Authorized Product List - GovRAMP

Authorium Authorium Systems AuthorizedSaaSModerate2024-07-19SR24015Schellman & CompanyChris MayhewChris.mayhew@authorium.comGovRAMP Approvals CommitteeAuthorium's cloud-based, no-code platform for Document Process Automation radically reduces the time it takes to develop complex document sets that form the backbone of government processes for procurement, contracting, grants, and budgeting. With built-in project management tools, powerful collaboration capabilities and easy integration with existing government systems, Document Process Automation speeds up the fundamental processes of procurement, contracting, grants, and budgeting by 50-70%.Live Aztec SoftwareAztec Learning SystemAuthorizedSaaSModerate2025-06-30SR24053Lunarline, Inc.Phillip Thompsonpthompson@aztecsoftware.comGovRAMP Approvals CommitteeAztec Learning System combines a customized Learning Management System (LMS) and Courseware to help transform the lives of adult learners. The LMS includes innovative an unique features allowing automatic per student learning customization, linear and non linear learning and coaching. The learning experience is delivered at Desktop like performance using a robust, secure, scale SAAS architecture with configurations that can be matched to the school's unique needsLive AtlassianAtlassian Government CloudAuthorizedSaaSModerate2026-01-12SR24051Schellman & CompanyPatrick O'Laughlinpolaughlin@atlassian.comGovRAMP Approvals CommitteeAtlassian Government Cloud is a Software as a Service (SaaS) offering that helps teams collaborate, track work, manage IT service delivery, support their DevOps practices and more - all with the security and control that agencies need. Available products include:
- Jira for project management across business and software teams
- Confluence for knowledge management and documentation
- Jira Service Management for IT service management, including support, IT operations, customer service, and moreLive Cisco Systems, Inc.Cisco Meraki for GovernmentAuthorizedSaaSModerate2024-07-25SR24008CoalfireEric WeissGovRAMP@cisco.comGovRAMP Approvals CommitteeCisco Meraki for Government provides a secure and efficient way to support your networking transformation within budget. Our cloud-managed platform simplifies networking to make it easier to deploy, manage, and optimize networks – driving IT modernization and enabling hybrid work. Meraki helps future proof networks and allows agencies to stay ahead of changing citizen and regulatory demands while improving employee productivity.​

Meraki has developed the most sophisticated platform in the industry based on cloud-first operations, network intelligence (AI), and open APIs to better integrate and automate processes, while providing a way to customize the monitoring and management of a network. The Meraki platform is built with a modern cloud-managed architecture that is able to quickly scale to meet the needs of customers worldwide. ​

We have taken that knowledge and technical sophistication to create a tailored solution for the U.S. Government. Our solution gives government agencies the ability to quickly deploy, scale and manage cloud networks anywhere in the world in an effort to help meet their cloud-first initiatives. Security is a high priority of our solution, which is why we created a separate platform that stores data on U.S. soil and includes FIPS to further protect government telemetry data from device to cloud. ​Meraki will offer certain MS (Switching), MR (Wireless) and MX (Security and SD-WAN) devices as part of the offering.Live CGI Technologies & Solutions, Inc.CGI US CloudAuthorizedIaaSModerate2023-05-23SR22031KratosPatrick Zientekpatrick.zientek@cgi.comGovRAMP Approvals CommitteeCGI GTO delivers centralized, highly secure and fully managed solutions specifically designed to support state and local government needs.Live Actsoft, IncWorkforce Manager for GovernmentAuthorizedSaaSModerate2023-04-18SR23008A-LignJames Armstrong jarmstrong@actsoft.comGovRAMP Approvals Committee Workforce Manager for Government is a fully integrated platform, which facilitates the business needs of an Agency with mobile employees. On top of robust features such as Wireless Forms, Timekeeping, Job Dispatching, and GPS Tracking, customers with vehicles can leverage the solution’s fleet components to monitor vehicle activities like stop times, idling, driver behavior, score cards, and telematics.
This intuitive, yet flexible solution addresses key market challenges such as ease of use, data collection, mobile resource management, implementation costs, worker compliance and overall accountability. The synergy of tools in Workforce Manager for Government brings customers greater efficiency and productivity gains by automating and streamlining processes that help them save time, reduce labor costs, and lower vehicle-related expenses such as fuel and maintenance. Government Customers benefit from an easily deployable solution that provides a significant return on investment.
Workforce Manager for Government is equipped with enterprise-grade workforce management tools that are typically only found in high-priced business applications, making it affordable and accessible to all Government Agencies. This approach provides Government customers with a solution that delivers relevant information about daily field operations, helping agencies craft new business strategies to save both time and money.Live Abnormal AI, Inc.Abnormal Security for GovernmentAuthorizedSaaSModerate2025-09-05SR24056Schellman Compliance, LLCMary Schafermschafer@abnormalsecurity.comThe University of Texas at AustinAbnormal Security for Government (Abnormal Gov) is a cloud-native, API-based offering that provides holistic email security for cloud email platforms – Microsoft365 and Google Workspace, against the full spectrum of email attacks including advanced phishing, fraud, account compromise, supply chain compromise, user-reporting phishing, and more.

The platform connects via API to analyze thousands of signals from multiple data sets and precisely baseline known behavior of every employee within an organization and every vendor within the supply chain. Autonomous AI models enable Abnormal Gov to detect anomalous activity and stop never-before-seen attacks quickly and accurately. The platform also serves as an AI Security Co-worker by fully automating the triage and remediation of user-reported emails. AI models judge user-reported emails as safe, spam, or malicious and automatically remediate malicious emails across all affected users using AI, eliminating any manual intervention by security analysts. Additionally, AI models automatically learn the behavioral preferences of every employee through their folder movements of graymail and autonomously declutter inboxes from unwanted mail thereby boosting employee productivity.

Abnormal Gov’s cloud email security product suite includes Inbound Email Security, Email Account Takeover Protection, AI Security Mailbox, Email Security Posture Management, and Email Productivity. The platform leverages a multi-tenant government cloud computing environment and is available for public, federal, state, local, and tribal governments.Live Check Point Software TechnologiesCheck Point Infinity Platform for GovernmentAuthorizedSaaSModerate2026-03-20SR24078Schellman & CompanyGlen Deskingdeskin@checkpoint.comGovRAMP Approvals CommitteeThe Check Point Infinity Platform for Government is a comprehensive cybersecurity solution designed to meet the stringent security and compliance requirements of government organizations. It integrates advanced threat prevention, centralized management, and cloud-native security capabilities to provide end-to-end protection across networks, endpoints, cloud environments, and email and collaboration platforms. Below is an overview of the platform's key components and capabilities:
Key Components:
ThreatCloud:
The backbone of the Infinity Platform, ThreatCloud is the world’s largest collaborative cyber threat intelligence network.
It processes over 86 billion transactions daily, leveraging artificial intelligence and machine learning to identify and block emerging threats in real time.
ThreatCloud gathers intelligence from over 100,000 Check Point customers and Check Point Research, ensuring up-to-date protection against the latest vulnerabilities and attack vectors.
Infinity Portal:
A unified, cloud-based management platform that provides centralized visibility, control, and orchestration of security policies across all environments.
It enables seamless integration of Check Point’s security solutions, ensuring consistent protection and simplified operations.
The Infinity Portal supports compliance with government regulations by offering detailed reporting, auditing, and monitoring capabilities.
Harmony Email & Collaboration:
An API-based SaaS security solution that protects government email and collaboration platforms (e.g., Office 365 GCC) from advanced threats such as phishing, zero-day malware, account takeover, and data leakage.
It operates in a "monitor-only" mode during initial deployment, ensuring no disruption to end-user workflows while providing actionable insights into potential threats.
Harmony Email & Collaboration is designed to secure sensitive government communications and prevent unauthorized access to critical data.
Differentiating Security Capabilities:
Real-Time Threat Prevention:
The Infinity Platform employs over 60 patented threat prevention engines to block attacks across all vectors, including network, endpoint, cloud, and mobile.
Advanced technologies such as IPS, anti-ransomware, sandboxing, malware sanitization, and post-infection BOT prevention ensure proactive defense against known and unknown threats.
Cloud-Native Security:
The platform includes solutions for cloud posture management, native workload protection, and branch cloud security, ensuring secure operations in hybrid and multi-cloud environments.
It supports visibility, threat hunting, and compliance monitoring for government cloud environments.
Threat Intelligence Integration:
ThreatCloud’s rich intelligence powers all components of the Infinity Platform, ensuring interconnected and consistent protection across all layers of security.
Discoveries from Check Point Research continually enhance the platform’s ability to detect and prevent sophisticated attacks.
Compliance and Scalability:
The Infinity Platform is designed to meet government compliance standards, including StateRAMP requirements.
Its modular architecture allows for scalability and customization to address the unique needs of government agencies.
The Check Point Infinity Platform for Government provides a unified, proactive, and intelligent approach to cybersecurity, enabling government organizations to protect their critical assets and sensitive data from evolving cyber threats.Live CGI Technologies & Solutions, Inc.CGI Advantage CloudAuthorizedSaaSModerate2024-09-10SR24021A-LignRosemary Millikenrosemary.milliken@cgi.comGovRAMP Approvals CommitteeCGI Advantage Cloud is a unified multi-tenant SaaS ERP solution that is designed, built, and optimized for the public sector. Our solution provides financial management, procurement, grants, human capital management, payroll, labor cost distribution, time and leave, budgeting, and advanced analytics capability that addresses the public sector’s most complex requirements out of the box. Advantage Cloud requires minimal workarounds or extensions associated with dual-use ERP systems that are built for private sector and then overlaid with public sector features.Live Butterfly Network, Inc.Butterfly iQ / Butterfly iQ+ / iQ3 Ultrasound Probe System (aka: Butterfly Ultrasound Probe System)AuthorizedSaaSModerate2026-01-13SR24082A-lignMike Tiemeyermtiemeyer@butterflynetinc.comGovRAMP Approvals CommitteeButterfly Network’s Inc.’s Butterfly Ultrasound Probe System enables universal access to superior medical imaging, making high quality ultrasound easy-to-use, globally accessible, and intelligently connected.
Butterfly iQ™ (aka Butterfly Ultrasound Probe System) is the only ultrasound transducer that can perform “whole-body imaging” with a single handheld probe using semiconductor technology. Connected to a mobile phone or tablet, it is powered by Butterfly’s proprietary Ultrasound-on-Chip™ technology and harnesses the advantages of AI to deliver advanced imaging that is easy-to-use and improves patient outcomes.Live Box, Inc.Box Enterprise Cloud Content Collaboration PlatformAuthorizedSaaS, PaaSHigh2022-05-192022-06-07SR22001Schellman & CompanyTom Cowlescompliance@box.comGovRAMP Approvals CommitteeThe Box Enterprise Content Cloud Collaboration Platform enables business to easily share, manage and secure their content. In today’s mobile-first, cloud-first world, providing employees with secure access to content at any time using any device is critical to creating a more productive, connected workforce and improved customer experiences. Beyond secure file sharing, Box enables easy access to content and collaboration tools from any device with the security, scalability and administrative controls that IT requires.Live BlackBerry CloudBlackBerry Cloud - AtHoc Services for Government (ACSforGov)AuthorizedSaaSHigh2021-12-132022-05-18SR21019KratosMaria Keadysecuritycertifications@blackberry.comGovRAMP Approvals CommitteeBlackBerry’s AtHoc is a networked crisis communication platform enabling corporations and government agencies to communicate and collaborate securely with their personnel and with other organizations through multiple devices during times of crises. BlackBerry’s AtHoc platform addresses critical communications needs including: Account: AtHoc Account enables real-time visibility into location and status for effective personnel accountability and crisis handling before, during, and after emergencies. This integrated approach to personnel accountability enables inputs from managers about their team, call center operators, data streams from HR and travel systems, as well as self-reporting by individuals. Alert: AtHoc Alert provides a comprehensive crisis communication solution that unifies all channels and devices, empowering organizations, people, and communities to collaborate during critical events. AtHoc’s flexible deployment options safeguards important personal information and enables enterprise-level command and control. Connect: AtHoc Connect empowers organizations to create their own permission-based network to establish interoperable communication and information sharing with organizations in their community. Collect: AtHoc Collect empowers your personnel in the field to be the "eyes and ears" of the operations center. AtHoc Collect enables on-scene personnel to report events, work progress, along with rich geo-tagged media that are worth a thousand words.Live Cisco Systems, Inc.Catalyst SD WANAuthorizedSaaS/IaaSHigh2024-08-20SR24016SchellmanEric WeissGovRAMP@cisco.comGovRAMP Approvals CommitteeCisco Catalyst SD-WAN for Government (SDWAN-G), powered by Cisco Viptela/IOS XE, is a highly secure, cloud-scale architecture that is open, programmable, and scalable. All vetted and monitored through the rigorous FedRAMP authorization process. Use it to connect data centers, branches, campuses, and colocation facilities to improve network speed, security, and efficiency. Cisco Catalyst SDWAN-G is a cloud-delivered overlay WAN architecture connecting branches to data centers and multi-cloud environments through a single fabric and single pane of glass. Cisco Catalyst SDWAN-G helps ensure a predictable user experience for applications optimized for SaaS, IaaS, and PaaS connections. Comprehensive on-premises and cloud-based security protect against cyberthreats while enabling IT teams to accelerate the transition to a Secure Access Service Edge (SASE) architecture where and when it is needed.
Cisco Catalyst SD-WAN Government (SDWAN-G) is owned, operated, and supported directly by Cisco for use in government offerings, providing the following capabilities:
- Enhanced Visibility: Extend your network visibility and observability with our core government self-service portal. You'll gain actionable insights to help you transform network operations from reactive to highly proactive model.
- Right Security, Right Place: On-premises or cloud-based security with secure SDWAN-G helps to accelerate the transition to a secure access service edge (SASE) architecture where and when it's needed.
- Operational Simplicity: With a highly visualized interface and intuitive user experience for simplified configuration, management, operation, and monitoring across the Cisco Catalyst SDWAN-G fabric. The Cisco Catalyst SDWAN-G solution comes with pre-configured templates to automate and expedite the deployment of most common use cases. Guided step-by-step configuration designed to intelligently expedite onboarding of new devices, and full integration of unified communication, and security into Cisco Catalyst SDWAN-G.
The Cisco Catalyst SDWAN-G solution is segregated into four planes with four key components:
Manager
- In the management plane, the Cisco Catalyst SD-WAN Manager is the centralized network management system and represents the user interface of the solution. Network administrators and operators can configure, provision, troubleshoot, and manage the entire overlay network from a simple graphical dashboard.
Validator
- In the orchestration plane, the Cisco Catalyst SD-WAN Validator automatically orchestrates connectivity between edge devices and Controllers. The Validator is largely responsible for the provisioning process as well as first-line authentication, control/management information distribution, and facilitating Network Address Translation (NAT) traversal.
Controller
- In the control plane, the Cisco Catalyst SD-WAN Controller is the component responsible for enforcing policies centrally. When branches come online, their routing information is exchanged with the Controller and not directly with other branches. The Controller works with the Validator to authenticate edge devices as they join the network and to orchestrate connectivity among the edge devices.
Edge Devices
- In the data plane, the Edge devices are responsible for establishing the network fabric and handle the transmission of data traffic. Edge devices come in multiple forms, virtual and physical, and are selected based on the connectivity, throughput, and functional needs of the site. The operating system of the Edge devices is securely developed and tested as part of Cisco’s Secure Development Lifecycle (CSDL) prior to releasing a version for the customer to deploy. In-boundary scanning of the operating system deployed with Edge devices for Cisco Catalyst SDWAN-G are scanned as part of Cisco’s continuous monitoring strategy.
Collectively, the architecture of the Cisco Catalyst SDWAN-G fabric simplifies IT operations with automated provisioning, unified policies, streamlined management to help ensure rapid updates and resolutions, advanced network functionality, resiliency, and security. From a single pane of glass, Cisco Catalyst SDWAN-G helps organizations avoid complex configurations and frequent policy changes that lead to uneven user experiences, thereby increasing overall network efficiency and reliability.Live Casepoint LLCCasepoint Government eDiscovery AuthorizedSaaSHigh2024-09-17SR22027Schellman Compliance, LLC.Casepoint Compliance Teamiscompliance@casepoint.comGovRAMP Approvals CommitteeCasepoint is a data discovery platform for legal, investigatory, compliance, and IT teams who struggle to get actionable insights for data-centric business processes like eDiscovery, investigations, and information requests. Casepoint empowers leading corporations and government organizations to reduce costs, lower risk, and improve time-to-insight. Casepoint’s easy-to-use AI-powered platform is purpose-built for organizations that require the highest level of security and scalability to meet the evolving demands of the modern data landscape. Casepoint Government is delivered as a SaaS offering using a multi-tenant government-only cloud computing environment and is used by government agencies to meet their complex needs, including:
• Legal Hold
• Regulatory Enforcement / Investigations
• Litigation (eDiscovery)
• FOIA / PRR
• Congressional Inquiries
• Legal Data Storage
• Task / Case Strategy and Management
The Casepoint Government platform includes Casepoint Legal Hold, Casepoint eDiscovery, Casepoint FOIA, Casepoint Filestore, APIs for cloud collections, task management, and an app builder. Casepoint Government provides agencies with the capabilities needed to manage large volumes of data in litigation, investigations, congressional inquiries, and FOIA requests, including cloud-based collections, processing, culling, review, and highly customizable productions. It also offers built-in artificial intelligence and analytics with advanced tools for predictive analysis, search, and data visualization.

Live BoomiBoomi Enterprise PlatformAuthorizedSaaSModerate2023-12-05SR22033A-LignErika Frytech.compliance@boomi.comGovRAMP Approvals CommitteeBoomi Enterprise Platform is a cloud-native integration Platform-as-a-Service (iPaaS) technology that lets you connect everyone to everything. The Boomi SaaS Enterprise Platform solves the needs of our government customers with end-to-end capabilities by integrating applications, systems, and connecting people.Live CrowdStrike, Inc.CrowdStrike Falcon Platform for GovernmentAuthorizedSaaSHigh2025-12-23SR24071Schellman & CompanyWasim Rahmanwasim.rahman@crowdstrike.comGovRAMP Approvals CommitteeThe CrowdStrike Falcon Platform is a comprehensive cloud-native cybersecurity platform designed to provide a wide range of security functions to protect organizations from cyber threats.

