV/CAC authentication

Pearson

Evaluation Systems

Authorized

SaaS

Moderate

2024-08-20

Kellie Crawford

evaluationsystems@pearson.com

Not Required

Evaluation Systems designs, develops, scores, and reports results for high-stakes PK-12 educator and school administrator certification assessments. The assessments cover both pedagogy and content relevant to a given field and give candidates the opportunity to demonstrate what they know and can do.

Pexip

Pexip Government Cloud

Authorized

SaaS

Moderate

2023-06-19

Schellman & Company

stateramp@pexip.com

StateRAMP Approvals Committee

Pexip Government Cloud (PGC) provides a standards-based video teleconferencing (VTC) Software as a Service (SaaS) capability to United States (US) federal, state, and local government customers. The PGC SaaS features two core capabilities:
· Microsoft (MS) Qualified Cloud Video Interop (CVI) for MS Teams
· Standards-based Virtual Meeting Rooms (VMRs) for customer VTC endpoint devices
PGC offers government customers the ability to replace or augment their existing on-premise VTC infrastructure with a subscription-based service model using compliant purpose-built secure communication protocols.

Project Hosts, Inc.

GSS One- Azure

Authorized

PaaS

Moderate

2021-09-10

2022-06-27

Coalfire Systems

Joshua Krueger

josh.krueger@projecthosts.com

StateRAMP Approvals Committee

The GSS One- Azure is a General Support System (GSS) platform (PaaS) built primarily on Microsoft Azure Government. Project Hosts also deploys customer dedicated subnets on Azure commercial for those customers/ agencies that request this. The GSS is composed of systems and services that manage access control, authentication, auditing, monitoring, scanning, patching, configuration management, malware prevention, intrusion prevention, incident response, backup, and disaster recovery for each Application deployed on the GSS One- Azure. The GSS One- Azure is classified as a hybrid cloud deployment model to enable state and local agencies as well as commercial entities to deploy applications in a secure environment on top of the GSS One- Azure GSS system.
There are two main types of customers who use the GSS One- Azure: (i) Independent Software Vendors (ISVs) deploying multitenant SaaS applications and (ii) Federal, state or local agencies and commercial customers deploying dedicated applications just for their agency or organization (not multitenant). For both types of customers, their applications are deployed on customer-dedicated virtual servers (or Azure PaaS services) inside customer-dedicated subnets. Network security group access controls ensure that each customer’s subnet is completely isolated from and has no access to any other customer’s subnet. PaaS security subnets handling functions such as authentication, DMZ, SIEM, etc. are built on Azure Government. Customers have the option to have their dedicated application subnets built on either Azure Government or Azure Commercial. Either way, customer subnets are connected to the PaaS security subnets through V-net peering as described more fully here: https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-peering-overview .
For GSS One- Azure customers, Project Hosts also provides services that are over and above the PaaS offering described in the GSS One- Azure FedRAMP package. Namely, Project Hosts deploys, secures, manages, and provides continuous monitoring for applications that are compatible with GSS One- Azure architecture, authentication, operating system, database, and access requirements.
For ISV customers, Project Hosts also creates their SaaS-level FedRAMP package, helps them throughout the agency authorization process, and manages their 3PAO annual assessments.
For agency customers, Project Hosts assists them in the creation of their own SSP, manages annual 3PAO scanning and penetration testing of their dedicated applications, and provides a monthly application-level POA&M. Following is a partial list of applications for which Project Hosts is providing these services over and above the GSS One- Azure platform:
Accenture Federal (Task management Tool)
Blue Prism (Blue Prism)
BrightWork (BrightWork SharePoint-based Project Management)
Checkmarx (CxSAST Source Code Scanner)
Drupal (Drupal CMS)
FlowVU (FlowVU Collaboration)
Gimmal (Gimmal Records Management)
Lexmark (Managed Print Service)
Microsoft (Office, Dynamics, Power BI Server, Project Server, SharePoint, SSRS)
Sopheon (Accolade Enterprise Innovation Management)
UMT360 (SharePoint-based Enterprise Portfolio Management)
Veritas (eVault, eDiscovery, Merge1)
WordPress (WordPress CMS)
Permuta (Defense Ready)
Gimmal (Records Management)
Invoke (UiPath Orchestrator and RPA)
Conga (Contract Lifecycle Management and Conga Approvals)
Davra (WebEx Legislate, Internet of Things)
Ephesoft (Transact)
OM Group Inc (ProjNet)
Nintex (K2 Five, Workflow Cloud)
WordPress As a Service (WPaaS)
C3 AI (C3 AI Suites)
MURAL (MURAL for Government)
WillCo Tech (CyberSTAR)
Kofax (Control Suite, Kofax TotalAgility, Kofax Robotics Process Automation)
If an agency would like to use one of these Applications or bring in another GSS One- Azure-compatible Application, Project Hosts will provide application-level artifacts that will help the agency assess the risk of deploying that application in the GSS One- Azure as well as any other documentation or evidence required in order to grant an Authority to Operate (ATO).

Proofpoint, Inc.

