BeyondTrust has achieved Federal Risk and Authorization Management Program (FedRAMP®) authorization to operate (ATO) at the moderate impact level for its Remote Support (RS) and Privileged Remote Access (PRA) solutions. This authorization highlights BeyondTrust’s commitment to identity security and to the mission of Federal Agencies as they migrate to the cloud.
Read on to learn more about what FedRAMP authorization means for BeyondTrust and our customers.
What is FedRAMP?
FedRAMP is the U.S. Government’s standardized approach to providing security authorizations for the adoption and use of cloud services by the federal government. FedRAMP empowers agencies to use modern cloud technologies, with emphasis on security and protection of federal information, and helps accelerate the adoption of secure, cloud solutions.
To become FedRAMP compliant, cloud service providers (CSPs) must implement certain security controls into their cloud service offerings (CSOs). FedRAMP dictates what those controls should be according to three “impact levels”: low impact, moderate impact, and high impact. The higher the impact level, the more baseline controls a CSP must implement to assure that its cloud service offering meets FedRAMP standards and can be used by government agencies. FedRAMP’s three impact levels are based on those defined by FIPS 199.
BeyondTrust’s Remote Support and Privileged Remote Access products fall under the moderate impact classification, which mainly includes data unavailable to the public, such as personally identifiable information. A breach of this data can harm an agency’s operations.
What does FedRAMP status mean for BeyondTrust’s federal customers?
The use of FedRAMP authorized solutions is valuable for federal, state, and local government customers because it allows them to securely expand their cloud footprints and comply with key mandates, including:
- The Cloud Computing Mandate – Encourages and enables federal agencies to accelerate the adoption of cloud computing by creating transparent standards and processes for security authorizations and allows agencies to leverage security authorizations on a government-wide scale.
- The Zero Trust mandate - Requires agencies to meet specific cybersecurity standards and objectives in order to reinforce the Government’s defenses against increasingly sophisticated and persistent threat campaigns.
BeyondTrust’s PAM and Identity Security solutions empower agencies to apply the principle of least privilege and audit controls to all remote access. In the modern hybrid workplace, which is rapidly migrating to the cloud, heightened visibility and control are paramount to secure sensitive information within a network.
This milestone also speaks to BeyondTrust’s commitment to security for non-public sector customers.
How can BeyondTrust’s FedRAMP status help government agencies achieve zero trust?
BeyondTrust’s Remote Support solution is used by service desks around the world to provide IT support to their customers, remotely. Remote Support securely facilitates remote screen sharing with desktops and mobile devices and, as a solution, drives incredible efficiency and KPI gains for service desks. In addition to the efficiency gained through seeing the remote screen and working with the customer directly, the ability to quickly and securely collaborate drives down call handle times and improves customer satisfaction. Every remote session that occurs is captured in an audit log that shows the who, what, and when of interactions. This audit log is available to be integrated with a system of record for both context and long-term storage.
Privileged Remote Access is used by organizations to securely allow inside IT admins, vendors, developers, and cloud ops engineers to access systems remotely and in compliance with just-in-time access and least privilege principles. For IT admins and vendors, the primary use cases are typically GUI based control of desktops and servers. Whereas for developers and cloud ops engineers, it’s typical to make protocol connections to remote systems and then use local a tool like Putty or Azure Data Studio, when connecting to systems via SSH or SQL. Additionally, since these users are increasingly cloud-first, BeyondTrust allows infrastructure as code. This is where a script (from something like Terraform) is used to provision or deprovision cloud infrastructure and then grant or revoke access automatically. As with Remote Support, there’s a full audit log of every interaction that’s fully able to be integrated into external systems.
What are the next steps?
BeyondTrust is now listed on the FedRAMP marketplace site , providing further accessibility to federal agencies seeking secure cloud solutions.
BeyondTrust is committed to security and to the missions of our public sector customers. To learn more about how BeyondTrust solutions would work in your environment and with any FedRAMP questions, click here, or contact us at publicsectorsales@beyondtrust.com.
Adam White, Sr. Director, Technical Marketing
Adam White is the Director of Technical Marketing and has been with BeyondTrust for 20 years in a variety of technical and operations roles. Originally starting in support and spending over a decade in solutions engineering, Adam brings that technical lens to the BeyondTrust marketing team. He is a vintage electronics and hi-fi nerd (think vacuum tubes); collector of too many amplifiers, guitars, and effects pedals; husband; and father of three teenagers.