The primary purpose of the CrowdStrike Falcon Platform is to provide organizations with a comprehensive cybersecurity solution that encompasses the following system functions:
*Endpoint Security - Advanced endpoint security capabilities to protect laptops, desktops, servers, and virtual machines from various cyber threats.
*Threat Intelligence - Cloud-based intelligence engine to collect and analyze threat data from millions of endpoints worldwide.
*Managed Security - Managed security services with a team of security experts actively monitoring and responding to security events.
*Cloud Security - Cloud security capabilities to protect organizations' cloud environments.
*Security and IT Operations - Integration of security and IT operations for a unified view of security posture.
*Identity Protection - Identity protection capabilities to safeguard user identities and prevent unauthorized access.
*Next-Gen SIEM - Logging and analysis capabilities to collect, correlate, and analyze security events and logs.Live EverlawEverlawAuthorizedSaaSModerate2023-02-08SR22034Kratos DefenseAngela Kovachfederal@everlaw.comGovRAMP Approvals CommitteeEverlaw helps legal teams and government agencies navigate the increasingly complex ediscovery landscape to chart a straighter path to the truth. With Everlaw, government agencies of all sizes are able to transform their approach to discovery, litigation, investigations, compliance, and FOIA/Public Records Requests. Combining speed, security, and ease-of-use in a unified discovery platform, cross-functional legal teams are empowered to investigate issues more thoroughly, uncover truth more quickly, and present their findings more clearly. Built natively on AWS GovCloud (US), Everlaw is committed to innovation and future-proofing agencies against emerging data types and other fluctuating needs. Founded in 2010 and based in Oakland, California, Everlaw’s mission is to promote justice by illuminating truth.Live CohesityCohesity Cloud Services for GovernmentAuthorizedSaaSModerate2024-05-23SR24007Marlon Hughesstateramp@cohesity.comGovRAMP Approvals CommitteeCohesity Cloud Services for Government is a portfolio of fully-managed data
security and management offerings, including backup as a service (BaaS) for
protecting mission-critical cloud-native, SaaS, and on-premises workloads.
The multi-layered data security architecture, policy-based automation, and
global data reduction help secure and protect data, and simplify IT
operations. Flexible data retention and rapid recovery to any point in time
enable organizations to meet their demanding business SLAs and improve
ROI.Live DNAnexus, IncPlatformAuthorizedPaaSModerate2025-02-11SR24034SchellmanLoren Buhlelbuhle@dnanexus.comGovRAMP Approvals CommitteeThe DNAnexus Platform is a public cloud analysis and data management platform for processing high-throughput molecular data; for combining molecular, clinical, and real-world data to discover relationships relevant to patient and population health, precision medicine, drug discovery and regulatory approval; and for enabling a network of government, academic, and commercial collaborators to securely form research communities. DNAnexus presents a Platform-as-a-Service including a brandable, customizable web interface, and an API for integration with upstream and downstream systems such as Laboratory Information Management, Clinical Trial Management, Electronic Data Capture, and clinical interpretation and reporting systems.Identity and Access Management,Live AppianAppian CloudAuthorizedPaaS/SaaSModerate2023-01-05SR22018Coalfire Systems, Inc.Appian FedRAMP/GovRAMP Teamfedramp@appian.comGovRAMP Approvals CommitteeAppian software is delivered to the Appian Cloud through a Platform-as-a-Service (PaaS) model and leverages cloud-native robotic process automation (RPA), simplifying control management and reducing overhead for customers. Government agencies should consider the Appian Government Cloud (at Impact Level 5) for critical acquisitions, case management and logistics, especially when process and business rule complexities are high. The Appian Low-Code Platform unifies the key capabilities needed to get work done faster.Live Commvault Systems, Inc.CommvaultAuthorizedSaaSHigh2025-03-19SR24028CoalfireChris Hobertchobert@commvault.comGovRAMP Approvals CommitteeCommvault Cloud for Government delivers a fully automated cyber resilient SaaS data backup and recovery solution, with automated deployment, reduced overhead, automated patching and upgrades, continuous security monitoring, and requiring no Agency maintenance. Fully differentiated storage enables the move to cloud by providing the option to leverage cloud or on-premises storage within the web console for hybrid cloud workloads that require synchronization to sustain operational readiness and mission delivery. Live CloudflareCloudflare for GovernmentAuthorizedSaasModerate2026-04-08SR26002Schellman & CompanyAron Nakazatoaron@cloudflare.comGovRAMP Approvals CommitteeCloudflare, Inc. (www.cloudflare.com / @cloudflare) launched in 2010 and is on a mission to help build a better Internet. Cloudflare’s platform protects and accelerates any Internet application online without adding hardware, installing software, or changing a line of code. Internet properties powered by Cloudflare have all web traffic routed through its intelligent global network, which gets smarter with every request. As a result, they see significant improvement in performance and security, decreasing spam and other attacks.
Cloudflare’s architecture gives an integrated set of L3-L7 network services, all accessible from a single dashboard. It is designed to run every service on every server in every data center across our global network. The Cloudflare network runs in 250+ cities across 100+ countries. Our network interconnects with 10,000+ networks globally (major ISPs, cloud services, and enterprises). Cloudflare was built from the ground up to support the convergence of networking and security.

Cloudflare also delivers Zero Trust networking capabilities as part of our offering. Theses services address mandates in OMB Cloudflare delivers a natively integrated service with secure web gateway, remote browser isolation, firewall as a service, cloud access security broker, data loss protection, and SD-WAN functionality with single-pass inspection — all managed from the same UI.
We apply the same Zero Trust policies to all access decisions no matter where and how globally distributed users access the user/corporate environment — at home, on the road, or in the office.

Zero Trust Services:
Zero Trust Network Access (ZTNA) - zero trust as-a-service, create secure boundaries application(s) allowing access to resources after verifying identity, context and policy adherence of each specific request.
Remote Browser Isolation - fast & reliable solution for remote browsing, running all browser code in the cloud.
Secure Web Gateway (SWG) - web filtering and network security service which protects users and corporate data by inspecting user traffic, filtering and blocking malicious content, identifying compromised devices and using browser isolation technology to prevent malicious code from executing on user devices.
Cloudflare Tunnel - create encrypted tunnels between origin web servers and the closest Cloudflare Edge PoP without opening any public inbound ports.
Cloudflare Zero Trust - grouping of products: Access, Gateway, Browser Isolation, Cloudflare Tunnel.
Network Services:
WAN-as-a-Service - replaces legacy WAN architectures with Cloudflare’s network, providing global connectivity, cloud-based security, performance, and control through one simple user interface.
Firewall-as-a-Service - network-level firewall delivered through Cloudflare to secure the enterprise.
L3/L4 DDoS Protection - Cloudflare DDoS protection secures websites, applications and entire networks. Cloudflare’s 90Tbps network blocks an average of 87 billion threats per day.
Network Interconnect - directly connect on-prem networks to Cloudflare’s network
Application Services:
Web Application Firewall (WAF) with API protection - intelligent, integrated and scalable solution to protect critical web applications with no changes to your existing infrastructure.
Rate Limiting - protected against denial of service attacks, brute force login attempt and other types of abusive behavior targeting the application layer.
Load Balancing - improves application performance and availability by steering traffic from unhealthy origin servers and dynamically distributing it to the most available and responsive server pools.
Bot Management - manages good and bad bots in real-time. Helps prevent credential stuffing, content scraping, content spam, inventory hoarding, credit card stuffing and application DDoS.
L7 DDoS Protection - Cloudflare DDoS protection secures websites, applications and entire networks. Cloudflare’s 90Tbps network blocks an average of 87 billion threats per day.
Content Delivery Network (CDN) - ultra-fast static and dynamic content delivery over our global edge network. Provides users the ability to exercise precise control over how your content is cached, helps reduce bandwidth costs and take advantage of built-in unmetered DDoS protections.
Domain Name System (DNS) - enterprise-grade authoritative DNS service that offers the fastest response time, unparalleled redundancy and advanced security with built-in DDoS mitigation and DNSSEC.
SSL/TLS - Provides options for customers to ensure visitors are always accessing their website over a secure HTTPS connection.
SSL/TLS for SaaS - SSL and CDN for 3rd party hostnames.
Waiting Room - Protects origin server by preventing surges in legitimate traffic that may overload the origin
Edge Developer Platform:
Workers - provides a serverless execution environment that allows you to create entirely new applications or augment existing ones without configuring or maintaining infrastructure.
Workers KV – is a global, low-latency, key-value data store. It supports exceptionally high read volumes with low-latency, making it possible to build highly dynamic APIs and websites which respond as quickly as a cached static file would.
Durable Objects - provide low-latency coordination and consistent storage for the Workers platform through two features: global uniqueness and a transactional storage API.
Cloudflare Stream - Cloudflare Stream is an on-demand video platform that offers video encoding, storage, delivery and playback
Stream Delivery - Cache and deliver HTTP(S) video content, including adaptive bitrate formats to provide fast video delivery, with shorter video startup times and reduced buffering.
Cloudflare for SaaS - grouping of products: SSL/TLS, DDoS, WAF
Tiered Cache - Allows for only a few large, well-connected and geographically close colos to pull from the origin.
Analytics & Insights:
Analytics - Enables customers to access data from the Cloudflare Dashboard such as raw logs of HTTP requests for their domains.
Cloudflare Logs - Provides detailed logs of your HTTP requests that can be used to debug, identify configuration adjustments to improve performance and security, and create custom analytics.
Web Analytics - Provides essential stats on the usage of your website from our dashboard. See the top hostnames, URLs, countries, and other critical metrics like status codes. Filter based on any of various metrics with a click and see data that matters to you most. Investigate spikes in traffic by zooming into the relevant time range with a simple click.
Privacy & Compliance;
Data Localization - Set of products to maintain local control over traffic while retaining the security benefits of a global network. It consists of the following products for a subscriber's Enterprise zones:
Regional Services
Geo Key Manager
Keyless SSL ServicesLive FortinetFortiGuardAuthorizedSaaSModerate2025-04-11SR24041A-lignMike Lauermlauer@fortinet.comGovRAMP Approvals CommitteeFortiGuard service is an industry leading cybersecurity intelligence service. It delivers the latest threat intelligence with heightened efficacy against the most complex cyberthreats. FortiGuard service coordinates prevention, detection, and response in real time across organizations’ broader security infrastructure.Live DocuSignDocuSign Contract Lifecycle Managment (CLM)AuthorizedSaaSModerate2023-07-05SR22041BSchellman & CompanyRainer VillaMercadoRainer.Villamercado@docusign.comState of Arizona Department of Homeland SecurityDocuSign CLM is a secure contract lifecycle management product in DocuSign's Agreement Cloud. DocuSign CLM manages contracts in addition to all other types of documents across desktop, mobile, and partner applications like Salesforce. DocuSign CLM goes beyond standard document and contract management with advanced workflows that automate manual tasks and complex processes to speed time-to-revenue. Businesses use DocuSign CLM to optimize collaboration and processes across internal departments, as well as with prospects and customers.Live Innovative DrivenInnovative Driven Government CloudAuthorizedSaaS, IaaSModerate2022-08-022022-10-03SR22011LunarlineJamie Neilonjamie.neilon@id-edd.comGovRAMP Approvals CommitteeThe Innovative Driven Government Cloud (ID Gov-Cloud) is a Software as a Service (SaaS) offering that provides secure and scalable government legal document services within a compliant cloud environment. Built on industry-leading technologies Relativity and Nuix and paired with expert consulting, agencies can leverage the full scope of eDiscovery services within one scalable platform, including (but not limited to) processing, document review, advanced analytics, assisted review, legal hold services, and production.

Every service package is within a secure and user-friendly customer interface. Government agencies also gain the added capabilities of Innovative Discovery's government project management teams and optimal workflows, benefitting from years of experience supporting complex government electronic discovery requests.Live GovernmentJobs.com Inc, d/b/a NEOGOVNEOGOV CloudAuthorizedSaaSModerate2023-03-282025-01-14SR23002A-lignNEOGOV Information Security Teaminfosec@neogov.netGovRAMP Approvals CommitteeNEOGOV is a Software as a Service (SaaS) provider of cloud-based workforce management solutions, uniquely designed for the public sector, higher education, and public safety.

NEOGOV offers Human Capital Management (HCM), Human Resource Information System (HRIS), and Talent Management Software (TMS) solutions that empower government agencies to seamlessly source, recruit, hire, onboard, develop, and retain a high quality workforce. Additionally, NEOGOV’s public safety workforce management platform provides a secure, all-in-one solution for public safety agencies to meet the compliance needs and complexities of their industry, allowing them to also recruit the best talent in the shortest time, train teams, and manage policies effortlessly.

NEOGOV’s portfolio includes the following applications: Attract (Candidate Relationship Management - CRM), Insight (Applicant Tracking System), GovernmentJobs.com (Government Job Board), SchoolJobs.com (Education Job Board), Onboard (Employee Onboarding), Learn (Training Management), Perform (Performance Management), Ready (Field and New Role Training), Recall (Policy Training), eForms (Employee Document Management), Policy (Policy Management), Standards (Accreditation Management), CoreHR (Employee Lifecycle Management), Benefits (Benefit Plan Administration), Payroll (Pay & Tax Processing), Time & Attendance (Employee Time Tracking), Schedule (Personnel Scheduling), Engage (Community Outreach), Line (Public Safety Wellness App).
Identity and Access Management,Live Cisco Systems, Inc.Duo FederalAuthorizedSaaSModerate2024-01-22SR23048CoalfireEric WeissGovRAMP@cisco.comGovRAMP Approvals CommitteeDuo’s Federal Editions can verify the identity of users with secure and easy to use two-factor authentication methods that helps public sector entities satisfy NIST 800-63-3 and 53/63/171 authentication requirements. In addition to verifying users’ identities, Duo’s solution checks the security health of every device authenticating into the environment, at the time of access. Admins can use Duo to enforce stricter device and application access policies, such as blocking login requests based on location or anonymous networks. Duo ensures only trusted users and devices can access protected applications. This complete security solution prevents modern attackers that often target multiple areas - including credential theft and the exploitation of known software vulnerabilities affecting outdated software versions.Live Continuum GRC, Inc.Continuum GRC ITAMAuthorizedSaaSModerate2022-02-112022-04-20SR21041Sentar, Inc. Michael Petersmichael.peters@continuumgrc.comGovRAMP Approvals CommitteeAuto-mapped standards, automated documentation, real-time status, risk & maturity. When it comes to Compliance Cartography, no one is more comprehensive, secure and automated, saving you time, trouble and money. Serving the enterprise to the start-up community. Continuum GRC is a software as a service (SaaS) product that is purpose built for users who perform audit & compliance assessments, risk assessment & risk management, governance & policy development, and all other manner of audits and assessments.

Continuum GRC modules include support for the world’s frameworks, including NIST 800-53. DoD SRG, CMMC, 800-171, 800-66, 800-30, FedRAMP, StateRAMP, CJIS, DFARS, HIPAA, ITRM, AICPA SOC 1, SOC 2, GDPR, ISO 27001, NERC CIP, EUCS, C5, PCI DSS, LADMF and hundreds of others.

In addition to pre-configured questionnaires, assessment modules, and forms, the Continuum GRC ITAM SaaS application has creation tools that provide drag-n-drop easy custom creation for system administrators to construct their own assessment modules in 26 languages. Real time reports on Compliance Status, Risk Scores, Maturity Scores, workflows, tasking records, evidence management, and historical performance helping you stay proactive; not reactive.

Use Continuum GRC to replace existing tools, templates, and manual processes in place to support internal compliance and GRC requirements. The automation of Continuum GRC reduces manual labor, complexity of and between frameworks, produces reports, SSPs, POA&Ms, graphics, dashboards, and related outputs all sustained over the entire lifecycle of the program all within a single view with a unified source for governance, risk and compliance that supercharges performance and eliminates complexity. For a complete list of features and capabilities, please visit https://continuumgrc.com/subscription-options/Live FortinetFortiCareAuthorizedSaaSModerate2025-04-11SR24040A-lignMike Lauermlauer@fortinet.comGovRAMP Approvals CommitteeFortinet's StateRAMP FortiCare portal is designed for Fortinet's StateRAMP customers to access their assets, updates, and support resources. Customers can use FortiCare to manage their user accounts and linked contacts and access the support services.Live Druva Inc. Druva Data Resiliency CloudAuthorizedSaaSModerate2023-03-27SR22021CoalfireBalaji Kalyanasundarambalajik@druva.comGovRAMP Approvals CommitteeDruva is a leading provider of data security and cyber resilience solutions, delivering a true cloud-native, fully managed SaaS platform for secure, air-gapped, zero trust, and immutable data protection across cloud, on-premises, and edge environments. Leveraging AWS GovCloud, Druva’s FedRAMP-authorized solution provides secure backup and disaster recovery while meeting strict U.S. government compliance standards. By centralizing data protection in a single platform, Druva strengthens incident response, cyber remediation, ransomware recovery and governance to help organizations reduce risk, cut costs, and simplify operations. Live ibossiboss Government Cloud Platform (IGCP)AuthorizedSaaSModerate2023-07-24SR23024A-LignHeath Crockerheath.crocker@iboss.comGovRAMP Approvals CommitteeWith over 4,000 customers, including the largest government, financial, insurance, energy and technology organizations, iboss enables government to reduce cyber risk by delivering a FedRAMP Authorized Zero Trust Secure Service Edge that protects resources and users from wherever they work. iboss delivers security capabilities such as SWG, malware defense, browser isolation, CASB and data loss prevention within a completely unified cloud platform to protect all resources, instantaneously and at scale. This shifts the focus from protecting buildings to protecting people and resources wherever they are located. Backed by 230+ issued and pending patents, iboss processes and secures over 150 billion daily network transactions globally, blocking 4 billion threats per day. The iboss Government Cloud Platform enables federal agencies to migrate rapidly into a Zero Trust architecture as mandated by the Presidential Executive Order on Cyber. Jump-start your transformational journey and experience the future of Zero Trust cloud security today. Visit http://www.iboss.com to learn more.Customer Management and Experience Solutions,Live Movius Interactive CorporationMovius MultiLineAuthorizedSaaSModerate2026-01-29SR24084A-LIGNAmit Modiamit.modi@movius.aiGovRAMP Approvals CommitteeThe Movius solution offers scalable and secure communications as a service (SCAAS) for Bring Your Own Approved Device (BYOAD) devices as well as government issued cell phone programs.
The MultiLine platform and solution offer application based or native experiences, that allow users to call and message through a secure business identity across any device, carrier, and connection type (Wi-Fi, Data, GSM, Satellite and Private). Movius MultiLine supports built-in recording and call/message capture, and storage for the entire workforce enabling surveillance, regulatory reporting, compliance management, and robust application security. The solution also enables work personal separation and drives productivity.Customer Management and Experience Solutions,Communications Systems,Live DocuSignDocuSign eSignatureAuthorizedSaaSModerate2023-07-05SR22041Schellman & CompanyRainer VillaMercadorainer.villamercado@docusign.comState of Arizona Department of Homeland SecurityDocuSign is a San Francisco- and Seattle-based company that provides electronic signature technology and Digital Transaction Management services to facilitate electronic exchanges of contracts and signed documents. DocuSign’s features include authentication services, user identity management and workflow automation. Signatures processed by DocuSign are comparable to traditional signatures based on the product's compliance with the ESIGN Act as well as the European Union’s Directive 1999/93/EC on electronic signatures. DocuSign eSign for government entities is operated and managed as a government community cloud and provides government customers with an enterprise signing service to facilitate paperless workflow management.Live Cisco Systems, Inc. CloudlockAuthorizedSaaSModerate2024-02-26SR23049SchellmanEric WeissGovRAMP@cisco.comGovRAMP Approvals CommitteeCisco Cloudlock is the cloud-native Cloud Access Security Broker (CASB) that helps accelerate use of the cloud. Cisco Cloudlock secures your cloud users, data, and apps, combating account compromises, data breaches, and cloud app ecosystem risks, while facilitating compliance through a simple, open, and automated API-driven approach. Cisco Cloudlock is a simple, open, and automated solution that combats cloud account compromises, malicious insiders, data breaches, compliance violations, and cloud app ecosystem risks. With crowd-sourced security analytics across billions of data points, advanced machine learning, and the data scientist-led CyberLab, Cisco Cloudlock provides actionable cybersecurity intelligence that provides visibility and control over the most critical cloud security risks.
Cloud User Security: Cross-platform User and Entity Behavior Analytics (UEBA) for SaaS, IaaS, PaaS, and IDaaS environments leverages advanced machine learning algorithms to detect anomalies. Cloudlock can also detect activities outside of whitelisted countries and actions across distances at impossible speeds. **Cloud Data Security:** Cloud Data Loss Prevention (DLP) continuously monitors cloud environments to detect and secure sensitive information through countless out-of-the-box policies as well as highly-tunable custom policies. Automated response actions can remediate risk in the event of a policy violation, including end-user notifications, encryption, transfer of ownership, quarantine, and more.
Cloud App Security: The Cisco Cloudlock Apps Firewall discovers cloud apps connected via OAuth to your corporate environment, and provides a crowd-sourced Community Trust Rating for individual apps, as well as the ability to ban or whitelist them based on risk profile and access scope, increase employee awareness with email alerts, and revoke apps in bulk across the entire user base.Document Management,Network Security,Live Hewlett Packard Enterprise (HPE)HPE MistAuthorizedSaaSModerate2024-01-22SR23032A-LignMarquel Waitesmist-security@juniper.netGovRAMP Approvals CommitteeHPE Mist Government Cloud uses a combination of artificial intelligence, machine learning, and data science techniques to optimize user experiences and simplify operations across the wireless, wired, and SD-WAN branch and campus environments. Data is ingested from numerous sources, including HPE Access Points, Switches, Session Smart Routers (SSR), and Firewalls (SRX) for end-to-end insight into user experiences. These devices work in concert with Mist AI to optimize user experiences from client to cloud, including automated event correlation, root cause identification, Self-Driving Network™ operations, network assurance, proactive anomaly detection, and more. HPE also leverages Mist AI for next-generation customer support. For example, it is the foundational element behind Marvis, the industry’s first AI-driven Virtual Network Assistant, providing extensive insight and guidance to IT staff via a natural language conversational interface. As a result, Mist AI saves operators time and money with faster problem resolution and fewer onsite visits. In addition, users benefit from a network infrastructure that is more predictable, reliable, and measurable.