Proofpoint Targeted Attack Protection

Authorized

SaaS

Moderate

2022-08-24

2022-09-29

Schellman

Tariq Iqbal

tiqbal@proofpoint.com

StateRAMP Approvals Committee

Proofpoint Targeted Attack Protection (TAP) helps detect, mitigate, and block advanced threat that target people through email. It detects both known and new, never-before-seen attacks that use malicious attachments and URLs to install malware on a device or trick users to share their passwords or other sensitive information.

Proofpoint, Inc.

Proofpoint Email and Information Protection Service

Authorized

SaaS

Moderate

2022-08-24

2022-09-29

Schellman

Tariq Iqbal

tiqbal@proofpoint.com

StateRAMP Approvals Committee

The Proofpoint Email and Information Protection Service is a powerful cloud email security service that integrates threat protection, virus protection, spam detection, message encryption, data loss prevention (DLP), and digital asset protection technologies into an extensible message management platform. The service is designed to fit easily into existing messaging infrastructure, providing efficient performance, accurate message analysis, and a web-based interface for reporting, configuration, and management tasks.

Qlik

Qlik Cloud Government

Authorized

SaaS

Moderate

2023-07-05

A-Lign

Marie Rainis

marie.rainis@qlik.com

State of Arizona Department of Homeland Security

Qlik Cloud Government is a SaaS platform purpose-built for delivering Qlik technology to U.S. public sector customers within a safe, FedRAMP-compliant cloud environment. Qlik empowers organizations with data and analytics technology that improves decision-making and solves their most challenging problems. Qlik Cloud Government simplifies data and analytics operations across an organization through a single platform that integrates data sources into an analytics environment where users of all levels can build analytics assets, ask questions with AI, and collaborate with others to drive action.

Qualtrics, LLC.

Qualtrics XM Platform

Authorized

SaaS

Moderate

2023-04-18

Schellman

Ben West

bwest@qualtrics.com

StateRAMP Approvals Committee

The Qualtrics XM Platform is a web-based application that allows Government agencies to create surveys and then collect, analyze, and store the data produced from those surveys. Government agencies can use the application to collect and analyze citizen, employee, and community feedback to improve services and engagement for both external customers (citizens) and internal customers (public sector employees). The Qualtrics XM Platform enables multiple departments within an agency to collect and analyze survey data within a single enterprise system, allowing all levels of the agency or department to have access to important feedback data. The XM Platform includes an array of services that can be utilized to track, manage, and improve the experience of external and internal customers, such as: • XM Core – Allows agencies to construct surveys, distribute them to participants, and then manage and analyze individual participant responses. Agencies can then create reports that present the results and publish these reports to the web or share the report links with others. • Customer Experience - Allows agencies to study and improve the customer experience by employing Relationship NPS, Transactional NPS, Customer Satisfaction, and Event Feedback programs. • Employee Experience - Allows agencies to measure and manage employee engagement by creating feedback loops for relevant aspects of public sector employment, such as Manager Feedback, Training Feedback, Employee Engagement, and Employee Pulse programs. • Site Intercept – Allows agencies to display a piece of text, graphic, or widget that encourages a visitor to their website to take a survey or redirect to a specific webpage. To implement, the agency administrator places a snippet of Qualtrics’ JavaScript code on the agency’s website. • Actions and Tickets - Allows defining and triggering a workflow when a set of conditions are met, such as creating support tickets or integrating with external systems via web service API. • Data Analytics - Provides ability to perform natural language processing, statistical and predictive analysis of the data collected via the Research Suite. • Reports and Dashboards – Enables agencies to build dashboards that provide visual displays of the data collected from an agency’s surveys combined with other imported data sources. Qualtrics creates a library where each agency can store question templates, graphics, messages, and files to be used in building surveys and sending messages to participants. Agencies can integrate data from other sources, such as their customer relationship management (CRM) tools, and produce and share reports. They can upload a list of contacts as a CSV file or manually enter or edit contacts. Agencies can also view the complete history of interactions that they have had with their contacts via emails or survey responses. The XM Platform allows customers to send surveys, notifications, and other messages via a built-in email mechanism. To enable this, the application provides an outbound mail delivery engine via SMTP. In addition, customers can generate a URL that links to their survey and send the URL out to survey participants via their own email systems. Reports and data can be exported to a variety of formats, including Word, Excel, PDF, and CSV/TSV, etc. The XM Platform provides an Administration tool that allows designated agency admins to create groups and user permissions and assign them to authorized agency users. Permissions can be set up at the agency, division, or organization level. A single sign-on (SSO) capability enables agencies to implement identity federation via LDAP, SAML / Shibboleth, central authentication service (CAS), or OAuth 2.0. Qualtrics also makes available a REST API to allow agencies to automate functions such as connecting Qualtrics surveys with external systems such as a CRM like Salesforce.

Customer Management and Experience Solutions,

Rubrik

Rubrik Security Cloud - Government (RSC-G)

Authorized

SaaS

Moderate

2023-12-12

Kratos Defense

Gayle Berkeley

gayle.berkeley@rubrik.com

Rubrik Security Cloud - Government is a data security platform that delivers complete cyber resilience across enterprise, cloud, and SaaS applications. Built with zero trust design and powered by machine learning, Rubrik Security Cloud automates data policy management and enforcement, safeguards sensitive data, delivers data threat analytics and response, and orchestrates rapid cyber and operational recovery by surgically and rapidly restoring impacted apps, files, and objects.

