Keeper Security completes Authorization meeting FedRAMP Revision 5 Controls

Oct. 29, 2024
This accomplishment builds on Keeper's announcement that it achieved FedRAMP Authorization at the Moderate Impact Level for KSGC in August 2022 and StateRAMP in December 2022.

Keeper Security today announces that it has successfully completed the transition to Revision 5 Federal Risk and Authorization Management Program (FedRAMP) security controls baseline. Based on a security assessment and the Federal Information Processing Standard (FIPS) security categorization of Moderate, Keeper's sponsor organization, Millennium Challenge Corporation (MCC), has determined that Keeper Security Government Cloud (KSGC) meets the information security requirements and is granted an Authority to Operate (ATO).

This accomplishment builds on Keeper's announcement that it achieved FedRAMP Authorization at the Moderate Impact Level for KSGC in August 2022 as well as StateRAMP Authorization in December 2022. KSGC is hosted in AWS GovCloud (US), designed to host sensitive data and regulated workloads and to address the most stringent U.S. government security and compliance requirements.

To receive FedRAMP Rev 5 Authorization, organizations must implement controls from 18 different control families that originate from the National Institute of Standards and Technology Special Publication 800-53. This alone can take organizations months or years, depending on the complexity of the system.

Below are a few quotes from the Keeper Security leadership team about reaching Revision 5 controls for FedRAMP authorization at the moderate impact level:

"Meeting FedRAMP's Revision 5 controls underscores our commitment to providing the highest standards of security and compliance to both our federal customers as well as our broader global customer base," said Darren Guccione, CEO and co-founder, Keeper Security. "This accomplishment not only reflects our dedication to safeguarding data but also solidifies our position as a trusted partner in the federal space, ensuring that our solutions meet the most rigorous standards to protect against evolving cyber threats."

"With government and critical infrastructure facing more cyber attacks than ever before, these controls are critical in addressing the evolving threat landscape," said Patrick Tiquet, VP of Security and Compliance, Keeper Security. "Ensuring that we not only meet but exceed FedRAMP's stringent security requirements is a testament to our commitment to protect the most sensitive data of our federal agencies and the American public."

"Achieving FedRAMP Moderate for our cloud-native solution reflects our dedication to ensuring the highest data security and compliance levels, especially for federal agencies handling sensitive information," said Paul Aronhime, SVP of Federal Sector, Keeper Security. "It emphasizes our commitment to working with the federal government and is a necessary step as we move to FedRAMP High. It enhances trust and accountability and demonstrates a strong commitment to protecting national security."

The FedRAMP Authorized KSGC follows a White House Executive Order mandating zero-trust architecture and strong encryption, along with a draft memorandum by the Office of Management and Budget (OMB) and the Cybersecurity and Infrastructure Security Agency (CISA) mandating that all federal agencies adopt a zero-trust security architecture by 2024. The memorandum specifically calls out password security requirements that KSGC facilitates, including strong password policies and the ability to compare user passwords against weak and breached data.

KSGC zero-trust privileged access manager maintains the Keeper Security zero-trust security framework alongside a zero-knowledge security architecture, so users have complete knowledge, management, and control over credentials and encryption keys. It provides a human-centric cybersecurity solution to safeguard against ransomware attacks, provide powerful security insights, as well as robust compliance and reporting with support for RBAC, 2FA, FIPS 140-2 encryption, HIPAA, FINRA, SOC, ITAR, and more.