Marvis Virtual Network Assistant is the first virtual network assistant (VNA) purpose-built with Mist AI for enterprise WLANs, LANs, and WANs. It transforms network operations from reactive troubleshooting to proactive remediation through self-driving actions.

HPE Mist Wi-Fi Assurance service is based on machine learning and driven by Mist AI. It replaces manual troubleshooting tasks with automated wireless operations to make Wi-Fi predictable, reliable, and measurable, providing unique visibility into user service levels.

HPE Mist Wired Assurance service brings Mist AI to switching. It sets a new network management standard with AI-driven operations and automation, improving the experiences of devices connected to resources through Juniper EX/QFX Series Ethernet Switches for branch and campus deployments.

HPE Mist WAN Assurance service simplifies operations and improves visibility into end-user experiences while shortening the time to repair wired and wireless devices.

Premium Analytics offers network visibility and business intelligence to drive your digital transformation journey.Live Orca Security, Inc.Orca Cloud Security PlatformAuthorizedSaaSModerate2024-07-08SR24006FortreumLouis Simonenlouis@orca.securityGovRAMP Approvals CommitteeOrca Security provides an agentless Cloud Security Platform that discovers all cloud assets, and identifies, prioritizes, and remediates risks and compliance issues across your cloud environments. The platform detects cloud risks, including vulnerabilities, malware, misconfigurations, API risks, lateral movement risks, weak and leaked passwords, and overly permissive identities. Orca deploys in minutes, provides visibility into all your assets, and automatically includes new assets as they are added.
The Orca Platform helps federal agencies and contractors achieve regulatory compliance with over 65 out-of-the-box frameworks, CIS Benchmarks, and custom compliance checks. Leveraging a Unified Data Model, Orca performs contextual analysis of all the risks in your cloud estate, uncovering potential attack paths (with references to the MITRE ATT&CK framework), enabling rapid identification of which risks present the highest danger to mission data and security objectives.Live EncouraEncoura ReachAuthorizedSaaSModerate2024-08-20SR26004A-LignNicole AndersonNicole.Anderson@encoura.orgGovRAMP Approvals CommitteeEncoura Reach is a solution for reaching across campus, from admissions to student success to alumni engagement. It guides and encourages an individual along their experience with the institution. The experience becomes a collection of interactions, building the unique story that each person’s journey tells. Institutions use those interactions, combined with the data gathered, to strengthen connections with their community in a personalized way. With powerful insights from that data, institutions can be strategic and agile in making the decisions that make a difference in bringing in the next class, driving retention initiatives, and meeting advancement goals. Anthology® Reach combines Anthology’s deep CRM solutions expertise with Microsoft’s application and cloud infrastructure to deliver a system of intelligence for higher education.Live Kelmar AssociatesKAPSAuthorizedSaaSModerate2024-09-17SR24009Securisea, Inc.Jon Doughertyjon.dougherty@kelmarassoc.comGovRAMP Approvals CommitteeKAPS is delivered by Kelmar as a software-as-a-service solution. KAPS builds on three generations of unclaimed property systems and utilizes the latest technology advancements to provide a cost effective, highly scalable, configurable unclaimed property management solution for state governments. KAPS allows unclaimed property government agencies to automate and efficiently administer aspects of their programs utilizing a business intelligence platform that is user friendly and intuitive. KAPS provides complete on-screen capabilities to manage the entire unclaimed property process from the initial loading of reports and receipts to the ultimate payment of successful claims. KAPS features management tools for: Administrative and Workflow handling
Holder Reports
Receipts Processing
Securities
Tangible Property
Claims
Owner Outreach
Holder Compliance
and Reporting. KAPS also integrates with additional Kelmar offerings inclusive of Kelmar’s State Website Solution
Claims Fast Track Integration and Identification Verification
Kelmar’s Fraud Index and related LexisNexis® ThreatMetrix® Solution.Live 3rd Eye TechnologiesMystic Message ArchivalAuthorizedSaaSModerate2025-10-20SR24054A-lignNicholas Alexnalex@t3rdeyetech.comGovRAMP Approvals CommitteeMystic Message Archival provides capture and archiving of SMS/MMS data through encrypted channels receiving data directly from cellular carriers. The data is stored on behalf of the agency it is being collected for in an encrypted content and data storage for retention based on each agencies policies. APIs make it possible to retrieve this data for later usage. All data is only accessibly by authorized personnel of each agency. Data is also exportable through a user interface which requires authentication through an identity management system vetted by each agency. Data is not accessible by anyone beyond the agencies scope and access is protected through whitelisting of IP addresses and firewalls at a network level. The authorization boundary is what dictates the realm of what is accessible in our platform. Live PSI Services LLCGov Secure CloudAuthorizedSaaSModerate2026-04-15SR24077Schellman & CompanyDrew Ellisdrew.ellis@psionline.comGovRAMP Approvals CommitteeEducation: Test and Certification development, proctoring, and delivery platform.Infrastructure,Live Omnissa Inc.Omnissa Government Services - Workspace ONEAuthorizedSaaSHigh2026-03-24SR25094FortreumPhilip Hicksonphickson@omnissa.comGovRAMP Approvals CommitteeWorkspace ONE (WS1) is delivered as a SaaS offering using a multi-tenant Hybrid cloud computing environment.
WS1 provides industry-leading mobile device, email, application, content, and browser management solutions, allowing organizations to easily deploy, configure, secure, manage and support smartphones, tablets, laptops and other devices across multiple mobile applications and operating systems.Live OracleOracle Cloud Infrastructure Government CloudAuthorizedIaaS, PaasHigh2024-06-24SR23081CoalfireRico McGeerico.mcgee@oracle.comGovRAMP Approvals CommitteeOracle Cloud Infrastructure is a set of complementary cloud services that enable you to build and run a wide range of applications and services in a highly available hosted environment. Oracle GovCloud Infrastructure (OCI) offers high-performance compute capabilities (as physical hardware instances) and storage capacity in a flexible overlay virtual network that is securely accessible from your on-premises network.
Live Cisco Systems, Inc. Security Cloud for GovernmentAuthorizedSaaSModerate2024-01-22SR23050CoalfireEric WeissGovRAMP@cisco.comGovRAMP Approvals CommitteeCisco Security Cloud for Government provides cloud-based security solutions with multiple component products.

Cisco Secure Access for Government
Cisco Secure Access for Government is a comprehensive Security Service Edge solution that empowers Federal, State, and Local agencies to secure their workforce and data, simplify operations, and advance their mission with confidence. Its adaptive security capabilities, powered by Cisco Talos and AI, enable real-time threat detection, behavioral analysis, and predictive defense—ensuring proactive protection of your people and data against evolving cyber risks. With a comprehensive zero trust approach and a unique unified client, users gain seamless, secure access to critical applications across devices and locations—without compromising usability or performance.
IT teams benefit from a single platform that centralizes management, streamlines policy enforcement, and reduces overhead. AI-driven automation accelerates response times and reduces human error, while FedRAMP-moderate integrations with solutions like Duo and Cisco SD-WAN will enable a compliant, Zero Trust architecture tailored for public sector needs.
Cloud-native and continuously updated, Cisco Secure Access removes hardware complexity and scales effortlessly to meet the demands of dynamic government environments. The result: stronger security, improved user experience, and simplified operations—all built to protect the mission and serve the public.
• Secure Access for Government includes the following: Secure Internet Access (SIA) and Secure Private Access (SPA). Both products have Essentials and Advantage SKUs.
• Offers robust protection against modern-day cyber threats through Zero Trust Network Access, DNS security, Secure Web Gateway (SWG), Data Loss Prevention (DLP), Cloud-Delivered      Firewall (FWaaS), Cloud Access Security Broker (CASB), VPN as-a-Service (VPNaaS), Advanced Malware Protection, and Talos® Threat Intelligence capabilities.
• Extends DNS security with an Integration with the Cybersecurity and Infrastructure Security Agency (CISA’s) Protective DNS (PDNS).
• When integrated with Catalyst® SD-WAN it forms a complete SASE solution. Integration with Catalyst SD-WAN is coming in Q2 FY26.
• Offers protection through Federal Information Processing Standard (FIPS)-compliant* client binaries for roaming devices and mobile devices
• Remote Browser Isolation (RBI) included .

Cisco Umbrella for Government
Cisco Umbrella for Government delivers advanced, cloud-native cybersecurity, ensuring protection and compliance for government agencies to support their mission. It significantly uplevels government cybersecurity, offering comprehensive protection that meets the unique needs of government agencies.
Cisco Umbrella for Government provides a comprehensive security suite with DNS-layer security and Secure Internet Gateway (SIG) capabilities, such as secure web gateway (SWG) , cloud-delivered firewall and intrusion prevention (Snort IPS), cloud access security broker (CASB), and data loss prevention (DLP), and integration with CISA Protective DNS. The feature set is comparable to the Cisco Umbrella product in use by over 30,000 Enterprise customers.
Cisco Secure Access for Government includes more robust SSE capabilities than Cisco Umbrella for Government. Agencies looking for ZTNA and a high-performance architecture should choose Secure Access for Government.
Cisco Secure Cloud Control - Firewall Management for Government
Cisco Security Cloud Control - Firewall Management for Government delivers cloud-native firewall policy and device management through a unified management plane accessible through an intuitive web-based console. It enables centralized, scalable, and secure orchestration of Cisco next-generation firewalls (NGFWs) — including ASA and Secure Firewall Threat Defense (FTD) devices — across hybrid, cloud, and on-premises environments. With real-time visibility into traffic and threats, automated policy and object updates, and zero-touch provisioning for remote deployments - Security Cloud Control Firewall Management for Government reduces operational complexity for IT teams while strengthening cyber resilience and enabling secure modernization across mission-critical infrastructure.
Cisco Multicloud Defense for Government
Cisco Multicloud Defense for Government is designed to provide consistent, automated protection across multicloud environments, including AWS, Azure, GCP, and OCI. It integrates network security with multicloud networking, offering multi-directional protection to stop inbound attacks, prevent lateral movement, and block data exfiltration. With its centralized SaaS control plane, Cisco Multicloud Defense simplifies security management, enabling organizations to create and enforce unified security policies across all cloud environments in real-time. By leveraging advanced features such as dynamic policy management, continuous asset discovery, and automation, Cisco Multicloud Defense empowers organizations to reduce complexity, enhance operational efficiency, and maintain robust security across their multi-cloud infrastructure.Live MapLarge, INCMapLargeAuthorizedSaaSModerate2024-09-17SR24013A-LignMarvell Summerowmarvell.summerow@maplarge.comGovRAMP Approvals CommitteeMapLarge provides software for location intelligence analysis that runs on servers either in the cloud or on premise. MapLarge user interfaces accessed by users in web browsers or native applications on any desktop of mobile device. Customers are typically large enterprises that build their own custom
solutions on top of MapLarge in a wide variety of use cases ranging from visualizing business trends, to planning flight paths, to global situational awareness for large security teams.
MapLarge supports data import, editing, visualization and alerting based on a wide variety of data sources including both flat files, real time streaming connections and numerous other industry specific like ArcGIS data connectors.
MapLarge processes customer data that may take any form supported by the product but typically has one or more location intelligence attributes like latitude and longitude or street address. Customer data can be visualized in a wide variety of ways including as maps, charts, lists, or exported as Portable Document Formats (PDFs), images or data files.Live San Luis Aviation, Inc. dba ESChatESChat for GovernmentAuthorizedSaasModerate2026-03-12SR25093LunarlineJosh Loberjosh.lober@eschat.comGovRAMP Approvals CommitteeESChat for Government is a hardened version of the ESChat broadband communication, collaboration, and interoperability platform. ESChat is a Secure Broadband Push-to-Talk (PTT) communication system that facilitates secure inter-agency PTT communication, multimedia messaging, and a Common Operating Picture (COP) within and between agencies for mutual-aid or tactical purposes. ESChat for Government also supports external interfaces including Land Mobile Radio (LMR), dispatch consoles, and logging recorders

There are three main components that make up this offering:

- The ESChat portal is a browser-based application which allows customers to manage all aspects of their network including managing accounts, devices, groups, integrations,live and historical location display, etc.
- The ESChat clients are mobile applications (Android, iOS, Linux), Land Mobile Radio (LMR) gateways, and PC Client applications that communicate using the ESChat protocol. The ESChat clients are the functional endpoints that the users of the system interact with to perform Push-to-Talk voice and multimedia messaging communications with one another.
- The ESChat back-end services provide ESChat users with inter-carrier, inter-agency, inter-system, and inter-vendor interoperability all managed and controlled within the authorization boundary, ensuring ESChat is the only solution needed to provide reliable, secure, and interoperable communications.Live Motorola SolutionsMotorola Solutions Federal CloudAuthorizedSaaSHigh2024-03-01SR23055Kratos DefenseMSFC Compliance TeamMSIFedRAMPCompliance@motorolasolutions.comGovRAMP Approvals Committee Motorola Solutions is expanding its “Mission Critical Ecosystem” which consists of a suite of software and technology that supports mission critical communications in evolving ways and that provides fast access to actionable information. The purpose of the Motorola Solutions Federal Cloud (MSFC) is to serve as the platform upon which the applications and solutions that are part of this Mission Critical Ecosystem will securely operate to provide our U.S. state and local users with enhanced capabilities. Primary to our cloud offering as our initial secure cloud application is the APX NEXT smart radio, a next-generation P25 platform purpose-built for first responders to access and act on information while maintaining focus in critical situations. The Motorola Solutions Federal Cloud enables APX NEXT and additional SaaS services to provide new Common Operating Picture (COP) capabilities to U.S. state and local users, law enforcement officers (LEOs), first responders, and public safety personnel in the field with a new ownership experience to operations and support personnel. The underlying Motorola Solutions Federal Cloud architecture is reinforced by a modern and comprehensive application of security technology. Once deployed, our cloud services production systems are monitored 24x7x365 by Motorola Solutions’ Security Operations Center using state-of-the-art Security Information and Event Management (SIEM) technology.Live PearsonEvaluation SystemsAuthorizedSaaSModerate2024-08-20SR24020360AdvancedJerry DeLucaevaluationsystems@pearson.comGovRAMP Approvals CommitteeEvaluation Systems designs, develops, scores, and reports results for high-stakes PK-12 educator and school administrator certification assessments. The assessments cover both pedagogy and content relevant to a given field and give candidates the opportunity to demonstrate what they know and can do.Cloud Services,Live Cloudera Cloudera for GovernmentAuthorizedPaaSModerate2025-08-08SR24010CoalfireCloudera Government Solutionsgovernment@cloudera.comGovRAMP Approvals CommitteeCloudera for Government is a secure and governed cloud service platform that offers a broad set of enterprise data cloud services with data analytics and artificial intelligence functionality. With Cloudera for Government, users can create and manage secure data lakes, self-service analytics, and machine learning services without installing and managing the data platform software. Cloudera for Government services are managed by Cloudera, but the customer’s data remains under their control in their AWS cloud account.
Cloudera for Government lets customers:
• Control cloud costs by automatically spinning up workloads when needed, scaling them as the load changes over time, and suspending their operation when complete.
• Isolate and control workloads based on user type, workload type, and workload priority.
• Combat proliferating silos and centrally control customer and operational data across multi-cloud and hybrid environments.Cloud Services,Document Management,Live SailPoint Technologies, Inc.SailPoint Identity Security CloudAuthorizedSaaSModerate2025-05-13SR24042FortreumAnnette Lamannette.lam@sailpoint.comGovRAMP Approvals CommitteeSailPoint Identity Security Cloud is a SaaS-based multi-tenant solution that enables organizations to manage and secure real-time access to critical data, applications, and systems for every enterprise identity with an intelligent and unified approach designed with advanced AI capabilities, a centralized data model, and robust workflows. The solution provides the tools and insights for agencies to meet complex compliance requirements and manage risky access to improve security posture.Live Knowledge ServicesdotStaffAuthorizedSaaSModerate2025-09-15SR24076FortreumMatt Ferguson mattf@knowledgeservices.comGovRAMP Approvals CommitteedotStaff is delivered as a SaaS offering using a multi-tenant SaaS cloud computing environment. Knowledge Services dotStaff is a Software as a Service (SaaS) offering that includes a Vendor Management System and a Survey Management module. The dotStaff Vendor Management System allows for organizations to manage the contractor life cycle, statement of work bidding, tracking, and selection where contingent or temporary labor is used. Government customers enter position requisitions or projects that are viewable by Contractors, who can submit responsive bids. Activity associated with the winning bid is entered, tracked, and reported. The Survey Management module provides survey automation capabilities, and can be configured to survey certain locations, property types and/or resident classifications. Customers can send survey links, schedule face to face interviews, request information through the Survey Management module.
SURVEY MANAGEMENT
The dotStaff Survey module delivers real-time, automated surveys which enhance access to actionable data. The module automates and improves the performance of in-person, mobile, web-based, and telephone surveys, including scheduling and data reporting.
VENDOR/CONSORTIUM MANAGEMENT
The dotStaff Vendor Management System allows for organizations to manage the contractor life cycle, statement of work bidding, tracking, and selection where contingent or temporary labor is used.
FIELD BASED/MOBILE WORKER MANAGEMENT
All services allow field-based and mobile workforce support through the dotStaff application.
FORMS
dotStaff Forms is utilized for the creation, submission, approval, and management of customized forms. Form submissions can be tracked via a submission tracking page where forms can be assigned a status, have permissions granted, add notes, and download as PDF. In addition, dotStaff Forms allows users to setup workflows to run automatically based on user defined set of criteria. Users with appropriate permissions can view workflow history, check the status of a workflow, and edit/configure workflows.Access Management,Live OPEXUSGovernment Cloud Solutions (OGCS)AuthorizedSaaSModerate2023-07-24SR22010Schellman Compliance LLCCasepoint Compliance Teamiscompliance@casepoint.comGovRAMP Approvals CommitteeeCase is a dynamic case management and rapid application development platform that empowers professionals to elevate trust in public institutions. With secure and collaborative information and document management, robust reporting, adaptive workflows, role-based security, and comprehensive audit trail capabilities, eCase helps public sector clients automate processes, reduce costs, improve transparency, and ultimately achieve better outcomes with less risk while maintaining compliance within demanding regulatory environments. eCase and eCase COTS solutions (including FOIAXpress Correspondence, OIG Audits and Investigations, and Government Workforce Management) are FedRAMP-moderate certified PaaS/SaaS. For more information, visit opexustech.com.Live TenableTenable Government SolutionsAuthorizedSaaSModerate2022-02-112025-09-15SR21039EmagineITInfoSec-Compliancecompliance@tenable.comGovRAMP Approvals CommitteeTenable One for Government is a SaaS platform that protects customers from advanced attacks by providing visibility into and assessment of the entire attack surface spanning IT, cloud, identities, hybrid apps, OT, IoT and unseen assets. The platform includes vulnerability management and enumeration, compliance management, cyber risk analysis and inventory capabilities. Included in this platform are Tenable Vulnerability Management FedRAMP, Tenable Web App Scanning FedRAMP, Tenable Identity Exposure (on-prem), Tenable Cloud Security FedRAMP (in process), Tenable OT Security (on-prem), Asset Inventory FedRAMP and Lumin Exposure View FedRAMP. These Tenable solutions can be licensed as part of Tenable One for Government, or individually to meet customers' unique requirements.Live PowerTrain, IncGovernment Learning Enclave (GLE)AuthorizedSaaSModerate2025-12-17SR24049SchellmanKate Sullivanksullivan@powertrain.comGovRAMP Approvals CommitteeSoftware as a Service (SaaS) for the PowerTrain State Learning Enclave (SLE) supporting training and on-line system delivery, tracking, and reporting as well as a range of human capital solutions. StateRAMP product offerings include:
Learning eXperience Platform (LXP) - Full Learning Management System (LMS) based on Moodle ™ - LXPgov – LMS Express - Custom modules to support government agencies including Single Sign-On, Two-Factor Authentication, registration, wait list, and enhanced reporting - Content Management System (CMS) - Learning Record Store (LRS) connected to learning activities and integrated with the LMS via xAPI - Additional Secure on-line applications including: - Event Registration System - Career Mapping Tool - Talent Management System (TMS) - Competency Management - Reporting Tool - Testing System Survey Tool.Live NCSBNNursys, ORBS, NCSBN PassportAuthorizedSaaSModerate2025-01-13SR24030A-LignTammy Spanglertspangler@ncsbn.orgGovRAMP Approvals CommitteeNursys (nursys.org) is a comprehensive electronic information system designed for use by US state and territorial boards of nursing (BONs) that enables the collection and storage of nurse personal information, licensing information, disciplinary information and license verifications. BONs that participate in Nursys are able to view discipline and licensure details that other BONs add (with certain limitations). BONs designate what data is publicly available on NCSBN's Nursys.com website for employers and others to verify the status of nursing licenses. As of August 3, 2023, 59 BONs use Nursys.
The Optimal Regulatory Board System (ORBS) (various websites) is a turnkey solution for license management and discipline enforcement across the lifespan of a nurse. It provides modules for licensing, discipline and education program management functions while efficiently reducing the operational processes at BONs. As of August 3, 2023, 16 BONs use ORBS as their licensure management system.
NCSBN Passport (passport.ncsbn.org) is NCSBN's identity management system that provides BONs access to all NCSBN websites and applications. BON administrators create, manage and deactivate user accounts for their BONs. Administrators provide access rights to Nursys and ORBS application using the Passport system. As of August 3, 2023, 59 BONs utilize Passport.Live KahuaKahua Federal NetworkAuthorizedSaaSModerate2023-12-05SR23038Schellman & CompanyColin Whitlatchcwhitlatch@kahua.comGovRAMP Approvals CommitteeGovernment, contractors and public entities use Kahua`s collaborative construction management solutions to improve efficiency, lower costs and reduce project risk throughout the lifecycle of their capital programs. Kahua’s purpose-built solutions for government, program managers and contractors enable rapid implementation that minimizes time-to-value and enhances user adoption. And with the industry’s only low-code application platform agencies can easily customize existing Kahua apps or even build their own new apps to run their programs and projects at peak efficiency today and rapidly adapt as conditions dictate.Access Management,Live Geographic Solutions, Inc.VOS SapphireAuthorizedSaaSModerate2025-01-14SR24012A-LignFelipe Medinafmedina@geosolinc.comArizona Department of Homeland SecurityThe VOS Sapphire® software suite is the only fully integrated workforce system in the country that provides universal employment, unemployment and case management solutions for job seekers, employers, service providers, and state and local agency staff. Offered as a web-based solution to enhance service delivery and employment outcomes, each module has been designed specifically to meet the diverse needs of American Job Centers, economic development agencies, unemployment insurance entities, human service and vocational rehabilitation agencies, correctional and educational institutions. VOS Sapphire® effectively manages all federally funded workforce benefit programs, labor exchange, case management, job aggregation, labor marketing information, service and fund tracking, human services, vocational rehabilitation federal reporting, and unemployment insurance benefits and tax. Flagship products/modules within VOS Sapphire® software suite include Virtual OneStop (VOS)®, VOS Sapphire AI®, Virtual LMI®, Virtual OneStop Reentry Employment Opportunities(VOS REO), America’s Labor Market Analyzer (ALMA)®, America’s Virtual OneStop®, Virtual Career Center (VCC), Reemployment Exchange®(REX), VOSGreeter®, VOScan®, VOSMeets, My Jobs Library, Virtual Job Fair, VOS Flex Pro, and the Geographic Solutions Unemployment System (GUS)®Cloud Security,Live SentinelOneSentinelOne Singularity PlatformAuthorizedSaaSHigh2025-12-04SR24061Schellman & CompanyEddie Baezeddie.baez@sentinelone.comGovRAMP Approvals CommitteeThe SentinelOne Singularity platform is a unified, cloud-delivered security platform that provides customers with automation, endpoint detection and response and security information and event management (SIEM) capabilities integrated with a unified data lake to ingest and centralize structured and unstructured data. SentinelOne leverages advanced machine learning algorithms and behavioral AI to analyze and automatically contextualize endpoint data collected across Windows, macOS, Linux, and Cloud Workloads. Data is contextualized and correlated into our patented Storylines technology, which accelerates triage and reduces mean time to detect/respond. Data is organized into a cohesive threat narrative which allows analysts to easily identify threat-related events as well as pivot and hunt to scope threat tactics, techniques, and impact. This gives our customers the ability to quickly stop ransomware and cyber attacks at machine speed with 1-click automated remediation and rollback of malicious activities and changes. Additionally, SentinelOne offers world-class managed detection and response (MDR), digital forensics and incident response (DFIR), and threat hunting services. Our MDR service not only augments security teams by triaging active or suspicious alerts and mitigating and blocking threats as needed, but also keeps them informed and protected from global advanced persistent threat (APT) campaigns, novel attacker techniques, and emerging trends in cybercrime with included threat hunting services. Customers can also call on SentinelOne’s integrated DFIR team for deeper forensic analysis of an event and assistance with incident response.Live Telos CorporationXacta SaaSAuthorizedSaaSHigh2025-01-14SR24027SecureITMichael McGeheemichael.mcgehee@telos.comGovRAMP Approvals CommitteeXacta® is the premier IT risk management and compliance solution, bringing meaningful insights to IT security specialists, CISOs, and other decision-makers who need to operationalize key security risk and compliance frameworks. The SaaS instance of Xacta offers a vast knowledgebase of thousands of individual security requirements and associated test procedures, organized and cross-referenced into more than 100 security policies and standards to produce artifacts in traditional office documents and digital formats like Open Security Controls Assessment Language (OSCAL).Live Fortra, LLCFortra Managed Web Application Firewall (WAF)AuthorizedSaaSModerate2026-02-23SR24090A-LIGNJeff Stoksjeff.stoks@fortra.comGovRAMP Approvals CommitteeFortra Managed WAF provides proactive web application and API security without the complexity of managing it yourself. With our fully managed, enterprise-level, cloud ready WAF, you have 24/7 SOC support that continuously tracks and blocks web app exploits from known and unknown threats.
Fortra Managed WAF delivers precise, adaptive security powered by machine learning, real-time threat intelligence, and expert oversight.
We build tailored traffic profiles for your unique environment, refined in detect mode to ensure high-fidelity protection and block malicious traffic without disrupting legitimate users or business operations. With dynamic IP reputation and real-time trust scoring, you’ll gain deep visibility and control over your application traffic.Live Proofpoint, Inc.Proofpoint Email and Information Protection ServiceAuthorizedSaaSModerate2022-09-282025-02-11SR22005SchellmanTariq Iqbaltiqbal@proofpoint.comGovRAMP Approvals CommitteeThe Proofpoint Email and Information Protection Service is a powerful cloud email security service that integrates threat protection, virus protection, spam detection, message encryption, data loss prevention (DLP), and digital asset protection technologies into an extensible message management platform. The service is designed to fit easily into existing messaging infrastructure, providing efficient performance, accurate message analysis, and a web-based interface for reporting, configuration, and management tasks.Live Rackspace TechnologyRackspace Government CloudAuthorizedPaaSModerate2024-11-20SR22022SchellmanAbel Sanchezabel.sanchez@rackspace.comGovRAMP Approvals CommitteeRackspace Government Cloud (RGC) is purpose-built to help organizations achieve Assessment & Authorization faster and with cost savings of up to 70%. The platform is designed to support a government agency, systems integrator, or independent software vendor. Rackspace Government Cloud (RGC) wraps VMware and AWS in a secure-by-design management platform to meet the compliance requirements for FedRAMP and DoD Cloud Computing SRG. Customer solutions are deployed and managed in secured enclaves within US Rackspace datacenters and/or AWS East/West and GovCloud. Customers are provided with dedicated application stacks to maintain data security at the necessary levels. All this is backed by a 24x7x365 U.S. only support model that allows Rackspace to provide the highest levels of assurance and security to our government customers.Live GenesysGenesys Cloud CXAuthorizedSaaSModerate2023-11-29SR23014CoalfireRichard BrownFedrampgccx@genesys.comGovRAMP Approvals CommitteeGenesys Cloud™ is an AI-powered experience orchestration platform with a full suite of omnichannel contact center capabilities, built-in workforce engagement management (WEM) and artificial intelligence (AI). It is available to the public, federal, state, local, and tribal governments, as well as research institutions, federal contractors and government contractors.

Features and capabilities include:

All-in-One open platform - Genesys Cloud is a multi-tenant SaaS offering with a comprehensive set of native Contact Center-as-a-Service (CCaaS) product capabilities built on a single platform — running on Amazon Web Services (AWS).

Native AI - Genesys Cloud has built-in conversational and predictive AI capabilities. It utilizes technologies such as predictive analytics, machine learning, and natural language understanding to automate, route and personalize interactions.

Omnichannel routing - Genesys Cloud supports calls, email, web, text and social messages. A single routing engine leverages a variety of routing algorithms, evaluation and scoring methods to determine the next best action while maintaining context, intent, and desired outcome.

Speech-enabled IVR & self-service – Genesys Cloud offers multilingual speech-enabled IVR with natural language understanding (NLU) technology. Automated bot assistants provide continuous support for routine queries.

Workforce Engagement Management - A native suite of AI-powered WEM capabilities supports employee onboarding and includes workforce schedule management (WFM), coaching, speech & text analytics, quality management, performance management and gamification.

Outbound campaigns – Genesys Cloud supports outbound dialing and digital campaigns for sending proactive notifications or contacting contact lists of people in accordance with programmable rules.

Analytics and reporting – Genesys Cloud provides real-time dashboards and analytics for contact center management, with customizable reporting and drill-down capabilities for performance analysis.

Integrations - The platform includes a rich set of open APIs, integration methods and an ecosystem of 600+ pre-built solutions and applications available via the AppFoundry® Marketplace.

Cloud Security,Live Mark43Mark43 Public Safety PlatformAuthorizedSaaSHigh2023-10-03SR22045Kratos DefenseN/Aregistrations@mark43.comGovRAMP Approvals CommitteeThe Mark43 service offering provides a public safety CAD, RMS, analytics, and property and evidence platform. The Mark43 platform provides security and law enforcement capabilities to support functions such as situational awareness, information sharing, investigations, homeland defense, security missions, domestic emergency responses, and military support to civil authorities. Additionally, the platform provides emergency management and critical communications capabilities in support of public safety organizations, facilities, first responders, and force protection activities.Access Management,Live Amazon Web Services, IncAWS GovCloud (US)Authorized, Hyperscale Inheritance Authority (HIA)SaaS, IaaS, PaaSHighSR25100N/AJudge Smalljudgesma@amazon.comN/AAWS GovCloud (US) is an AWS Region designed to allow US government agencies and customers supporting the US government to move more sensitive workloads into the cloud. In addition to complying with FedRAMP requirements, the AWS GovCloud (US) framework adheres to U.S. International Traffic in Arms Regulations (ITAR) regulations. Additional information is available at http://aws.amazon.com/govcloud-us/.Live Snowflake Inc.Snowflake Data Cloud on AWS US East/WestAuthorizedSaaSModerate2024-04-02SR22013FortreumSiddique ChaudhrySiddique.chaudhry@snowflake.comGovRAMP Approvals CommitteeSnowflake is the only data warehouse built for the cloud, enabling the data-driven enterprise with instant elasticity, secure data sharing and per-second pricing, across multiple clouds. Snowflake combines the power of data warehousing, the flexibility of big data platforms and the elasticity of the cloud at a fraction of the cost of traditional solutions. Find out more at https://www.snowflake.com/.Live Keeper Security Inc.Keeper Security Government CloudAuthorizedSaaSHigh2022-11-28SR22012A-LignShaun Reardon sreardon@keepersecurity.comGovRAMP Approvals CommitteeKeeper Security Government Cloud (KSGC) transforms the way government organizations protect their operations against password-related data breaches and cyberthreats including ransomware and phishing attacks. KSGC provides IT administrators with visibility, management and control over their organization’s password security, monitoring and reporting. The KSGC cybersecurity platform utilizes a zero-trust framework and zero-knowledge security architecture and integrates with on-premise, cloud and hybrid-cloud environments. KSGC utilizes granular, role-based administrative controls including delegated administration. IT Administrators can enforce critical internal control policies including password complexity, IP white listing, two-factor authentication and Data Loss Prevention (DLP). KSGC’s modern provisioning tools allow organizations to rapidly deploy cybersecurity protection to thousands of users, on all their devices, and can integrate with any identity stack including AD, LDAP, SSO (SAML), SCIM and APIs. The cybersecurity platform includes robust event logging, reporting and auditing capabilities with seamless integration with Security Information and Event Management (SIEM) systems.Live Merlin CyberConstellation GovCloudAuthorizedPaaSModerate2024-01-22SR23054FortreumJoe Dimarcantoniogovramp@cgc.cloudGovRAMP Approvals CommitteeConstellation GovCloud (CGC) is an information system that provides the necessary Platform as a Service (PaaS) architecture layers to support a RAMP authorization. CGC is a managed service that is designed to accelerate FedRAMP authorizations allowing SaaS companies to achieve a FedRAMP/GovRAMP Authorization more quickly and cost-effectively.

Authorized Services:
• Cynamics AI
Cynamics, a leading innovator in network cybersecurity, presents a next-generation SOC AI platform powered by its proprietary sample-based NDR and cybersecurity large language model, CynLLM. By integrating intelligent sampling with cutting-edge AI, Cynamics facilitates real-time and scalable threat detection without the heavy infrastructure requirements of traditional solutions. Already endorsed by Tier-1 municipalities, enterprises, and critical infrastructure providers globally, Cynamics offers unparalleled visibility, automation, and operational efficiency for today’s security teams. InfoSec Global Federal’s AgileSec Analytics provides automated discovery, monitoring, and policy driven control of cryptographic assets, including keys, certificates, algorithms, libraries, devices, applications, firmware, and protocols, across cloud and on premise environments. The AgileSec Analytics platform ensures agencies are prepared for emerging cryptographic threats, including quantum attacks, by monitoring usage of cryptography and preparing migration to post-quantum cryptography. Key capabilities include Automated Cryptographic Discovery & Inventory, Vulnerability Identification and Compliance Reporting, Post-Quantum Readiness, and Continuous Monitoring and Remediation Workflows. The AgileSec Analytics solution supports regulatory requirements including OMB 23-02 mandates and continuous diagnostics, with built-in reporting features evaluated and recognized by federal standards organizations. It also integrates with numerous ecosystem technologies including EDR, CLM, PKI, HSM, CDM dashboards, ITSM, GRC tools and more.

• InfoSec Global Federal - AgileSec Analytics
InfoSec Global Federal’s AgileSec Analytics provides automated discovery, monitoring, and policy driven control of cryptographic assets, including keys, certificates, algorithms, libraries, devices, applications, firmware, and protocols, across cloud and on premise environments. The AgileSec Analytics platform ensures agencies are prepared for emerging cryptographic threats, including quantum attacks, by monitoring usage of cryptography and preparing migration to post-quantum cryptography. Key capabilities include Automated Cryptographic Discovery & Inventory, Vulnerability Identification and Compliance Reporting, Post-Quantum Readiness, and Continuous Monitoring and Remediation Workflows. The AgileSec Analytics solution supports regulatory requirements including OMB 23-02 mandates and continuous diagnostics, with built-in reporting features evaluated and recognized by federal standards organizations. It also integrates with numerous ecosystem technologies including EDR, CLM, PKI, HSM, CDM dashboards, ITSM, GRC tools and more.