For more information please visit http://www.rubrik.com and follow @rubrikInc on X (formerly Twitter) and Rubrik on LinkedIn.

SAP National Security Systems

Cloud Intelligent Enterprise

Authorized

Paas/SaaS

Moderate

2023-12-05

Fortreum

Penny Klein

penny.klein@sapns2.com

StateRAMP Approvals Committee

The SAP NS2 StateRAMP Cloud Intelligent Enterprise (CIE) is a secure cloud environment that hosts the following suite of SAP cloud solutions: SAP SuccessFactors, SAP Employee Central Payroll, SAP Analytics Cloud, SAP Business Technology Platform and SAP S/4HANA Cloud, private edition. Within the StateRAMP CIE cloud environment, states and their agencies can safely adopt and deploy SAP cloud solutions within our secured cloud model. SAP NS2 offers customers enhanced security, availability, compliance, and support to help deliver a mission-critical edge. More information can be found on https://www.sapns2.com/ns2-secure-cloud/

SMX

Cloud Assured Managed Services (CAMS)

Authorized

PaaS

Moderate

2021-11-08

2022-05-20

Coalfire Systems

Razaq Ahmed

mahmed@smartronix.com

StateRAMP Approvals Committee

The SMX Cloud Assured Managed Services (CAMS) solution gives an organization the ability to leverage the power and scalability of the cloud while reducing the cost and complexity of managing and monitoring cloud solutions in-house. CAMS has been designed to deliver the flexibility customers demand from today’s cloud managed service providers.

Snowflake Inc.

Snowflake Data Cloud on AWS

Authorized

SaaS

Moderate

2024-04-02

Fortreum

Siddique Chaudhry

Siddique.chaudhry@snowflake.com

StateRAMP Approvals Committee

Snowflake is the only data warehouse built for the cloud, enabling the data-driven enterprise with instant elasticity, secure data sharing and per-second pricing, across multiple clouds. Snowflake combines the power of data warehousing, the flexibility of big data platforms and the elasticity of the cloud at a fraction of the cost of traditional solutions. Find out more at https://www.snowflake.com/.

Snowflake Inc.

Snowflake Data Cloud on Azure Government

Authorized

SaaS

Moderate

2023-02-21

Fortreum

Siddique Chaudhry

Siddique.chaudhry@snowflake.com

Snowflake Inc.

Snowflake Data Cloud on AWS GovCloud

Authorized

SaaS

High

2024-04-02

Fortreum

Siddique Chaudhry

Siddique.chaudhry@snowflake.com

StateRAMP Approvals Committee

Socure Inc.

ID+

Authorized

SaaS

Moderate

2024-01-02

Kratos Defense

Matt King

matt.king@socure.com

Socure leverages the power of AI / ML to provide digital identity proofing and verification solutions for consumer identity management. Socure’s ID+ analytics platform ingests consumer submitted data, validates the data against authoritative sources, and analyzes every dimension of the digital identity to generate a risk-based assessment of whether someone is who they claim to be online. This includes a comprehensive analysis of name, email, phone, address, date of birth, SSN, IP, device, velocity, network and behavioral intelligence, and more.

Sona Systems LLC

Experiment Management System (Enhanced Security Edition)

Authorized

SaaS

Moderate

2024-07-19

Lunarline

Justin Fidler

justin@sona-systems.com

Sona Systems offers a cloud-based solution for universities to manage research participation.

Learning Management System,

Splunk Inc

Splunk Cloud

Authorized

SaaS

Moderate

2023-05-05

Schellman

Splunk StateRAMP Team

ssg-StateRAMP@splunk.com

Splunk Cloud Platform delivers the benefits of award-winning Splunk® Enterprise as a cloud-based service. Using Splunk Cloud Platform, you gain the functionality of Splunk Enterprise for collecting, searching, monitoring, reporting, and analyzing all of your real-time and historical machine data using a cloud service that is centrally and uniformly delivered by Splunk to its large number of cloud customers, from Fortune 100 companies to small and medium-size businesses. Splunk manages and updates the Splunk Cloud Platform service uniformly, so all customers of Splunk Cloud Platform receive the most current features and functionality.

Tanium, Inc.

Tanium Cloud for US Government (TC-USG)

Authorized

SaaS

Moderate

2023-05-05

Lunarline

Eric Kirscher

stateramp@tanium.com

State of Arizona, Department of Homeland Security

"Tanium Cloud for US Government (TC-USG) delivers an agent-based endpoint management and security platform, managed and delivered as a cloud-hosted SaaS. The Tanium Core Platform and its services are automatically configured and maintained. For more information, please visit https://tanium.com The following TC-USG services are included within authorization boundary and are offered to customers individually or as desired: Tanium Interact, Tanium Asset, Tanium Comply, Tanium Connect, Tanium Deploy, Tanium Discover, Tanium Enforce, Tanium Impact, Tanium Integrity Monitor, Tanium Map, Tanium Patch, Tanium Performance, Tanium Provision, Tanium Reveal, Tanium Risk, Tanium Threat Response, Tanium Trends." From FedRAMP Marketplace.

