NEW YORK--(Application Security, Inc. (AppSecInc), the leading provider of database security solutions for the enterprise, today announced a new, built-in policy for FedRAMP as part of the SHATTER Knowledgebase KB 4.25 release. The policy will provide cloud service providers with a simplified process to become part of the Federal Risk and Authorization Program (FedRAMP).)--
“The cloud service providers we work with who are approved by FedRAMP are able to work with all agencies that are part of the program, making this a very worthwhile effort.”
The Federal Risk and Authorization Program (FedRAMP) is a risk management program for large outsourced and multi-agency information systems established by the U.S. government. FedRAMP authorizes and continuously monitors IT services that are used by multiple federal departments and agencies, specifically cloud service providers. In order to be approved by FedRAMP, CSPs must continuously meet strict security guidelines. In order to be evaluated, an agency must sponsor the vendor’s system/service and submit it to FedRAMP for review by a joint authorization board, which includes a FedRAMP Third Party Assessment Organization (3PAO). Once a CSP is approved by FedRAMP, all federal agencies within the program are able to use the product and/or service.
AppSecInc products, AppDetectivePro and DbProtect, now have a built-in policy for FedRAMP. Any Cloud Service Provider (CSP) or Third Party Assessor for FedRAMP (3PAO) can use this policy as the basis for their database security assessments. Proper database scanning is one of the requirements of the program; CSPs must provide database scans that show results for vulnerabilities, configuration issues, weak passwords, missing patches, access control concerns, and other issues that can lead to user privilege escalation. Database scanning will show data is safe from internal and external threats. AppSecInc products automate continuous scanning required by the FedRAMP certification process and maintenance of the annual re-certification process.
“The FedRAMP program is a vital component in making sure government agencies are protected against data breaches, and save sensitive, confidential information from being lost,” states Bill Jaeger, Vice President, Technical Operations at Kratos SecureInfo, a leading 3PAO and provider of FedRAMP assessment services. “The cloud service providers we work with who are approved by FedRAMP are able to work with all agencies that are part of the program, making this a very worthwhile effort.”
AppSecInc products, DbProtect and AppDetectivePro, allow organizations to cost-effectively meet regulatory mandates and secure sensitive data; they help organizations understand their database ecosystem, focus on suspicious and unauthorized database activity and streamline operations through a unique approach called precision database security monitoring.
“As a 3PAO engaged with Cloud Service Providers, we must be able to effectively scan databases as part of the FedRAMP assessment process. AppSecInc provides an easy-to-use solution that does just that,” states Rob Barnes, Director, Coalfire Federal. “With the new built-in FedRAMP policy, my team is able to effectively scan databases during an assessment, report on the results, and deliver a repeatable process to our clients.”
The built-in policy for FedRAMP is generally available and is part of the DbProtect and AppDetectivePro platforms. For further information, please contact an AppSecInc sales representative at 1-866-9APPSEC or visit: http://www.appsecinc.com/products/index.shtml
TeamSHATTER, the research arm of Application Security, Inc., is the largest dedicated database security, vulnerability and misconfiguration research team in the world. TeamSHATTER maintains the most comprehensive knowledgebase of database vulnerability and misconfiguration checks in the industry and understands how to make security an integral part of an enterprise’s database security and network management infrastructure. TeamSHATTER regularly publishes security advisories, technical papers and research information on www.TeamSHATTER.com.
About Application Security, Inc.
AppSecInc is a pioneer and leading provider of database security solutions for enterprise of all sizes. By providing easy to deploy and manage, highly scalable software-only solutions – AppDetectivePro for security and risk professionals, and DbProtect for the enterprise – AppSecInc helps customers achieve unprecedented levels of data security, while reducing overall risk and helping to ensure continuous regulatory and industry compliance. Used by more than 1,300 active commercial and government customers worldwide, our proven and award-winning enterprise solutions are backed by the world’s most comprehensive database security knowledgebase from the company’s renowned team of threat researchers, TeamSHATTER.
DbProtect and AppDetectivePro are trademarks of Application Security, Inc. All other product names, service marks, and trademarks mentioned herein are trademarks of their respective owners.