Hyperproof delivers a modern, cloud-based compliance operations platform designed to help government agencies and regulated organizations manage risk and compliance with confidence. Hyperproof Gov is a cloud-based governance, risk, and compliance (GRC) platform designed to support regulated organizations in managing security and compliance programs. The system provides centralized capabilities for control management, evidence collection, risk tracking, audit support, and continuous monitoring. Hyperproof Gov enables structured workflows and real-time compliance status reporting to support authorization, assessment, and ongoing monitoring activities. The platform is designed to integrate with external systems for automated evidence collection and to maintain traceability between controls, requirements, and supporting artifacts, supporting consistent and repeatable compliance operations.
Access Management,Live Pulselight Holdings, Inc.Pulselight Data PlatformAuthorizedSaaSModerate2025-01-22SR24023CoalfireIrene Manautouteam@pulselight.comGovRAMP Approvals CommitteeThe Pulselight Data Platform and SaaS applications, such as Aura™ and Torch®, provide customers with the ability to manage and process data for scalable, automated, and extensible analytics, investigation, and case management. These applications help decision-makers use healthcare data to improve quality of care for the individuals they serve and ensure the integrity of critical public programs.

Additionally, Pulselight applications give customers answers, insights, and actionable analysis. With powerful algorithms, automation, and workflow efficiencies, the Pulselight Information System helps customers:
• measure, report, and act on person-centered care, service quality & access
• detect, manage, and prevent incidents related to abuse, neglect and exploitation
• detect, investigate, and manage cases of suspicious or fraudulent practices

Uses cases include healthcare quality improvements, outcome analysis, law enforcement action, civil action, audits, overpayment recoveries, policy setting, cost control, benefit entitlements, and opioid prevention and treatment.
E-Discovery,Live NinjaOne LLCNinjaOneAuthorizedSaaSModerate2025-08-08SR24035SchellmanKing Quaidooking.quaidoo@ninjaone.comGovRAMP Approvals CommitteeNinjaOne is a remote monitoring and management (RMM) platform delivered as a software as a service offering using a multi-tenant public cloud computing environment. It includes facilities for patch management, software deployment, endpoint health and performance monitoring, as well as scripting and automation. It is available to the public, federal, state, local, and tribal governments, as well as research institutions, federal contractors, government contractors.Live MicrosoftMicrosoft 365 CommercialCoreSaaSModerate2025-11-21CR25008John Berginberginjohn@microsoft.comGovRAMP Approvals CommitteeMicrosoft 365 (M365) Commercial is a suite of cloud-hosted messaging and collaboration services. These cloud-based services are designed to provide organizations with streamlined communication, high availability, comprehensive security, and simplified information technology (IT) management. M365 provides the interactivity of on-premises client and server applications with the flexibility and scalability of web-based services. M365 leverages Microsoft Azure as the IaaS/PaaS for the underlying infrastructure and hardware. Therefore, M365 relies on Azure-inherited services. For more information on these Azure services, refer to the Azure ATO package.Live OCLC Inc.WorldShare Management ServicesAuthorizedSaaSLow2021-09-292025-05-21SR21009Schellman and Company, LLCTina Pricepricet@oclc.orgGovRAMP Approvals CommitteeOCLC is a nonprofit global library organization. Through OCLC, member libraries cooperatively produce and maintain WorldCat, the world’s most comprehensive global network of data about library collections and services.Live Splunk Inc.AppDynamicsAuthorizedSaaSModerate2024-08-20SR24017Schellman & CompanyKara McMillankarmcmil@cisco.comGovRAMP Approvals CommitteeAppDynamics GovAPM is a software-as-a-service (SaaS) application performance monitoring (APM) solution. AppDynamics GovAPM provides end-to-end visibility into the performance of applications. AppDynamics application performance monitoring and business intelligence solutions provide organizations real-time visibility into application environments and strategic insights that drive business outcomes. By utilizing industry-leading monitoring and analytics features, IT departments can automatically identify performance anomalies and resolve issues before they impact customers or revenue streams. Our unique combination of application performance and business metrics gives enterprises the power to deliver reliable performance and a flawless customer experience.Live CollabwareCollabspaceAuthorizedSaaSHigh2024-04-02SR23045Kratos DefenseDouglas Conversedconverse@collabware.comGovRAMP Approvals CommitteeCollabspace is a highly scalable, cloud-based records and information management solution. Collabspace enables organizations to stream content from multiple repositories into a data lake for the purposes of managing content lifecycle for regulatory compliance, and to facilitate faster execution of FOIA requests processes. Collabspace employs advanced enterprise search and records management capabilities such as OCR and audio/video transcription to help categorize and analyze records for proper retention and disposition.Live Paperless InnovationsActusAuthorizedSaaSModerate2023-05-23SR23010Earthling Security Michael Toccimike@paperless-innovations.comGovRAMP Approvals CommitteeActus is SaaS based Compliance automation solution for P-Card Programs, including item sourcing, approvals workflows, credit card purchasing, reconciliation, and automated audit. Actus is designed according to 3 pillars: Accountability, Compliance , and Transparency.
• Accountability - Actus helps agencies paint a complete and total picture of each expense, eliminating guesswork, human error, and manual data entry tracking. • Compliance - Simplified, structured data is at the heart of compliance automation ensuring adherence to Agency policies and acquisition regulations. The Actus platform streamlines and automates oversight processes while maintaining rich transactional records for instant audit reporting. Artificial Intelligence is used to further the regulatory mission of each agency. Adoption of Actus itself satisfies and supplements Federal paperless mandate compliance as well. • Transparency - Actus utilizes dashboards enabling full visualization of all workflow processes, transactional data and documents on a need to know basis. Audit automation occurs with every download of bank transactions without requiring manual packet creation by the cardholder. Active Audit enables inspection of every detail of each purchase made within a selected time frame—in a unified, streamlined format.
P-Card Compliance Automation Features: • Custom Approval Workflows • Financial Data Capture • Full Lifecycle Spend Tracking • Cloud Storage of Reconciliation Packets • Dashboard Visualization of data & documents • Automated Reconciliation Statements • Structured Item Level (Level 3) Data • Merchant Class Code Tracking • Suspicious Pattern & Activity Detection • Alerts for Each Stage of Transaction • Transactional Keyword Search • Bank Statement Transaction Matching • Auto-Matched Transactions • Daily, Weekly, or Monthly Reconciliation • PIV/CAC authenticationLive ProjectTeam, Inc.ProjectTeam for Government (PTG)AuthorizedSaaSModerate2025-10-14SR24067A-LignTroy Clarktclark@projectteam.comGovRAMP Approvals CommitteeProjectTeam for Government (PTG) is a cloud-based Project Management Information System (PMIS) used by federal organizations to manage construction programs and projects. It serves as a centralized hub for all project stakeholders, including owners, contractors, architects, and subcontractors, providing them with a collaborative platform to efficiently manage and track projects from inception to completion. In PTG users can track industry-standard processes such as budgets, contracts, change orders, payment applications, requests for information, submittals, design reviews, meeting minutes, and more. In addition to the default processes provided within the application, users with administrative access can build custom processes to track unique mission-critical requirements at both an organizational level and on specific projects.
At its core, PTG offers a comprehensive suite of features and tools tailored specifically for the construction industry. These include document management, cost tracking, communication, and reporting functionalities. With its user-friendly interface and intuitive navigation, users can easily upload, organize, and share project documents, ensuring that all team members have access to the most up-to-date information. This promotes transparency, reduces errors, and enhances productivity by facilitating seamless collaboration and real-time communication.Live Project Hosts, Inc.GSS One- AzureAuthorizedPaaSHigh2021-09-102025-02-11SR21006Coalfire SystemsJoshua Kruegerjosh.krueger@projecthosts.comGovRAMP Approvals Committee
The GSS One- Azure is a General Support System (GSS) platform (PaaS) built primarily on Microsoft Azure Government. Project Hosts also deploys customer dedicated subnets on Azure commercial for those customers/ agencies that request this. The GSS is composed of systems and services that manage access control, authentication, auditing, monitoring, scanning, patching, configuration management, malware prevention, intrusion prevention, incident response, backup, and disaster recovery for each Application deployed on the GSS One- Azure. The GSS One- Azure is classified as a hybrid cloud deployment model to enable state and local agencies as well as commercial entities to deploy applications in a secure environment on top of the GSS One- Azure GSS system.
There are two main types of customers who use the GSS One- Azure: (i) Independent Software Vendors (ISVs) deploying multitenant SaaS applications and (ii) Federal, state or local agencies and commercial customers deploying dedicated applications just for their agency or organization (not multitenant). For both types of customers, their applications are deployed on customer-dedicated virtual servers (or Azure PaaS services) inside customer-dedicated subnets. Network security group access controls ensure that each customer’s subnet is completely isolated from and has no access to any other customer’s subnet. PaaS security subnets handling functions such as authentication, DMZ, SIEM, etc. are built on Azure Government. Customers have the option to have their dedicated application subnets built on either Azure Government or Azure Commercial. Either way, customer subnets are connected to the PaaS security subnets through V-net peering as described more fully here: https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-peering-overview .
For GSS One- Azure customers, Project Hosts also provides services that are over and above the PaaS offering described in the GSS One- Azure FedRAMP package. Namely, Project Hosts deploys, secures, manages, and provides continuous monitoring for applications that are compatible with GSS One- Azure architecture, authentication, operating system, database, and access requirements.
For ISV customers, Project Hosts also creates their SaaS-level FedRAMP package, helps them throughout the agency authorization process, and manages their 3PAO annual assessments.
For agency customers, Project Hosts assists them in the creation of their own SSP, manages annual 3PAO scanning and penetration testing of their dedicated applications, and provides a monthly application-level POA&M. Following is a partial list of applications for which Project Hosts is providing these services over and above the GSS One- Azure platform:
Accenture Federal (Task management Tool)
Blue Prism (Blue Prism)
BrightWork (BrightWork SharePoint-based Project Management)
Checkmarx (CxSAST Source Code Scanner)
Drupal (Drupal CMS)
FlowVU (FlowVU Collaboration)
Gimmal (Gimmal Records Management)
Lexmark (Managed Print Service)
Microsoft (Office, Dynamics, Power BI Server, Project Server, SharePoint, SSRS)
Sopheon (Accolade Enterprise Innovation Management)
UMT360 (SharePoint-based Enterprise Portfolio Management)
Veritas (eVault, eDiscovery, Merge1)
WordPress (WordPress CMS)
Permuta (Defense Ready)
Gimmal (Records Management)
Invoke (UiPath Orchestrator and RPA)
Conga (Contract Lifecycle Management and Conga Approvals)
Davra (WebEx Legislate, Internet of Things)
Ephesoft (Transact)
OM Group Inc (ProjNet)
Nintex (K2 Five, Workflow Cloud)
WordPress As a Service (WPaaS)
C3 AI (C3 AI Suites)
MURAL (MURAL for Government)
WillCo Tech (CyberSTAR)
Kofax (Control Suite, Kofax TotalAgility, Kofax Robotics Process Automation)
If an agency would like to use one of these Applications or bring in another GSS One- Azure-compatible Application, Project Hosts will provide application-level artifacts that will help the agency assess the risk of deploying that application in the GSS One- Azure as well as any other documentation or evidence required in order to grant an Authority to Operate (ATO).Live SolventumSolventum Revenue Cycle SaasAuthorizedSaaSModerate2025-12-23SR24074CoalfireJeanette Beaudryjbeaudry@solventum.comGovRAMP Approvals CommitteeSolventum Revenue Cycle SaaS includes the following:
• Solventum™ 360 Encompass™ System (360E) is a collection of applications that work together to help hospitals streamline processes, receive accurate reimbursement, promote compliance and make data-informed decisions. 360E includes cloud-based services such as Analytics and Worksheet Services. Analytics provides a wide array of dashboards across CDI, quality, and coding functionalities. These dashboards deliver key summaries of coder and CDI performance, while also tracking a variety of performance metrics. Worksheet Services provides various worksheets that assist chargers and coders to accurately and completely capture evidence and CPT® codes from documentation provided by a given client.
• SolventumTM Data Delivery Services (DDS) – Solventum’s DDS is an efficient and secure method for obtaining a daily feed of 360E data. The data includes multiple inpatient, outpatient, and professional data sets that can be imported into a data warehouse or a reporting platform for a wide range of uses and deeper analysis. Use the data to build powerful cross platform reports and dashboards by aggregating data with additional data sources. By using a simple and secure service, you can ensure the integrity and confidentiality of sensitive health information while maximizing the potential of data assets.
• CodeAssist is a web-based system that leverages advanced Natural Language Processing (NLP) to examine the full text of a physician’s report and automatically assign accurate Current Procedural Terminology (CPT®) codes and International Classification of Diseases (ICD) diagnosis codes.
• Cloud Platform Managed Services (MS) delivers the Solventum™ 360 Encompass™ System and Solventum™ Coding and Reimbursement System (CRS) in the cloud. This platform provides a secure way to manage and maintain Solventum’s coding and CDI applications in real-time, with significantly reduced maintenance windows and a seamless, straightforward implementation process.
• Solventum™ Performance Data Monitoring (PDM) is a web application that enables healthcare providers to benchmark, monitor and analyze Clinical Documentation Improvement (CDI) performance. PDM enriches healthcare claims data with public and proprietary Solventum methodologies before applying Solventum benchmarks to generate expected vs. actual results that are used for analysis. PDM provides access to dashboards and reports with performance indicators that enable drill-down and physician level reporting.
• Solventum™ Performance Insights (PI) is an analytics application that is designed for executives and operational leaders in CDI, Coding or Quality to benchmark and quickly identify performance opportunities. By enriching the data with Solventum’s trusted methodologies, applying standard or client comparative benchmarks, PI delivers powerful analytics driven by expert prioritization to enable informed decision-making for targeted improvements. PI provides our clients with prioritized opportunities with the highest impact on accurate reimbursement and quality reporting while reducing cost.Live Qlik Technologies Inc.Qlik Cloud GovernmentAuthorizedSaaSModerate2023-07-05SR23003FortreumMarie Rainismarie.rainis@qlik.comGovRAMP Approvals CommitteeQlik Cloud Government is a SaaS platform purpose-built for delivering Qlik technology to U.S. public sector customers within a safe, FedRAMP-compliant cloud environment. Qlik empowers organizations with data and analytics technology that improves decision-making and solves their most challenging problems. Qlik Cloud Government simplifies data and analytics operations across an organization through a single platform that integrates data sources into an analytics environment where users of all levels can build analytics assets, ask questions with AI, and collaborate with others to drive action.Cloud Services,Live Trustwave Government SolutionsManaged Detection and Response (MDR) and Co-Managed SIEMAuthorizedSaaSModerate2024-06-17SR24001CoalfireJohn Wynnjwynn@trustwavegovt.comGovRAMP Approvals Committee24x7x365 monitoring and management of EDR / SIEM / security technologies by U.S. based employees in AWS GovCloud.Live Socure Inc. ID+ AuthorizedSaaSModerate2024-01-02SR23021Kratos Defense Matt Kingmatt.king@socure.comGovRAMP Approvals CommitteeSocure leverages the power of AI / ML to provide digital identity proofing and verification solutions for consumer identity management. Socure’s ID+ analytics platform ingests consumer submitted data, validates the data against authoritative sources, and analyzes every dimension of the digital identity to generate a risk-based assessment of whether someone is who they claim to be online. This includes a comprehensive analysis of name, email, phone, address, date of birth, SSN, IP, device, velocity, network and behavioral intelligence, and more.Live Pitney BowesSendPro360AuthorizedSaaSModerate2025-01-14SR24037A-lignJohn Winkelmanjohn.winkelman@pb.comGovRAMP Approvals CommitteeService Description
Pitney Bowes SendPro 360 Sending, Receiving, and Locker Management Solution

Pitney Bowes SendPro 360 is a comprehensive, cloud-based sending, receiving, locker management, and analytics solution that powers your mailroom operations for maximum efficiency and transparency.

Multi-Carrier Shipping and Mailing

SendPro 360 makes mailing and shipping quick and easy by empowering departments with the flexibility to send in the way that’s right for them. Users save time and money by printing stamps directly from the online interface and by accessing SendPro 360 multi-carrier shipping functionality to compare rates and print labels across major carriers. The ability to track spend and activity by account or department, facilitates project or departmental chargebacks for accurate accounting. SendPro360 includes a dedicated certified and electronic return receipt (ERR) and registered mailing process with proof of delivery reporting. Also, qualified users can prepare ship requests for packages sent to the mailroom for processing.

Package Receiving, Tracking and Delivery

The SendPro 360 platform automates the process of receiving, tracking, and delivering incoming packages and mail through a simple scan of a barcode. Manually logging items instantly becomes a process of the past. It can configure delivery routes, provide lists of packages, and has the ability to manage assets. Package tracking notifications via email and SMS as well as SLA management simplify and enhance the experience.

-The SendPro 360 platform automates the process of receiving, tracking, and delivering incoming packages and mail through a simple scan of a barcode.

Smart Locker Management

Effectively manage the delivery process of packages, assets, and other important items moving across your organization with SendPro 360 Smart Locker Management capabilities. This software solution is the intelligence behind a physical smart locker and helps ensure safe, secure contactless delivery. It modernizes the pickup process by enabling convenient 24/7 self-service locker access and automates alerts notifying recipients they have an item for pickup while preserving chain-of-custody. Our Smart Locker Management Software allows users to remotely manage or troubleshoot smart lockers across a single site or multiple locations. Plus, it offers extensibility ensuring seamless expansion to additional workflows to meet evolving needs.

-These solutions will require customer-provided hardware and will require assessment, authorization, and continuous monitoring of such capabilities by using agencies. Pitney Bowes has the technical expertise to help determine which hardware best meets agency needs and to assist with agency authorization and approval processes.

Analytics

From smaller mailrooms to multi-location operations, SendPro 360 offers complete visibility into your receiving and sending operations. Dynamic views can be filtered by divisions, locations, cost accounts, and users, across any date range. View and manage postage and shipping spend, and gain insights to your receiving and locker metrics all the way through final delivery to ensure packages and mail are accounted for and delivered on time.

Gauge performance, operator efficiency, and resource utilization to ensure service level agreement (SLA) metrics are being met. To locate a package, SendPro 360 provides end-to-end tracking of packages, locker activity, as well as shipping and mailing activity across your government agency.Live ZoomZoom for GovernmentAuthorizedSaaSModerate2022-02-112025-02-11SR21031Schellman and Company, LLCJennifer Aneke & John Keesezfgcompliance@zoom.usGovRAMP Approvals CommitteeThe Zoom For Government Platform unifies cloud video conferencing, cloud phone system, messaging, simple online meetings, and a software-defined conference room solution into one easy-to-use platform. The solution offers video, audio, phone, and wireless screen-sharing across Windows, Mac, Linux, Chrome OS, iOS, Android, Blackberry, Zoom Rooms, and H.323/SIP room systems. Zoom Products include:

Zoom Cloud Video Conferencing – a cloud-based collaboration service which includes video, audio, content sharing webinars and collaboration.
Zoom Phone - a cloud-based phone system with traditional PBX features, integrated PSTN connectivity, enhanced emergency services, and support for calling from mobile apps, desktop apps, and legacy desk phone devices.
Zoom Chat - send chat messages in public or private channels organized by projects, teams, or topics with the ability to share files, emojis, screenshots, and more.
Zoom Rooms – software-based group video conferencing for conference and huddle rooms that run off-the-shelf hardware including a dedicated MAC or PC, camera, and speaker with an iPad controller.
Zoom Room Connector – a gateway allowing H.323 and Session Initiation Protocol (SIP) systems to connect to Zoom meetings. Room Connector is available in both cloud computing and as software (VM) for installation on the customer premise.
Zoom Meeting Connector – a software (VM) version of the Zoom Cloud infrastructure intended for installation on the customer premise.
Zoom API - provides the ability for developers to easily add Video, Voice and Screen Sharing to your application. Our API is a server side implementation designed around REST. The Zoom API helps manage the pre-meeting experience such as creating, editing and deleting resources like users, meetings and webinars.Live InteumMinuetAuthorizedSaasModerate2026-03-16SR24081Linford & CompanyRuth Bensonruth@inteum.comGovRAMP Approvals CommitteeMinuet is a cloud-based software application developed by Inteum, designed to manage the entire intellectual property (IP) lifecycle. It is typically used by universities, research institutions, and corporations to handle: Invention disclosures, Patent and licensing management, Contract and agreement tracking, Reporting and compliance.