Tenable

Tenable.io

Authorized

SaaS

Moderate

2022-02-11

2024-04-16

EmagineIT

InfoSec-Compliance

compliance@tenable.com

Owen Zorge, City of Chandler, Arizona

Tenable.io is a risk-based vulnerability management platform. Built on an open and elastic platform, it continuously tracks and assess known and unknown assets and their vulnerabilities in your environment to provide a risk-based view of your entire attack surface- from IT to cloud and web applications. Powered by Nessus technology, Tenable.io provides the industry's most comprehensive vulnerability coverage with the ability to understand your cyber risk and predict which vulnerabilities you need to remediate first. Its streamlined and intuitive user experience, gives you immediate insight with intuitive dashboards to quickly deliver value and help your team identify, investigate and prioritize vulnerabilities.

T-Metrics, Inc.

T-Metrics Cloud Contact Center

Authorized

SaaS

Moderate

2023-05-23

A-Lign

Michael Jolly

mjolly@tmetrics.com

StateRAMP Approvals Committee

The T-Metrics Cloud Contact Center is an Omnichannel Contact Center as a Service (CCaaS) solution that offers voice, email, SMS, artificial intelligence, analytics, ACD, call and screen recording, scorecard, and survey to state and local agencies to improve constituent services. The advanced SaaS solution enables agencies to leverage their investments in Unified Communications, Phones, Carrier and SMS Services with its unique design. The architecture offers agencies the flexibility to consume the service however they decide - premises, hybrid, cloud.

Trend Micro

Trend Micro Cloud One for Government

Authorized

SaaS

Moderate

2024-05-21

Fortreum

Steven Ryan

steven_ryan@trendmicro.com

StateRAMP Approvals Committee

Trend Micro offers the leading cybersecurity solution to protect endpoints, servers, and cloud workloads. Deploy security across your endpoints and physical, virtual, and multi-cloud environments to gain unified visibility, management, detection and prevention with Trend Micro Cloud One for Government.
Native integrated endpoint and server detection and response (EDR/XDR) sensors allow for quicker detection of complex attacks that bypass prevention. This provides an unmatched understanding of the activity data in your environment and a balanced approach to security, as teams can quickly see the story of an attack and respond faster and more confidently.
The platform's real-time prevention and detection capabilities (application control, anti-malware, behavioral analysis, machine learning, EDR, intrusion prevention (IPS), firewall, integrity monitoring, and log inspection) are managed via a single lightweight agent deployed on the endpoint, server, or VM being protected. Combined with a rich set of application programming interfaces (APIs), Trend Micro Cloud One for Government allows you to automate security and reduce impact on your teams.
Trend Micro Is trusted by 9 out of the top 10 Fortune 500 companies, blocks over 94 billion threats per year, analyzes over 100 TB of threat information per day and processes over 2.5 trillion events per day. We are cyber security experts.

Trend Micro

Trend Micro Vision One for Government

Authorized

SaaS

Moderate

2024-05-21

Fortreum

Steven Ryan

steven_ryan@trendmicro.com

StateRAMP Approvals Committee

Trend Micro Vision One for Government is a modern security operations platform that enables organizations to detect, investigate, prioritize, and respond to threats faster.
With built-in security analytics and threat intelligence, Trend Micro Vision One correlates data across multiple security layers from native sensors and third-party data sources to help security teams quickly see the full story of an attack and respond faster and more confidently.
Trend Micro Vision One serves the EDR use case with our Trend Micro Endpoint Sensor while delivering a solution path to a broader XDR strategy to extend detection and response to additional attack vectors, including servers and cloud workloads.
Built for the SOC analyst, CISO, and threat hunter, this platform leverages AI and predictive machine learning to arm defenders with earlier threat detection and automated response options that make a difference. The visibility and efficiency provided by Trend Micro Vision One makes great security teams even better, enabling them to do more with less.
Trend Micro is trusted by 9 out of the top 10 Fortune 500 companies, blocks over 94 billion threats per year, analyzes over 100 TB of threat information per day and processes over 2.5 trillion events per day. We are cyber security experts.

Trustwave Government Solutions

Managed Detection and Response (MDR) and Co-Managed SIEM

Authorized

SaaS

Moderate

2024-06-27

Coalfire

John Wynn

jwynn@trustwavegovt.com

StateRAMP Approvals Committee

24x7x365 monitoring and management of EDR / SIEM / security technologies by U.S. based employees in AWS GovCloud.

Veracode

Veracode Application Security Scanning Platform

Authorized

SaaS

Moderate

2023-04-18

Schellman and Company, LLC

Claire Bailey

cbailey@veracode.com

StateRAMP Approvals Committee

Veracode’s unified platform helps Government developers and application security teams assess and improve the security of applications from inception through production. With a combination of automation, process, and speed, Veracode integrates application security into the software lifecycle, effectively eliminating vulnerabilities during the development/deployment chain. This solution is widely used by enterprises to secure web, mobile, legacy, and third-party enterprise applications, with a simpler and more scalable way to help reduce software security risk across software infrastructure.

VMware

VMware Government Services

Authorized

IaaS

High

2022-11-09

Coalfire Systems

Nic Hall

nic.hall@broadcom.com

StateRAMP Approvals Committee

VMware Government Services (VGS) is a set of cloud service offerings designed to allow US government agencies and customers supporting the US government to migrate, manage, and operate more sensitive workloads in the cloud. The VGS authorization boundary provides Software-as-a-Service (SaaS) and Infrastructure-as-a-Service (IaaS) capabilities to deliver modern applications at the speed the US government demands and operate across the data center, the edge, and the cloud. VGS provides the following FedRAMP-authorized services at the High baseline: VMware Cloud on AWS GovCloud (US) (VMC), Hybrid Cloud Extension (HCX), Carbon Black Cloud (CBC), Software Defined WAN (SD-WAN), and Workspace ONE. More information on the VGS public sector roadmap can be found on the VMware Trust Center https://www.vmware.com/products/trust-center/certificate.html?family=FedRAMP.

Wellspring

Sophia Knowledge Management System

Authorized

SaaS

Moderate

2022-06-30

2022-08-29

Lunarline

Matthew Hamilton

matt.hamilton@wellspring.com

StateRAMP Approvals Committee

Wellspring Knowledge Management System (Sophia) is a Software-as-Service (SaaS) solution designed to manage technology transfer operations and knowledge asset tracking for those working in the area of research and innovation. The product services solutions within intellectual property (patent) management, licensing and contract management, invention and ideas disclosure, along research and development (R&D) portfolios and project management.

The data in the system is typically directly entered by users and includes storage of various metadata around invention, patents, projects, contracts, and contacts associated with those records. Users may supplement these with uploaded notes, related files, workflow status, financial information, contract terms and other information that is critical to the tracking of the end users portfolio. Key functional areas of the system are:

idea disclosure from researchers and inventors.
evaluation of inventions and Intellectual property protection
support of patent prosecution and monitoring
tracking contracts and technology licensing terms
financial management of patent expenses and licensing revenue
compliance with contract terms and invention reporting
project and portfolio management

WingSwept

Case Management & Tracking System (CMTS)

Authorized

SaaS

Moderate

2023-02-27

Lunarline

Allison Lehman

allison.lehman@wingswept.com

StateRAMP Approvals Committee

WingSwept has provided case management solutions to investigators at government agencies for more than a decade. WingSwept converted its Case Management & Tracking System (CMTS) into a Commercial Off-The-Shelf (COTS) service offering in 2010. Built with both security and flexibility in mind, CMTS provides for the secure storage, retrieval, and reporting of case management data for investigative offices at all levels of government. The CMTS design is neither static nor monolithic. Intentionally flexible, CMTS provides government agencies with the ability to establish unique naming conventions, tailor agency-specific workflows, and to support a wide range of other user-preferred configurations. An idle-case tracking function also includes both time and activity-based notifications in order to establish and maintain a seamless agency workflow. As an added layer of security, each CMTS customer operates in a secure environment with data separated by customer. Hosted on Amazon Web Services (AWS), CMTS is a web-based, browser-accessible application that requires no device-specific software for implementation. Highly customizable dashboards, combined with specialized labels and entry fields provide investigators with the ability to compile and display comprehensive case metrics in a simplified, user-friendly format. CMTS can display ad-hoc and pre-defined reports in minutes, drastically reducing processing times and increasing staff efficiency. This flexible design allows agencies to tailor workflows in order to match existing processes and to provide for continuity in ongoing investigations. As a result, CMTS may be readily adapted to serve investigative offices of any size. Many of the CMTS customers leverage our optional Online Intake Service (OIS) which allows customers to host or leverage OIS hosted internet facing forms which can collect case intakes to be later securely picked up by the agency CMTS server for potential ingestion as a case.

Case Management,

Wiz, Inc.

Wiz Moderate for U.S. Government

Authorized

SaaS

Moderate

2024-05-21

Fortreum

Sandra Buonassisi

sandra.buonassisi@wiz.io

StateRAMP Approvals Committee

Wiz Moderate for U.S. Government (Wiz Mod) is an agentless vulnerability scanning tool that uses an application programming interface (API) connector to scan customer environments in AWS GovCloud. Wiz Mod Gov scans various cloud architectures including virtual machines (VMs), containers, serverless, and PaaS solutions. Integrations with the continuous integration/continuous deployment (CI/CD) pipeline allow Wiz Inc. customers to define scanning policies for images and Infrastructure as Code (IaC) prior to deploying into production. Wiz Mod Gov inventories the technologies discovered in the environment to provide insight into all assets, including third-party access to the environment and code libraries detected on workloads. In addition to scanning for vulnerabilities and configuration standards and uses a threat intelligence feed to scan cloud workloads, detect malicious code, and provide information regarding the severity of the threat, and can give insight into all the privileged role assignments in the environment.