Minuet helps technology transfer offices (TTOs) and IP departments streamline operations, ensure regulatory compliance, and securely manage sensitive inventor and IP-related data.Live Second Front SystemsGame WardenAuthorizedPaaS/SaaSHigh2025-07-24SR24024Schellman & CompanyMamie Crusemamie.cruse@secondfront.comGovRAMP Approvals CommitteeAs a leading enabler for secure national security software, 2F’s Game Warden platform leverages cutting-edge technology to simplify and accelerate the integration of SaaS applications into government networks. By automating compliance and security processes, Game Warden ensures adherence to stringent standards, facilitating faster deployment and certification. The platform offers flexible, fully managed hosting options and seamless integration with CI/CD pipelines, along with built-in compliance with strict ATO requirements. Game Warden empowers mission owners with secure, efficient, and compliant SaaS solutions.Live MicrosoftMicrosoft Azure CommercialAuthorized, Federal JABSaaS, PaaS, IaaSHigh2021-12-152022-04-25SR21023KratosJohn Gallagherjogallag@microsoft.comGovRAMP Approvals CommitteeMicrosoft Azure is a cloud platform with more than 200 products and cloud services designed to help deliver solutions across different deployment scenarios – Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), and Software-as-a-Service (SaaS). Microsoft Azure supports more than 90 compliance standards including FedRAMP High.Cloud Services,Live SolventumSolventum Health Services Platform (SHSP) AuthorizedSaaSModerate2024-01-02SR23042CoalfireJeanette Beaudryjbeaudry@solventum.comGovRAMP Approvals CommitteeSolventum Health Services Platform (SHSP) is a cloud-native platform of applications and services that provide reliable and secure processing of healthcare data. SHSP is used by Solventum’s Revenue Cycle, Performance Management and Clinician Productivity Solutions products.

SHSP also includes Solventum’s Grouper Plus Content Services (GPCS) product that provides access to Solventum’s comprehensive grouping, editing, reimbursement and pay for performance content.Live OktaOkta IDaaSAuthorizedSaaSModerate2021-11-192024-08-20SR21015Schellman and Company, LLCSean Fraziersean.frazier@okta.comGovRAMP Approvals CommitteeThe Okta IDaaS Regulated package includes a number of components that may be used to provide methods of authentication and provisioning control including Okta core, Okta Mobile, Okta Verify, Okta Directory Agent, and Okta IWA Agent.Live Trend MicroTrend Micro Cloud One for GovernmentAuthorizedSaaSModerate2024-05-21SR23058FortreumSteven Ryansteven_ryan@trendmicro.comGovRAMP Approvals CommitteeTrend Micro offers the leading cybersecurity solution to protect endpoints, servers, and cloud workloads. Deploy security across your endpoints and physical, virtual, and multi-cloud environments to gain unified visibility, management, detection and prevention with Trend Micro Cloud One for Government.
Native integrated endpoint and server detection and response (EDR/XDR) sensors allow for quicker detection of complex attacks that bypass prevention. This provides an unmatched understanding of the activity data in your environment and a balanced approach to security, as teams can quickly see the story of an attack and respond faster and more confidently.
The platform's real-time prevention and detection capabilities (application control, anti-malware, behavioral analysis, machine learning, EDR, intrusion prevention (IPS), firewall, integrity monitoring, and log inspection) are managed via a single lightweight agent deployed on the endpoint, server, or VM being protected. Combined with a rich set of application programming interfaces (APIs), Trend Micro Cloud One for Government allows you to automate security and reduce impact on your teams.
Trend Micro Is trusted by 9 out of the top 10 Fortune 500 companies, blocks over 94 billion threats per year, analyzes over 100 TB of threat information per day and processes over 2.5 trillion events per day. We are cyber security experts.Live Wiz, Inc.Wiz Moderate for U.S. GovernmentAuthorizedSaaSModerate2024-05-21SR23072FortreumSandra Buonassisisandra.buonassisi@wiz.ioGovRAMP Approvals CommitteeWiz Moderate for U.S. Government (Wiz Mod) is an agentless vulnerability scanning tool that uses an application programming interface (API) connector to scan customer environments in AWS GovCloud. Wiz Mod Gov scans various cloud architectures including virtual machines (VMs), containers, serverless, and PaaS solutions. Integrations with the continuous integration/continuous deployment (CI/CD) pipeline allow Wiz Inc. customers to define scanning policies for images and Infrastructure as Code (IaC) prior to deploying into production. Wiz Mod Gov inventories the technologies discovered in the environment to provide insight into all assets, including third-party access to the environment and code libraries detected on workloads. In addition to scanning for vulnerabilities and configuration standards and uses a threat intelligence feed to scan cloud workloads, detect malicious code, and provide information regarding the severity of the threat, and can give insight into all the privileged role assignments in the environment.Live Snowflake Inc.Snowflake Data Cloud on Azure GovernmentAuthorizedSaaSModerate2023-02-21SR22015FortreumSiddique ChaudhrySiddique.chaudhry@snowflake.comGovRAMP Approvals CommitteeSnowflake is the only data warehouse built for the cloud, enabling the data-driven enterprise with instant elasticity, secure data sharing and per-second pricing, across multiple clouds. Snowflake combines the power of data warehousing, the flexibility of big data platforms and the elasticity of the cloud at a fraction of the cost of traditional solutions. Find out more at https://www.snowflake.com/.Live MicrosoftM365 Government Community Cloud & Supporting ServicesAuthorizedSaaSHigh2024-07-22SR23056Kratos DefenseBrian Smithsmith.brian@microsoft.comGovRAMP Approvals CommitteeMicrosoft 365 (M365) Government Community Cloud (GCC) is a suite of cloud-hosted messaging and collaboration services to meet the unique and evolving requirements of the United States Federal, State, Local, and Tribal governments, as well as contractors holding or processing data on behalf of the US Government. These cloud-based services are designed to provide organizations with streamlined communication, high availability, comprehensive security, and simplified information technology (IT) management. M365 GCC provides the interactivity of on-premises client and server applications with the flexibility and scalability of web-based services. M365 GCC leverages Azure Government as the IaaS/PaaS for the underlying infrastructure and hardware. Therefore, M365 GCC relies on Azure Government-inherited services. For more information on these Azure Government services, refer to the Azure Government ATO package. To be covered by the GCC GovRAMP Authorization, customers must purchase a GCC SKU. Live Solari Crisis and Human ServicesCCXReadySaaSModerate2026-01-19SR24072CoalfireSean Hazlesean.hazle@solari-inc.orgN/ACCX is a cloud-based solution designed to provide a complete technology services solution to build and support social, mental health, and substance use clinical services programs. Its primary function is to provide a web-form workflow for clinical staff to enter case information that may then be used in determinations and case management for the client and data analytics for reporting. The CCX system is designed to operate in a secure and scalable manner to support data-driven human services programs, including contact centers, referral, case management, and dispatch services, for use in mental health crisis response, intervention, referral, and data service.Live SMXElevate Intelligent Automation Platform (IAP)AuthorizedPaaSModerate2021-11-082022-05-18SR21022Coalfire SystemsRazaq AhmedATO@smxtech.comGovRAMP Approvals CommitteeSMX Elevate Intelligent Automation Platform (IAP) is a GovRAMP certified PaaS that accelerates secure cloud adoption for commercial and government organizations—even in the most regulated environments. Elevate IAP integrates provisioning, monitoring, security, and lifecycle management to streamline operations, minimize complexity, and mitigate risks.

What sets Elevate IAP apart:

Built-in compliance at scale: Native controls and automations to support CMMC, HIPAA, HITECH, CJIS, PCI, SOC 1/2, FedRAMP, and DoD ILx baselines. Integrated authorization and governance: Platform-level authorization plus policy-driven guardrails simplify multi-tenant and cross-domain operations. ISV ecosystem on day one: Rapidly deploy leading solutions through the platform and partnerships — Beyond Identity, C3 AI, ColorTokens, eShare, Versa — augmented by embedded capabilities like Dynatrace and Tenable Nessus SC. Additional accredited IAP platforms deliver Appian and Juvare.

Mission-ready accelerators: Pre-built SMX solutions run natively on IAP to jumpstart outcomes:

Elevate AI: Secure Generative AI for sensitive missions

Elevate ATO Fast Track: Accelerated FedRAMP, CMMC, and DoD authorizations

Elevate FM: Financial Management

Elevate ISR: Intelligence, Surveillance, and Reconnaissance

Elevate NetEdge: Global resilient networking

Elevate Sensing: Space Domain Awareness

Beyond Identity offers an authentication and access solution that maximizes phishing resistance, eliminates verifier impersonation risks, and leverages advanced cryptography to support enterprise environments seamlessly.

C3 AI enables organizations to design, develop, deploy, and operate big data, predictive analytics, AI/ML, and Internet of Things (IoT) software applications. By combining state-of-the-art foundational large language models (LLMs), deep learning retrieval models, and the C3 AI Platform, C3 Generative AI serves as a deep domain knowledge source to support information retrieval across disparate datasets and improve decision-making.

ColorTokens Xshield is a Zero Trust micro segmentation solution engineered to halt lateral movement of malware, ransomware, and other threats across cloud workloads, on premises servers, endpoints, Kubernetes containers, OT/IoT devices, and legacy systems.

eShare enables organizations to share files and collaborate using link-based access—with dynamic access controls, watermarking, and persistent policy enforcement that travel with the data even after sharing. eShare ensures regulatory compliance and governance while boosting productivity, reducing IT overhead, and maintaining full data sovereignty.]

Versa solution provides a Unified Secure Access Service Edge (SASE) for government that combines security and networking by integrating zero trust network access (ZTNA), secure web gateway (SWG), cloud access security broker (CASB), and software-defined wide area network (SD-WAN).Learning Management System,Live TRANSACT + CBORDCBORD Online Transaction ProcessingAuthorizedSaaSModerate2024-08-21SR23076360advancedJosh Elderjle@cbord.comGovRAMP Approvals CommitteeNetMenu: NetMenu includes the following modules: CBORD Fusion, NetMenu Planner, NetMenu TrayCard, NetMenu Tray Ticket, Selective Dining, Mobile Inventory, CBORD Patient, Room Service Choice, NetMenu Floor Stock, CBORD C-Store, CBORD Data Analytics, CBORD Hub, NetNutrition, NetRecipe, Tray Logistics, Menu Display Interface (MDI); and its customer-branded applications: Horizon School Technology (HST) Back of House (BOH), BluePrint Menu Management System®, Cycle Menu Management®, Sysco® eNutrition, NetIMPAC, and Menu Wizard+. NetMenu provides an integrated food production, inventory management, and menu planning solution to support retail and patient nutrition. Electronic vendor integration and integration into CBORD customer accounts payable, general ledger, and point-of-sale software allow CBORD customers to leverage current systems when interfacing with NetMenu.

GET: GET serves as a centralized, cloud-based platform tailored for organizations utilizing the CBORD card/cashless system, aimed at elevating the quality of service provided to their patrons, expanding patron engagement with the cashless program, and driving user involvement and revenue growth. GET offers an integrated experience that aligns with the expectations of today's students, particularly within the ever-evolving mobile landscape through the CBORD platform. Within the GET platform, users have access to real-time balance information, transaction history, the capability to report a lost or found card, and the convenience of making deposits using a credit card. Furthermore, GET's core features encompass food ordering, virtual card payment, mobile access, and a loyalty system. GET also supports integration with campus authentication systems and e-commerce merchant accounts for the acceptance of credit card payments.

Odyessy Direct: Through Odyssey Direct, university clients have the ability to establish a comprehensive suite of services linked to a customized campus credential. This encompassing suite includes services such as card printing and credential management, photo capture, management of meal plans, debit and credit accounts, point-of-sale transactions for dining and retail, attendance tracking, as well as eligibility verification. Furthermore, the use of campus card payments is seamlessly integrated into various aspects of university life. These payment capabilities extend to dining services, vending machines, laundry facilities, photocopying and printing services, parking facilities, university bookstores, e-commerce platforms, and even select off-campus dining establishments. A dedicated mobile application ensures round-the-clock accessibility, empowering university students with access to their account information and service details. Beyond the administrative aspects of managing their campus card account, students can leverage this application to peruse dining menus, place food orders, gain access to their rooms, and, when necessary, employ it for identification purposes.Live WellspringSophia Knowledge Management SystemAuthorizedSaaSModerate2022-08-262025-09-15SR22004LunarlineMatthew Hamiltonmatt.hamilton@wellspring.comGovRAMP Approvals CommitteeWellspring Knowledge Management System (Sophia) is a Software-as-Service (SaaS) solution designed to manage technology transfer operations and knowledge asset tracking for those working in the area of research and innovation. The product services solutions within intellectual property (patent) management, licensing and contract management, invention and ideas disclosure, along research and development (R&D) portfolios and project management.

The data in the system is typically directly entered by users and includes storage of various metadata around invention, patents, projects, contracts, and contacts associated with those records. Users may supplement these with uploaded notes, related files, workflow status, financial information, contract terms and other information that is critical to the tracking of the end users portfolio. Key functional areas of the system are:

idea disclosure from researchers and inventors.
evaluation of inventions and Intellectual property protection
support of patent prosecution and monitoring
tracking contracts and technology licensing terms
financial management of patent expenses and licensing revenue
compliance with contract terms and invention reporting
project and portfolio managementLive CivicPlus, Inc.CivicPlus Municipal Website EvolveReadySaaSModerate2025-07-01SR24044A-LignJim Flynnflynn@civicplus.comN/ACivicEngage Evolve is built upon the CivicPlus® Platform’s HCMS, which means CivicEngage Evolve data seamlessly integrates with all available CivicPlus products and solutions for a consistent administrative experience. CivicEngage Evolve is easy enough for the non-technical users and functional and flexible for technical teams to take advantage of its full capabilities and API-first architecture.Perhaps most importantly, CivicEngage Evolve enables municipalities to implement a content as a service (CaaS) communication model.Live Aurigo Software Technologies Inc. Masterworks Cloud PlatformReadySaaSModerate2021-10-15SR21012The Cadence GroupVivek Siddegowdavivek.siddegowda@aurigo.comN/AThe Aurigo Masterworks Cloud is an integrated suite of enterprise software products for owners to plan, build, and maintain large capital assets, infrastructure, and facilities. Aurigo Essentials is an all-in-one product for small to mid-size agencies with easy-to-deploy and industry-ready configurations.Live GL SolutionsGL SuiteReadySaaSModerate2026-01-19SR24050Linford & CoEric Staleystaley@glsolutions.comN/AGL Suite is a full-service, cloud-based SaaS licensing and credentialing regulatory solution used currently in dozens of states. GL Suite was developed 25 years ago by regulatory officials to “Help Governments run, grow and adapt” as the mission statement of GL Solutions states. Modernization and optimization of government agencies increases efficiency and brings trust to the regulatory agencies.Live UiPathUiPath Automation Cloud Public SectorAuthorizedSaaSModerate2025-03-19SR24031Schellman & CompanyJames Nordenjames.norden@uipath.comGovRAMP Approvals CommitteeUiPath Automation Cloud Public Sector is a FedRAMP-authorized SaaS delivery of the UiPath Business Automation Platform, designed for US public sector organizations. The UiPath Business Automation Platform offers comprehensive, integrated AI-powered automation capabilities, including: UI + API Automation, Process Orchestration, Document Understanding/IDP, Process and Task Mining, Low-code Application Development, Testing, Digital Assistants, and more. It implements governance and management tools across these capabilities, and delivers an open architecture with connectors to optimize and automate processes across any technology. By using self-hosted Robot and Studio components, organizations also have the option to work with data in-place, without moving it to Automation Cloud.Live Rapid7InsightGovCloudAuthorizedSaaSModerate2026-02-23SR24091Schellman & CompanyMilica Lijeskicmilitza_lijeskic@rapid7.comGovRAMP Approvals CommitteeThe Rapid7 InsightGovCloud is a suite of cloud-based SaaS applications that provides agencies with the tools and clarity they need to assess their attack surface, detect suspicious behavior, and respond and remediate quickly with intelligent automation. Features are enabled/disabled in near real time within a central web user interface (UI) with additional application programming interface (API) features. This suite of applications includes the following Rapid7 SaaS products: InsightPlatform, InsightVM, InsightCloudSec, and InsightConnect.Live Proofpoint, Inc.Proofpoint Targeted Attack ProtectionAuthorizedSaaSModerate2022-09-082025-03-19SR22006SchellmanTariq Iqbaltiqbal@proofpoint.comGovRAMP Approvals CommitteeProofpoint Targeted Attack Protection (TAP) helps detect, mitigate, and block advanced threat that target people through email. It detects both known and new, never-before-seen attacks that use malicious attachments and URLs to install malware on a device or trick users to share their passwords or other sensitive information.Live VexcelWIC MosaicProvisionally AuthorizedSaaSModerate2024-02-26SR23059Kratos DefenseUsama Jawedusama.jawed@microsoft.comGovRAMP Approvals CommitteeA modern solution for the Women, Infants, and Children Program impacting participation, eligibility, and retention.Live WingSweptCase Management & Tracking System (CMTS)AuthorizedSaaSModerate2023-02-27SR22014LunarlineAllison Lehmanallison.lehman@wingswept.comGovRAMP Approvals CommitteeWingSwept has provided case management solutions to investigators at government agencies for more than a decade. WingSwept converted its Case Management & Tracking System (CMTS) into a Commercial Off-The-Shelf (COTS) service offering in 2010. Built with both security and flexibility in mind, CMTS provides for the secure storage, retrieval, and reporting of case management data for investigative offices at all levels of government. The CMTS design is neither static nor monolithic. Intentionally flexible, CMTS provides government agencies with the ability to establish unique naming conventions, tailor agency-specific workflows, and to support a wide range of other user-preferred configurations. An idle-case tracking function also includes both time and activity-based notifications in order to establish and maintain a seamless agency workflow. As an added layer of security, each CMTS customer operates in a secure environment with data separated by customer. Hosted on Amazon Web Services (AWS), CMTS is a web-based, browser-accessible application that requires no device-specific software for implementation. Highly customizable dashboards, combined with specialized labels and entry fields provide investigators with the ability to compile and display comprehensive case metrics in a simplified, user-friendly format. CMTS can display ad-hoc and pre-defined reports in minutes, drastically reducing processing times and increasing staff efficiency. This flexible design allows agencies to tailor workflows in order to match existing processes and to provide for continuity in ongoing investigations. As a result, CMTS may be readily adapted to serve investigative offices of any size. Many of the CMTS customers leverage our optional Online Intake Service (OIS) which allows customers to host or leverage OIS hosted internet facing forms which can collect case intakes to be later securely picked up by the agency CMTS server for potential ingestion as a case.Live Qualtrics, LLC.Qualtrics XM PlatformAuthorizedSaaSHigh2023-04-17SR22035SchellmanMatthew Valenzuelafedramp@qualtrics.comGovRAMP Approvals Committee
The Qualtrics XM Platform is a web-based application that allows Government agencies to create surveys and then collect, analyze, and store the data produced from those surveys. Government agencies can use the application to collect and analyze citizen, employee, and community feedback to improve services and engagement for both external customers (citizens) and internal customers (public sector employees). The Qualtrics XM Platform enables multiple departments within an agency to collect and analyze survey data within a single enterprise system, allowing all levels of the agency or department to have access to important feedback data. The XM Platform includes an array of services that can be utilized to track, manage, and improve the experience of external and internal customers, such as: • XM Core – Allows agencies to construct surveys, distribute them to participants, and then manage and analyze individual participant responses. Agencies can then create reports that present the results and publish these reports to the web or share the report links with others. • Customer Experience - Allows agencies to study and improve the customer experience by employing Relationship NPS, Transactional NPS, Customer Satisfaction, and Event Feedback programs. • Employee Experience - Allows agencies to measure and manage employee engagement by creating feedback loops for relevant aspects of public sector employment, such as Manager Feedback, Training Feedback, Employee Engagement, and Employee Pulse programs. • Site Intercept – Allows agencies to display a piece of text, graphic, or widget that encourages a visitor to their website to take a survey or redirect to a specific webpage. To implement, the agency administrator places a snippet of Qualtrics’ JavaScript code on the agency’s website. • Actions and Tickets - Allows defining and triggering a workflow when a set of conditions are met, such as creating support tickets or integrating with external systems via web service API. • Data Analytics - Provides ability to perform natural language processing, statistical and predictive analysis of the data collected via the Research Suite. • Reports and Dashboards – Enables agencies to build dashboards that provide visual displays of the data collected from an agency’s surveys combined with other imported data sources. Qualtrics creates a library where each agency can store question templates, graphics, messages, and files to be used in building surveys and sending messages to participants. Agencies can integrate data from other sources, such as their customer relationship management (CRM) tools, and produce and share reports. They can upload a list of contacts as a CSV file or manually enter or edit contacts. Agencies can also view the complete history of interactions that they have had with their contacts via emails or survey responses. The XM Platform allows customers to send surveys, notifications, and other messages via a built-in email mechanism. To enable this, the application provides an outbound mail delivery engine via SMTP. In addition, customers can generate a URL that links to their survey and send the URL out to survey participants via their own email systems. Reports and data can be exported to a variety of formats, including Word, Excel, PDF, and CSV/TSV, etc. The XM Platform provides an Administration tool that allows designated agency admins to create groups and user permissions and assign them to authorized agency users. Permissions can be set up at the agency, division, or organization level. A single sign-on (SSO) capability enables agencies to implement identity federation via LDAP, SAML / Shibboleth, central authentication service (CAS), or OAuth 2.0. Qualtrics also makes available a REST API to allow agencies to automate functions such as connecting Qualtrics surveys with external systems such as a CRM like Salesforce.Live Snowflake Inc.Snowflake Data Cloud on AWS GovCloudAuthorizedSaaSHigh2023-04-24SR22016FortreumSiddique ChaudhrySiddique.chaudhry@snowflake.comGovRAMP Approvals CommitteeSnowflake is the only data warehouse built for the cloud, enabling the data-driven enterprise with instant elasticity, secure data sharing and per-second pricing, across multiple clouds. Snowflake combines the power of data warehousing, the flexibility of big data platforms and the elasticity of the cloud at a fraction of the cost of traditional solutions. Find out more at https://www.snowflake.com/.Live QuadientS.M.A.R.T. - State and Federal EditionsAuthorizedSaaSModerate2025-11-24SR24063A-LIGNKevin Warnerk.warner@quadient.comGovRAMP Approvals CommitteeThe S.M.A.R.T. State and Federal Edition family of products provides the ultimate Shipping, Mailing, Accounting, Reporting and Tracking experience - all from a single dashboard! This solution combines leading edge technologies to improve customer interactions and business processes. A consistent look and feel across each element provides familiarity to users, making navigation simple and intuitive. Each S.M.A.R.T. version fuels stronger business communications with your internal and external customers by providing detailed shipping and tracking notifications, chargeback accounting with postage meter reconciliation and extensive reporting options to name a few. Several S.M.A.R.T. versions, supporting from the most basic to complex workflows, are available. Choose the one that best aligns with your agency's needs."Live Trend MicroTrend Micro Vision One for GovernmentAuthorizedSaaSModerate2024-05-21SR23057FortreumSteven Ryansteven_ryan@trendmicro.comGovRAMP Approvals CommitteeTrend Micro Vision One for Government is a modern security operations platform that enables organizations to detect, investigate, prioritize, and respond to threats faster.
With built-in security analytics and threat intelligence, Trend Micro Vision One correlates data across multiple security layers from native sensors and third-party data sources to help security teams quickly see the full story of an attack and respond faster and more confidently.
Trend Micro Vision One serves the EDR use case with our Trend Micro Endpoint Sensor while delivering a solution path to a broader XDR strategy to extend detection and response to additional attack vectors, including servers and cloud workloads.
Built for the SOC analyst, CISO, and threat hunter, this platform leverages AI and predictive machine learning to arm defenders with earlier threat detection and automated response options that make a difference. The visibility and efficiency provided by Trend Micro Vision One makes great security teams even better, enabling them to do more with less.
Trend Micro is trusted by 9 out of the top 10 Fortune 500 companies, blocks over 94 billion threats per year, analyzes over 100 TB of threat information per day and processes over 2.5 trillion events per day. We are cyber security experts.Live CivicPlus, Inc.CivicPlus Agenda and Meeting Management SelectReadySaaSModerate2025-07-15SR24048A-LignJim Flynnflynn@civicplus.comN/AAgenda and Meeting Management Select provides an end-to-end solution that enables municipal clerks to easily manage agendas, minutes, and public meetings, while providing the public with unparalleled transparency and access to the meeting process.Live Strategy, Inc.Managed Cloud GovernmentAuthorizedSaaSModerate2023-03-27SR22040A-LignSamuel Petreskispetreski@microstrategy.comGovRAMP Approvals CommitteeMicroStrategy is the world’s top-rated platform for enterprise analytics. The MicroStrategy Intelligence Platform offers a full range of trusted, modern BI experiences, and is designed to help departments and agencies build data-driven cultures and make faster, smarter decisions. Built for performance at scale, MicroStrategy delivers concrete answers to users where and when they’re needed. Foundationally, the platform offers out-of-the-box drivers and gateways for a variety of data sources, types, and formats, and APIs/SDKs which are hosted within the MicroStrategy Platform Deployed within Customer Tenant. Using the platform’s proprietary enterprise semantic graph, agencies can establish a unified, governed, secure, and reusable data model on which a variety of intelligence solutions can be built to deliver accurate, personalized, and trusted information to individual users based on each agency’s enterprise data dictionary.
The MicroStrategy Cloud for Government is a fully managed enterprise analytics solution that offers all the market-leading capabilities of the MicroStrategy Intelligence Platform on a unique Amazon Web Services (AWS) GovCloud implementation. MicroStrategy Cloud for Government features a fully optimized reference architecture built specifically for deployment in a customer-licensed AWS environment, offered as a software-as-a-service (SaaS) solution. MicroStrategy administers each unique MicroStrategy Cloud for Government environment on the behalf of each government department or agency, including steady state operations, routine application of software upgrades, robust system monitoring and alerting, and 24/7/365 technical support for priority issues. The components that directly support the MicroStrategy Cloud for Government cloud service offering are described in the subsections below.
MicroStrategy Cloud for Government is a SaaS service built on top of AWS GovCloud (US) IaaS servers. MicroStrategy utilizes AWS GovCloud (US) to provide the resources that host the MicroStrategy Cloud for Government platform and leverages the experience and resources of AWS to scale quickly and securely as necessary to meet current and future demand. MicroStrategy is responsible for designing and configuring the MicroStrategy Cloud for Government architecture within AWS GovCloud (US) to ensure that the availability, security, and resiliency requirements are met.Live CivicPlus, Inc.CivicPlus Municipal Website CentralReadySaaSModerate2025-07-01SR24043A-LignJim Flynnflynn@civicplus.comN/AThe CivicEngage Central (CivicEngage) content management system (CMS) is robust and flexible with all the features and functionality you need today and in the future. Developed for municipalities that need to update their website frequently, CivicPlus provides a powerful government content management structure and website menu management system. The easy-to-use system allows non-technical employees to efficiently update any portion of your website. Each website begins with a unique design developed to meet your specific communication and marketing goals, while showcasing the individuality of your community. Features and capabilities are added and customized as necessary, and all content is organized in accordance with web usability standards.Live Palo Alto NetworksGovernment Cloud Services (GCS-High)AuthorizedSaaSHigh2024-02-28SR23031FortreumLauren Alowaylaloway@paloaltonetworks.comGovRAMP Approvals CommitteePalo Alto Networks Government Cloud Services (GCS-High) includes a variety of cloud-based cybersecurity offerings. As your agency moves forward in its modernization efforts, it needs trusted cybersecurity solutions that will reduce the risk of data breaches while meeting compliance. Develop a comprehensive cloud cybersecurity strategy with solutions that protect workers, data and applications from cyber adversaries and advanced threats. The following products and services make up our offering.

Cloud Identity Engine
Identity-based security controls are a foundational requirement to achieve Zero Trust. Palo Alto Networks Cloud Identity Engine is an entirely new cloud-based architecture for identity-based security that can consistently authenticate and authorize your users, regardless of location and where user identity stores live—on-premises, in the cloud, or hybrid. As a result, security teams can effortlessly allow all users access to applications and data everywhere and quickly move toward a Zero Trust security posture.

Cortex XDR
A cloud-based service providing a prevention, detection and response platform that integrates network, endpoint, and cloud data to stop sophisticated attacks. Cortex XDR leverages logs, alerts, and information from Palo Alto Networks and third-party security products. It also enforces security policies on endpoints, preventing malware and data loss. Cortex XDR correlates security alerts and network logs with the endpoint processes that generated the alerts, allowing customers to investigate security alerts, as well as search for and remotely respond to threats.

Cortex XSOAR
A comprehensive security orchestration, automation, and response (SOAR) platform that unifies case management, automation, real-time collaboration, and threat intelligence management to serve security teams across the incident lifecycle.

Cortex XSIAM
A cloud-delivered, integrated SOC platform that unifies key functions, including EDR, XDR, SOAR, ASM, UEBA, TIP, and SIEM, consolidating multiple products into a single, integrated platform. XSIAM delivers an intelligent data foundation by integrating telemetry from any source, providing unified security operations across any hybrid IT architecture.

Cortex Xpanse
An active attack surface management solution that helps your organization discover, understand and respond to unknown risks in all internet-connected systems and services. Xpanse scans the entire internet automatically and continuously, discovering and indexing previously unknown risks, using supervised ML models to continuously map your attack surface and prioritize remediation efforts, while reducing MTTR with the help of built-in automated playbooks.



Prisma Cloud
A cloud native security platform that provides comprehensive visibility, threat prevention, compliance assurance and data protection consistently across hybrid and multi-cloud environments.

Prisma Cloud Compute
A cloud-native platform that delivers cloud workload protection. Prisma Cloud Compute provides holistic protection across hosts, containers, and serverless deployments in any cloud, throughout the software lifecycle. Prisma Cloud Compute protects all workloads regardless of their underlying compute technology or the cloud in which they run. In addition, it provides Web Application and API Security (WAAS) for any cloud native architecture.

WildFire Government Cloud
An analysis and prevention engine for highly evasive zero-day exploits and malware. The cloud-based service employs a unique multi-technique approach combining dynamic and static analysis and innovative machine learning techniques to detect and prevent even the most evasive threats. It is a subscription service that works with the Palo Alto Networks Next Generation Firewalls (including VM-Series and CN-Series), Prisma Access, Prisma Cloud, Cortex XSIAM, and Cortex XDR.

Prisma Access
A Secure Access Service Edge (SASE) that provides scalable, cloud-delivered networking and security to branch offices and remote users. With Prisma Access, agencies are able to rapidly enable consistent, secure connectivity for remote locations and employees.

Prisma SD-WAN
Prisma SD-WAN enables branch services such as networking and security to be delivered from the cloud, simplifying WAN management. The controller provides deep application visibility, with Layer 7 intelligence for network policy creation and traffic engineering. It automates operations and problem avoidance using machine learning and data science methodologies.

Cloud Management
A cloud delivered management solution used by customers to manage Prisma SASE from Palo Alto Networks.

Multi-Tenant Service Provider Portal (MSP)
The MSP solution provides hierarchical multi-tenant management for customers and partners

PRISMA INSIGHTS
Prisma Insights provides a comprehensive platform for global visibility and monitoring for the Prisma Access service. It continuously monitors the health and performance of your Prisma Access environment with Insights in the Prisma Access app.



ADEM
Autonomous Digital Experience Management (ADEM) provides organizations with segment-wise insights, comprehensive visibility, and SASE-native DEM integrated with Prisma SASE, the secure foundation for agile, cloud-enabled organizations.

API Gateway
The API Gateway provides authorization services for customers and partners to leverage Palo Alto Networks RESTful API

Data Loss Prevention Data Security
Palo Alto Networks’ Enterprise DLP software-as-a-service system is a network DLP service to prevent Data Loss of sensitive data. The solution helps facilitate an organization’s data protection and compliance efforts in a simplified and cost-effective manner.

SAAS API / Inline / SSPM
SaaS Security is a solution that helps Security teams meet the challenges of protecting the growing availability of sanctioned and unsanctioned SaaS applications and maintaining compliance consistently in the cloud while stopping threats to sensitive information, users and resources. SaaS Security options include SaaS Security API, SaaS Security Inline, and SaaS Security Posture Management (SSPM).

Advanced WildFire
An analysis and prevention engine for highly evasive zero-day exploits and malware. The cloud-based service employs a unique multi-technique approach combining dynamic and static analysis and innovative machine learning techniques to detect and prevent even the most evasive threats.

APP-ID Cloud Engine - ACE
A platform that enables the firewall or Panorama to download App-IDs from the cloud for applications that do not have specific predefined App-IDs from the Palo Alto Networks content releases.

Threat Prevention
The Palo Alto Networks® Threat Prevention protects and defends your network from commodity threats and advanced persistent threats (APTs). The multi-pronged detection mechanisms include a signature-based (IPS/Command and Control/Antivirus) approach, heuristics-based (bot detection) approach, sandbox-based (WildFire) approach, and Layer 7 protocol analysis-based (App-ID) approach.

URL Filtering
URL filtering technology protects users from web-based threats by providing granular control over user access and interaction with content on the Internet. You can develop a URL filtering policy that limits access to sites based on URL categories, users, and groups.

Cortex Data Lake
Collects, normalizes, and integrates data from Palo Alto Networks products with public cloud scale.
Live Splunk Inc.Splunk CloudAuthorizedSaaSModerate2023-05-25SR22038SchellmanSplunk GovRAMP Teamssg-StateRAMP@splunk.comGovRAMP Approvals CommitteeSplunk Cloud Platform delivers the benefits of award-winning Splunk® Enterprise as a cloud-based service. Using Splunk Cloud Platform, you gain the functionality of Splunk Enterprise for collecting, searching, monitoring, reporting, and analyzing all of your real-time and historical machine data using a cloud service that is centrally and uniformly delivered by Splunk to its large number of cloud customers, from Fortune 100 companies to small and medium-size businesses. Splunk manages and updates the Splunk Cloud Platform service uniformly, so all customers of Splunk Cloud Platform receive the most current features and functionality.