Wolters Kluwer

TeamMate+

Authorized

SaaS

Moderate

2023-06-22

Schellman & Company, LLC

Alberto De Benito Aznar

TeamMate-FedRAMP@wolterskluwer.com

StateRAMP Approvals Committee

The TeamMate+ FedRAMP platform is a suite of services that provides tooling and functionality to auditors for management and tracking of the entire auditing process. The product suite includes TeamMate+ Audit, TeamMate+ Controls, and TeamMate+ Public Sector. The TeamMate+ FedRAMP suite allows auditors and audit organizations to define, track, and manage the audit process within their own standards. TeamMate+ FedRAMP leverages tooling and software to integrate with various services and resources across many systems, enabling auditors to achieve a holistic view of the organization. Through use of cloud technology and wide tooling integration, TeamMate+ FedRAMP enables organizations to align processes and goals for better strategic and tactical insights. TeamMate+ FedRAMP's environment utilizes higher standards for security and compliance, this system has very well-defined boundaries and controlled data ingress and egress patterns.

Xerox Corporation

Managed Print Services for US Government

Authorized

SaaS

Moderate

2023-09-12

Coalfire

Bruce Talbert

bruce.talbert@xerox.com

StateRAMP Approvals Committee

Xerox Managed Print and Capture Services (MPCS) for US Government is a cloud-based solution developed specifically to help US Federal, State, and Local government agencies manage the print and document capture life cycles within an organization while maximizing productivity, security and reducing waste and risk.
The Xerox Managed Print Services (MPS) capability is a management solution for both Xerox and Non-Xerox print/imaging devices such as printers, multi-function devices, and copiers. Managed print services focus on the management of print output devices themselves, related supplies, and service requirements. The solution ensures proactive device management resulting in maximum uptime, utilization/optimization, and robust print and security policy management.
Xerox Capture Services provide advanced multichannel capture, digitization, and data transformation to help government agencies achieve digital transformation goals. Digitization is typically backfile and day forward and can include scanning, indexing, and file transfer. Digitization and imaging services can be provided on-site, near-site or off-site via a scanner, a multifunction device or through our Global Capture Platform. Digitization can be combined with data transformation, process automation, and electronic document management solutions to ensure optimal speed and productivity.

Zoom

Zoom for Government

Authorized

SaaS

Moderate

2022-02-11

2022-07-12

Schellman and Company, LLC

Jennifer Aneke & John Keese

zfgcompliance@zoom.us

Sacramento County, California

The Zoom For Government Platform unifies cloud video conferencing, cloud phone system, messaging, simple online meetings, and a software-defined conference room solution into one easy-to-use platform. The solution offers video, audio, phone, and wireless screen-sharing across Windows, Mac, Linux, Chrome OS, iOS, Android, Blackberry, Zoom Rooms, and H.323/SIP room systems. Zoom Products include:

Zoom Cloud Video Conferencing – a cloud-based collaboration service which includes video, audio, content sharing webinars and collaboration.
Zoom Phone - a cloud-based phone system with traditional PBX features, integrated PSTN connectivity, enhanced emergency services, and support for calling from mobile apps, desktop apps, and legacy desk phone devices.
Zoom Chat - send chat messages in public or private channels organized by projects, teams, or topics with the ability to share files, emojis, screenshots, and more.
Zoom Rooms – software-based group video conferencing for conference and huddle rooms that run off-the-shelf hardware including a dedicated MAC or PC, camera, and speaker with an iPad controller.
Zoom Room Connector – a gateway allowing H.323 and Session Initiation Protocol (SIP) systems to connect to Zoom meetings. Room Connector is available in both cloud computing and as software (VM) for installation on the customer premise.
Zoom Meeting Connector – a software (VM) version of the Zoom Cloud infrastructure intended for installation on the customer premise.
Zoom API - provides the ability for developers to easily add Video, Voice and Screen Sharing to your application. Our API is a server side implementation designed around REST. The Zoom API helps manage the pre-meeting experience such as creating, editing and deleting resources like users, meetings and webinars.

Zscaler

Zscaler Internet Access - Government (Secure Web Gateway - vTIC)

Authorized

SaaS

Moderate

2021-09-10

2024-04-19

Schellman and Company, LLC

Hoon Patterson

hpatterson@zscaler.com

State of Arizona Department of Homeland Security

Zscaler Internet Access delivers your security stack as a service from the cloud, eliminating the cost and complexity of traditional secure web gateway approaches.

Zscaler

Zscaler Private Access

Authorized

SaaS

Moderate

2023-05-08

Schellman and Company, LLC

Bradley Josephs

bjosephs@zscaler.com

State of Arizona Department of Homeland Security

Zscaler Private Access delivers your security stack as a service from the cloud, eliminating the cost and complexity of traditional secure web gateway approaches.

Vexcel

WIC Mosaic

Provisionally Authorized

PaaS

Moderate

Kratos Defense

Usama Jawed

usama.jawed@microsoft.com

A modern solution for the Women, Infants, and Children Program impacting participation, eligibility, and retention.

Aurigo Software Technologies Inc.

Masterworks Cloud and Aurigo Essentials

Ready

SaaS

Moderate

2021-10-15

The Cadence Group

Vivek Siddegowda

vivek.siddegowda@aurigo.com

The Aurigo Masterworks Cloud is an integrated suite of enterprise software products for owners to plan, build, and maintain large capital assets, infrastructure, and facilities. Aurigo Essentials is an all-in-one product for small to mid-size agencies with easy-to-deploy and industry-ready configurations.

BlackBerry

BlackBerry Government Mobility Suite (BGMS)

Ready

SaaS

Moderate

2021-12-03

Kratos

Rashad Munawar

rmunawar@blackberry.com

BlackBerry Government Mobility Suite (BGMS) is a cloud-based endpoint management solution. BGMS provides customers the ability to utilize a single, integrated view of users, devices, applications, and policies within their IT environment. Customers can use BGMS to unify multi-OS endpoints across all ownership models while securing sensitive data. BGMS is deployed in Microsoft Azure FedRAMP approved Government cloud as a multi-tenant, government-only community cloud deployment model. The BGMS architecture will serve as the baseline infrastructure for BlackBerry FedRAMP authorized productivity applications such as BlackBerry Work and BlackBerry Workspaces; these solutions will provide mobile access to key business tools like email, calendars, contacts, and tasks as well provide secure access to enterprise file repositories.

GovernmentJobs.com Inc, d/b/a NEOGOV

NEOGOV

Ready

SaaS

Moderate

2023-03-28

The Cadence Group

Wally Finley

infosec@neogov.net

NEOGOV is a Software as a Service (SaaS) cloud provider of Human Capital Management (HCM) software. Our software meets the unique needs of government sector human resource (HR) management by managing the entire employee lifecycle, streamlining processes, and automating routine tasks. We provide HRMS and talent management software (TMS) that enable government agencies to source, recruit, hire, onboard, develop, and retain a high quality workforce that represents the communities they serve. Our HCM platform includes specific solutions for:
Recruiting: applicant tracking, diversity (DEI) hiring, candidate relationship management (CRM), and employee onboarding.
Employee training, development, and retention: learning management system (LMS), electronic forms, and performance management.
Managing employee data: human resources information system (HRIS) that includes core HR, time and attendance, benefits management, payroll, and payroll services.

Iron Mountain

InSight on AWS GovCloud

Ready

SaaS

Moderate

2024-01-02

Coalfire

Arun Natarajan

arun.natarajan@ironmountain.com

The Iron Mountain InSight system is a cloud-based Software-as-a-Service (SaaS) solution that provides customers with a content services platform that leverages Machine Learning (ML) and Artificial Intelligence (AI) to automatically classify, extract, and enrich physical and digital content. The system has a FIPS-199 categorization of Moderate, and the solution is hosted in the Google Cloud Platform (GCP) as well as AWS Gov Cloud (AWS). InSight leverages GCP and AWS services to provide scalability, virtual segmentation, and high availability in the cloud. InSight is being run as a single-tenant product, where each federal/state customer has its own isolated environment for storage and data processing and access to the product through a public-facing web application. The InSight system aligns with the NIST SP 800-145 description of a cloud computing system and has received an ATO for GCP.

Case Management,Cloud Services,Content Collaboration,Document Management,E-Discovery,

Jamf

Jamf Pro

Ready

SaaS

Moderate

2023-09-05

Coalfire

Wendy Kong

wendy.kong@jamf.com

Jamf Pro is the flagship product, providing complete Apple mobility management (EMM) solution for information technology professionals. Jamf Pro provides deployment, device management, application management, asset inventory, user self-service, and security services for the enterprise.

Jamf

Jamf School

Ready

SaaS

Moderate

2023-09-05

Coalfire

Wendy Kong

wendy.kong@jamf.com

Jamf School is a purpose-built mobile device management solution (MDM) for schools. Jamf School enables educators to deploy and manage Apple devices simply.

Knowledge Services

dotStaff

Ready

SaaS

Moderate

2021-09-13

A-Lign

Dave Stenger

daves@knowledgeservices.com

Knowledge Services dotStaff™ is a Software as a Service (SaaS) offering that includes a Vendor Management System and a Survey Management module.

Quzara, LLC

Cybertorch

Ready

SaaS, PaaS

High

2022-07-25

Schellman & Company, LLC

Saif Rahman

srahman@quzara.com

Quzara Cybertorch™ (Cybertorch) is a Managed Detection and Response (MDR) Platform providing Soc-As-A-Service (SocaaS). The system is intended solely for use by United States Federal, State, Local, and Tribal Governments, Government Consultants, and Federally Funded Research and Development Centers (FFRDC) (referred to throughout the following sections as “customers”) delivered through a Government Community Cloud Deployment Model. Cybertorch delivers Managed Vulnerability Management and Security Monitoring solutions and services. The security monitoring capabilities extend to cloud, datacenters, on-premises, IoT, OT signals converging to a single correlation, aggregation and analysis fusion capability driven and built on Zero trust principles, purpose-built to FedRAMP HIGH and DoD Security Requirements Guide (SRG). These services are delivered through a Platform which leverages components of Software-as-a-Service (SaaS) and Platform-as-a-Service (PaaS) as defined in NIST SP 800-145 (NIST Definition of Cloud Computing. Cybertorch services and security architecture are based on Zero Trust Architecture principles described in NIST SP 200-207 (Zero Trust Architecture) for Enclave-based deployments and Enhanced Identity Government. Further, concepts of control plane and data plane are used throughout the architecture to segregate and isolate customers data.
Building on these security and trust architecture concepts, Cybertorch’ s unified platform allows the delivery and support of full end to end security coverage utilizing in-house security analysts along with Artificial Intelligence engines. Cybertorch provides managed Security Operations Services providing prevention, detection, and remediation services for the Customer. Cybertorch is supported by an enterprise-class cloud computing architecture that is delivered on the Government regions of Azure Infrastructure-as-a-Service (IaaS) platform.

SecurityScorecard

Ratings Cloud Service

Ready

SaaS

Moderate

Schellman & Company

Steve Cobb

steve.cobb@securityscorecard.io

SecurityScorecard Security Ratings monitors the security posture of millions of companies by calculating a risk score derived from publicly available data. Companies are assigned A-F ratings across risk factors including domain name system (DNS) health, internet protocol (IP) reputation, web application security, network security, leaked information, hacker chatter, endpoint security, and patching cadence. This data is provided to customers via the Security Ratings web application.
Customers use the Security Ratings web application to review security ratings and detailed security reports. Users access Security Ratings through a standard web browser and leverage identity federation for authentication. Within the application, users search for companies of interest and review security reports developed by SecurityScorecard. These ratings and reports allow customers to evaluate the cybersecurity risk for companies of interest using data-driven, objective, and continuously evolving metrics that provide visibility into information security control weaknesses as well as potential vulnerabilities throughout the supply chain ecosystem. Users can also create "portfolios" to group together companies of interest and easily compare vendors to help make procurement decisions, evaluate acquisition targets, conduct industry benchmarking, and more.
Additional capabilities and data points (collected from publicly available data sources) in the Security Ratings web application include:
• IP attribution to company domain(s)
• Security vulnerability monitoring by company and security factors
• Security risk benchmarking and scoring by company and industry
• Alerts for changes in risk scores
• Executive and detailed company scorecard reports
• Workflow for collaboration and remediation with monitored suppliers

Microsoft

Microsoft Azure

Authorized, Federal JAB

SaaS, PaaS, IaaS

High

2021-12-15

2022-04-25

Kratos

John Gallagher

jogallag@microsoft.com

State of Arizona, Department of Homeland Security

Microsoft Azure is a cloud platform with more than 200 products and cloud services designed to help deliver solutions across different deployment scenarios – Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), and Software-as-a-Service (SaaS). Microsoft Azure supports more than 90 compliance standards including FedRAMP High.

Microsoft

Microsoft Azure Government

Authorized, Federal JAB

SaaS, PaaS, IaaS

High

2021-12-15

2022-04-25

Kratos

John Gallagher

jogallag@microsoft.com

State of Arizona, Department of Homeland Security

Microsoft Azure Government is a separate cloud platform to support US federal, state, local, and tribal government agencies. It can support data that’s subject to the CJIS Security Policy and IRS Publication 1075 along with FedRAMP High and other compliance standards. Microsoft Azure Government is delivered through separate datacenters with physical, logical, and network isolation from the commercial cloud and is operated by US persons who have passed fingerprint-based background checks performed by the states.

Microsoft

Microsoft Dynamics 365

Authorized, Federal JAB

SaaS

High

2021-12-15

2022-04-25

Kratos

John Gallagher

jogallag@microsoft

State of Arizona, Department of Homeland Security

Microsoft Dynamics 365 is the next generation of intelligent business applications that enable organizations to grow, evolve, and transform. These applications enable organizations to quickly deliver new purpose-built applications that work seamlessly together to help manage mission-critical functions. Microsoft Dynamics 365 supports more than 90 compliance standards including FedRAMP High.

Microsoft

Microsoft Dynamics 365 US Government

Authorized, Federal JAB

SaaS

High

2021-12-15

2022-04-25

Kratos

John Gallagher

jogallag@microsoft

State of Arizona, Department of Homeland Security

Microsoft Dynamics 365 US Government is the next generation of intelligent business applications that enable US federal, state, local, and tribal government organizations to grow, evolve, and transform. It’s delivered through separate datacenters with physical, logical, and network isolation from the commercial cloud, is operated by US persons who have passed fingerprint-based background checks performed by the states, and can support data that’s subject to the CJIS Security Policy and IRS Publication 1075 along with FedRAMP High and other compliance standards.

Zscaler

Zscaler Private Access - Government (Zero Trust Networking - VPN Replacement)

Authorized, Federal JAB

SaaS

High

2021-09-10

2022-03-18

Schellman and Company, LLC

Vidya Meenakshisundaram

vidya@zscaler.com

State of Arizona Department of Homeland Security

Zscaler Private Access solves the challenges posed by a traditional VPN infrastructure by decoupling your internal assets and applications from the limitations, cost, and complexity of direct IP network connections.