Other Service(s)
Admin Config Service
Automated Private App Validation
Cloud Monitoring Console
Dashboard Studio
Dynamic Data Active Archive (DDAA)
Dynamic Data Active Searchable (DDAS)
Dynamic Data Self-Storage (DDSS)
Federated Search
Federated Search S3
Ingest Actions
KV Store
Private Connectivity
Splunk Cloud Platform
Splunk Enterprise Security
Splunk IT Service Intelligence
Splunk SOARLive CivicPlus, Inc.NextRequestReadySaaSModerate2025-07-15SR24046A-LignJim Flynnflynn@civicplus.comN/ANextRequest is the leading FOIA management software empowering local and state governments with tools to easily manage and fulfill public records requests. Agencies and special districts of all sizes rely on NextRequest to coordinate records requests cross-departmentally, to increase compliance, and to decrease costs associated with record management. Agencies save time and increase transparency with our secure and easy-to-use software.Live Sona Systems LLCExperiment Management System (Enhanced Security Edition)AuthorizedSaaSModerate2024-07-19SR23066LunarlineJustin Fidler justin@sona-systems.comGovRAMP Approvals CommitteeSona Systems offers a cloud-based solution for universities to manage research participation.Live VeracodeVeracode Online Security Platform for GovernmentAuthorizedSaaSModerate2023-04-17SR23004Schellman and Company, LLCTim JarrettTJarrett@Veracode.comGovRAMP Approvals CommitteeVeracode’s unified platform helps Government developers and application security teams assess and improve the security of applications from inception through production. With a combination of automation, process, and speed, Veracode integrates application security into the software lifecycle, effectively eliminating vulnerabilities during the development/deployment chain. This solution is widely used by enterprises to secure web, mobile, legacy, and third-party enterprise applications, with a simpler and more scalable way to help reduce software security risk across software infrastructure.Live ZscalerZscaler Internet Access - Government (Secure Web Gateway - vTIC)AuthorizedSaaSModerate2022-01-242024-04-19SR21001Schellman and Company, LLCVidya Meenakshisundaram Vidya@zscaler.comGovRAMP Approvals CommitteeZscaler Internet Access delivers your security stack as a service from the cloud, eliminating the cost and complexity of traditional secure web gateway approaches.Live SAP National Security SystemsCloud Intelligent EnterpriseAuthorizedPaas/SaaSModerate2023-12-05SR23001FortreumPenny Kleinpenny.klein@sapns2.comGovRAMP Approvals CommitteeThe SAP NS2 StateRAMP Cloud Intelligent Enterprise (CIE) is a secure cloud environment that hosts the following suite of SAP cloud solutions: SAP SuccessFactors, SAP Employee Central Payroll, SAP Analytics Cloud, SAP Business Technology Platform and SAP S/4HANA Cloud, private edition. Within the StateRAMP CIE cloud environment, states and their agencies can safely adopt and deploy SAP cloud solutions within our secured cloud model. SAP NS2 offers customers enhanced security, availability, compliance, and support to help deliver a mission-critical edge. More information can be found on https://www.sapns2.com/ns2-secure-cloud/Live Human Resources Technologies, Inc.FedHIVEAuthorizedIaaS, PaaS & SaaSHigh2024-12-16SR24003LunarlineRichard Schottrschott@hrtec.netGovRAMP Approvals CommitteeFederal High Impact Virtualized Environment (FedHIVE) received a FedRAMP’s High Impact Level Joint Authorization Board (JAB) Provisional Authority to Operate (P-ATO) for Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service (PaaS) and a DoD Commercial Cloud (Off-Premises CSO) Impact Level (IL) 4 Provisional Authorization (PA), soon to have IL-5. FedHIVE offers customers a compliant, scalable, and secure infrastructure for the safeguarding of information systems which process and store Controlled Unclassified Information (CUI), supporting the deployment of Software-as-a-Service (SaaS) solutions for Agencies, and the capabilities to assist your organization in accelerating your digital transformation objectives.
FedRAMP JAB P-ATO authorized by FedRAMP JAB CISOs from DoD, DHS, and GSA
DoD PA authorized by DISA RME RE2 Cloud Assessment Division.Live Snowflake Inc.Snowflake Data Cloud on Azure South Central USAuthorizedSaaSModerate2025-04-11SR24039FortreumRyan Swansonryan.swanson@snowflake.comGovRAMP Approvals CommitteeSnowflake is the only data warehouse built for the cloud, enabling the data-driven enterprise with instant elasticity, secure data sharing and per-second pricing, across multiple clouds. Snowflake combines the power of data warehousing, the flexibility of big data platforms and the elasticity of the cloud at a fraction of the cost of traditional solutions. Find out more at https://www.snowflake.com/.Live Wolters KluwerTeamMateAuthorizedSaaSModerate2023-06-19SR22037Schellman & Company, LLCAlberto De Benito AznarTeamMate-FedRAMP@wolterskluwer.comGovRAMP Approvals CommitteeTeamMate Audit and TeamMate Controls are two integrated solutions that support government agencies in managing audits and internal controls within a secure cloud environment. TeamMate Audit enables end-to-end audit planning, execution, issue tracking, and reporting, while TeamMate Controls supports the documentation, testing, and monitoring of internal controls and remediation activities. Together, they provide a centralized approach to audit and control management, helping agencies improve oversight, consistency, and risk management.Live Xerox Corporation Managed Print Services for US GovernmentAuthorizedSaaSModerate2023-09-11SR23011CoalfireBruce Talbertbruce.talbert@xerox.comGovRAMP Approvals CommitteeXerox Managed Print and Capture Services (MPCS) for US Government is a cloud-based solution developed specifically to help US Federal, State, and Local government agencies manage the print and document capture life cycles within an organization while maximizing productivity, security and reducing waste and risk.
The Xerox Managed Print Services (MPS) capability is a management solution for both Xerox and Non-Xerox print/imaging devices such as printers, multi-function devices, and copiers. Managed print services focus on the management of print output devices themselves, related supplies, and service requirements. The solution ensures proactive device management resulting in maximum uptime, utilization/optimization, and robust print and security policy management.
Xerox Capture Services provide advanced multichannel capture, digitization, and data transformation to help government agencies achieve digital transformation goals. Digitization is typically backfile and day forward and can include scanning, indexing, and file transfer. Digitization and imaging services can be provided on-site, near-site or off-site via a scanner, a multifunction device or through our Global Capture Platform. Digitization can be combined with data transformation, process automation, and electronic document management solutions to ensure optimal speed and productivity.Live Palo Alto NetworksGovernment Cloud Services (GCS-Mod)AuthorizedSaaSModerate2024-04-08SR23033FortreumLauren Alowaylaloway@paloaltonetworks.comState of ArizonaPalo Alto Networks Government Cloud Services (GCS-Mod) includes a variety of cloud-based cybersecurity offerings. As your agency moves forward in its modernization efforts, it needs trusted cybersecurity solutions that will reduce the risk of data breaches while meeting compliance. Develop a comprehensive cloud cybersecurity strategy with solutions that protect workers, data and applications from cyber adversaries and advanced threats. The following products and services make up our offering.

Cloud Identity Engine
Identity-based security controls are a foundational requirement to achieve Zero Trust. Palo Alto Networks Cloud Identity Engine is an entirely new cloud-based architecture for identity-based security that can consistently authenticate and authorize your users, regardless of location and where user identity stores live—on-premises, in the cloud, or hybrid. As a result, security teams can effortlessly allow all users access to applications and data everywhere and quickly move toward a Zero Trust security posture.

Cortex XDR
A cloud-based service providing a prevention, detection and response platform that integrates network, endpoint, and cloud data to stop sophisticated attacks. Cortex XDR leverages logs, alerts, and information from Palo Alto Networks and third-party security products. It also enforces security policies on endpoints, preventing malware and data loss. Cortex XDR correlates security alerts and network logs with the endpoint processes that generated the alerts, allowing customers to investigate security alerts, as well as search for and remotely respond to threats.

Cortex XSOAR
A comprehensive security orchestration, automation, and response (SOAR) platform that unifies case management, automation, real-time collaboration, and threat intelligence management to serve security teams across the incident lifecycle.

Cortex XSIAM
A cloud-delivered, integrated SOC platform that unifies key functions, including EDR, XDR, SOAR, ASM, UEBA, TIP, and SIEM, consolidating multiple products into a single, integrated platform. XSIAM delivers an intelligent data foundation by integrating telemetry from any source, providing unified security operations across any hybrid IT architecture.

Cortex Xpanse
An active attack surface management solution that helps your organization discover, understand and respond to unknown risks in all internet-connected systems and services. Xpanse scans the entire internet automatically and continuously, discovering and indexing previously unknown risks, using supervised ML models to continuously map your attack surface and prioritize remediation efforts, while reducing MTTR with the help of built-in automated playbooks.



Prisma Cloud
A cloud native security platform that provides comprehensive visibility, threat prevention, compliance assurance and data protection consistently across hybrid and multi-cloud environments.

Prisma Cloud Compute
A cloud-native platform that delivers cloud workload protection. Prisma Cloud Compute provides holistic protection across hosts, containers, and serverless deployments in any cloud, throughout the software lifecycle. Prisma Cloud Compute protects all workloads regardless of their underlying compute technology or the cloud in which they run. In addition, it provides Web Application and API Security (WAAS) for any cloud native architecture.

WildFire Government Cloud
An analysis and prevention engine for highly evasive zero-day exploits and malware. The cloud-based service employs a unique multi-technique approach combining dynamic and static analysis and innovative machine learning techniques to detect and prevent even the most evasive threats. It is a subscription service that works with the Palo Alto Networks Next Generation Firewalls (including VM-Series and CN-Series), Prisma Access, Prisma Cloud, Cortex XSIAM, and Cortex XDR.

Prisma Access
A Secure Access Service Edge (SASE) that provides scalable, cloud-delivered networking and security to branch offices and remote users. With Prisma Access, agencies are able to rapidly enable consistent, secure connectivity for remote locations and employees.

Prisma SD-WAN
Prisma SD-WAN enables branch services such as networking and security to be delivered from the cloud, simplifying WAN management. The controller provides deep application visibility, with Layer 7 intelligence for network policy creation and traffic engineering. It automates operations and problem avoidance using machine learning and data science methodologies.

Cloud Management
A cloud delivered management solution used by customers to manage Prisma SASE from Palo Alto Networks.

Multi-Tenant Service Provider Portal (MSP)
The MSP solution provides hierarchical multi-tenant management for customers and partners

PRISMA INSIGHTS
Prisma Insights provides a comprehensive platform for global visibility and monitoring for the Prisma Access service. It continuously monitors the health and performance of your Prisma Access environment with Insights in the Prisma Access app.



ADEM
Autonomous Digital Experience Management (ADEM) provides organizations with segment-wise insights, comprehensive visibility, and SASE-native DEM integrated with Prisma SASE, the secure foundation for agile, cloud-enabled organizations.

API Gateway
The API Gateway provides authorization services for customers and partners to leverage Palo Alto Networks RESTful API

Data Loss Prevention Data Security
Palo Alto Networks’ Enterprise DLP software-as-a-service system is a network DLP service to prevent Data Loss of sensitive data. The solution helps facilitate an organization’s data protection and compliance efforts in a simplified and cost-effective manner.

SAAS API / Inline / SSPM
SaaS Security is a solution that helps Security teams meet the challenges of protecting the growing availability of sanctioned and unsanctioned SaaS applications and maintaining compliance consistently in the cloud while stopping threats to sensitive information, users and resources. SaaS Security options include SaaS Security API, SaaS Security Inline, and SaaS Security Posture Management (SSPM).

Advanced WildFire
An analysis and prevention engine for highly evasive zero-day exploits and malware. The cloud-based service employs a unique multi-technique approach combining dynamic and static analysis and innovative machine learning techniques to detect and prevent even the most evasive threats.

APP-ID Cloud Engine - ACE
A platform that enables the firewall or Panorama to download App-IDs from the cloud for applications that do not have specific predefined App-IDs from the Palo Alto Networks content releases.

Threat Prevention
The Palo Alto Networks® Threat Prevention protects and defends your network from commodity threats and advanced persistent threats (APTs). The multi-pronged detection mechanisms include a signature-based (IPS/Command and Control/Antivirus) approach, heuristics-based (bot detection) approach, sandbox-based (WildFire) approach, and Layer 7 protocol analysis-based (App-ID) approach.

URL Filtering
URL filtering technology protects users from web-based threats by providing granular control over user access and interaction with content on the Internet. You can develop a URL filtering policy that limits access to sites based on URL categories, users, and groups.

Cortex Data Lake
Collects, normalizes, and integrates data from Palo Alto Networks products with public cloud scale.
Live CivicPlus, Inc.SeeClickFix 311 CRMReadySaasLow2026-04-24SR24085A-LignJim Flynnflynn@civicplus.comN/AOur 311 CRM solution enables your residents to report non-emergency issues to government leaders, share feedback, and request information about your community. For your staff, our software powers efficient and frictionless workflows to encourage data-driven decisions. As a result, you can collaboratively create a stronger community.Live SOS TechnologiesSmartSOS AuthorizedSaaSModerate2025-04-16SR24036FortreumPaul Averillpaverill@sos-tech.comGovRAMP Approvals CommitteeSmartSOS is a threat detection and response platform that is designed to help organizations better prevent and respond to workplace violence. SmartSOS is the only product of its kind that eliminates the need for a 911 call reducing police dispatch times from 10 minutes to less than 10 seconds.Live Steel Patriot PartnersFederal ZenGRCReadySaaSModerate2025-01-07SR24032SchellmanJason Fordjford@steelpatriotpartners.comN/AFederal ZenGRC is a tool for creating, implementing, and
managing a Governance, Risk, and Compliance (GRC)
program. It facilitates effective and efficient GRC functions,
such as document management, program control
management, security and compliance framework alignment,
approval, internal audit, external assessment, risk
assessment, vendor risk assessment, and continuous
monitoring. It leverages an object-based approach allowing
full mapping across object types ensuring a holistic view of
the program structure and cohesiveness. It securely stores
evidence for all object types and enables reuse across
multiple frameworks and audits. Management and evidence-
collection tasks can be automated and workflows assigned to
guide proper execution by organizational personnel.

Federal ZenGRC is delivered as a software-as-a-service
(SaaS) offering using Amazon Web Services
(AWS) GovCloud cloud computing, leveraging isolated accounts per
environment. It is available to public companies, federal,
state, local, and tribal governments, research institutions,
federal contractors, and government contractors that
demonstrate requirements for governance, risk, and
compliance services.Live OracleOracle Taleo CloudAuthorizedSaaSModerate2024-07-30SR24002CoalfireBen Wareben.ware@oracle.comGovRAMP Approvals CommitteeOracle Taleo Cloud services are Oracle’s Software as a Service (SaaS) solution, providing a comprehensive talent management and learning service. Taleo Enterprise Edition offers a comprehensive talent management suite that spans the entire employee lifecycle and helps companies hire, manage, reward, and develop their employees with a full talent management solution for recruiting and on boarding, performance management, employee development and succession planning. Since Taleo Enterprise Edition is built on a single unified platform and delivered on demand, you can implement a single module or the full solution based on your needs. Oracle’s Taleo Learn Cloud offers an employee development and training software solution that supports the learning challenges of large complex enterprises. Taleo Learn links human resources management to learning with Talent Intelligence. The Taleo Learn Cloud Service is a solution for delivering, tracking, managing, and reporting on formal and informal learning. Users have access to learning through a single platform for online, classroom, virtual, and on-the-job training, as well as assessments, blended learning, social learning, and self-reported training. Organizations can design a tailored user experience with complete control of the user interface.Live Google, Inc. Google Workspace Authorized, Federal JABSaaSHigh2023-02-17SR22026Coalfire SystemsAshleigh Laonestateramp@google.comGovRAMP Approvals CommitteeGoogle Workspace is a cloud-based offering for enterprise and government customers. Google’s product offerings, including Google Workspace and Application Programming Interfaces (APIs), are comprised of communication, productivity, collaboration and security tools that can be accessed virtually from any location with Internet connectivity.Live PMG Software Professionals LLCPMG Transportation Planning & Programming PlatformReadySaaSLow2026-01-29SR25092Prescient SecurityRajib Banerjeerbanerjee@pmgpro.comN/ALive WordPress VIP WordPress VIPAuthorizedPaaSModerate2025-08-08SR24062FortreumDeborah Beckettdeborah@automattic.comGovRAMP Approvals CommitteeWordPress VIP provides web application hosting, platform, support, and professional services necessary to provide performance, scalability, security, and reliability to organizations. Our customers range from Enterprise SaaS providers like Salesforce, to US Federal institutions like NASA and the White House, to Fortune 100 organizations like Merck, and high-scale media publishers like Newscorp.Encryption and Decryption Services,Live TenableTenable Cloud SecurityAuthorizedSaaSModerate2025-09-15SR24064EmagineITRalph-kan Kumcompliance@tenable.comGovRAMP Approvals CommitteeTenable Cloud Security is the actionable solution to cloud risk, rapidly exposing and closing priority security gaps caused by cloud misconfigurations, risky entitlements for users and services, vulnerabilities and overly-permissive access to confidential data. Tenable Cloud Security is a Cloud Native Application Protection Platform (CNAPP) solution that isolates and minimizes these risks at scale across infrastructure, workloads, identities and data in the cloud.Live CivicPlus, Inc.CivicPlus Recreation ManagementReadySaaSModerate2025-07-01SR24045A-LignJim Flynnflynn@civicplus.comN/ARecreation Management (CivicRec) provides parks and recreation software that can help centralize all your activity, facility, staffing, and point-of-sale needs. The cloud-based nature of CivicRec means that staff can manage their operations from anywhere— and on any device. Our interface is both clean and easy-to-use so that you can present a modern face to the public. Whether the public is using the recreation registration software to sign up for programs, rent facilities, or browse catalog offerings, you can be confident that your parks and recreation department is presenting an easy-to-use option for the public, making it convenient to engage with your programs and facilities.Live Rubrik Rubrik Security Cloud - Government (RSC-G)AuthorizedSaaSModerate2023-12-12SR23023Kratos Defense Gayle Berkeley gayle.berkeley@rubrik.comArizona Department of Homeland SecurityRubrik Security Cloud - Government is a data security platform that delivers complete cyber resilience across enterprise, cloud, and SaaS applications. Built with zero trust design and powered by machine learning, Rubrik Security Cloud automates data policy management and enforcement, safeguards sensitive data, delivers data threat analytics and response, and orchestrates rapid cyber and operational recovery by surgically and rapidly restoring impacted apps, files, and objects.

For more information please visit http://www.rubrik.com and follow @rubrikInc on X (formerly Twitter) and Rubrik on LinkedIn.Live Virtru CorporationVirtru Data Protection PlatformAuthorizedSaaSModerate2025-03-18SR23043Schellman & CompanyPeter Nancarrowpnancarrow@virtru.comGovRAMP Approvals CommitteeThe Virtru Data Protection Platform is a data-centric content encryption solution that provides for pervasive protection of content types, the ability to share content internally and externally without manual encryption key exchanges, and integration with existing applications and workflows.Live RampRampGovReadySaaSModerate2025-07-31SR24066CoalfireLewis Drummondgovteam@ramp.com N/ARamp provides a unified platform for charge cards and expense management, designed to maximize visibility, enforce policy controls, and drive operational efficiency at scale. Our customers rely on Ramp to manage their financial operations, drive efficiency, and stop wasteful spending."Live SecurityScorecardRatings Cloud ServiceReadySaaSModerate2024-02-27SR23065Schellman & CompanySteve Cobbsteve.cobb@securityscorecard.ioN/ASecurityScorecard Security Ratings monitors the security posture of millions of companies by calculating a risk score derived from publicly available data. Companies are assigned A-F ratings across risk factors including domain name system (DNS) health, internet protocol (IP) reputation, web application security, network security, leaked information, hacker chatter, endpoint security, and patching cadence. This data is provided to customers via the Security Ratings web application.
Customers use the Security Ratings web application to review security ratings and detailed security reports. Users access Security Ratings through a standard web browser and leverage identity federation for authentication. Within the application, users search for companies of interest and review security reports developed by SecurityScorecard. These ratings and reports allow customers to evaluate the cybersecurity risk for companies of interest using data-driven, objective, and continuously evolving metrics that provide visibility into information security control weaknesses as well as potential vulnerabilities throughout the supply chain ecosystem. Users can also create "portfolios" to group together companies of interest and easily compare vendors to help make procurement decisions, evaluate acquisition targets, conduct industry benchmarking, and more.
Additional capabilities and data points (collected from publicly available data sources) in the Security Ratings web application include:
• IP attribution to company domain(s)
• Security vulnerability monitoring by company and security factors
• Security risk benchmarking and scoring by company and industry
• Alerts for changes in risk scores
• Executive and detailed company scorecard reports
• Workflow for collaboration and remediation with monitored suppliersLive CivicPlus, Inc.CivicPlus PayReadySaaSModerate2025-07-01SR24047A-LignJim Flynnflynn@civicplus.comN/ACivicPlus Pay is what we refer to as a "Power Product" it is an add-on to a regular website product and serves as website layer of abstraction between our other webproducts and PCI compliant payment gateways. Pay functions to redirect browsers to payment gateways and to house limited PII related to payment transactions and makes it possible for us to have a single PCI certified product rather than seeking the certification on all the connected products.Live Amazon Web Services, IncAWS US East/WestAuthorized, Hyperscale Inheritance Authority (HIA)SaaS, IaaS, PaaSModerate2026-02-12SR25099Judge Smalljudgesma@amazon.comN/AThe AWS US East/West Regions are delivered as a multiple service layer cloud architecture model offering using a multi-tenant Public cloud computing environment. It is available to both government and non-government customers.Live SASSAS AI and Analytics for GovernmentAuthorizedSaaSModerate2024-12-13SR24029A-LignEric Browneric.brown@sas.comGovRAMP Approvals CommitteeSAS Artificial Intelligence and Analytics (AIA) information system is a cloud-based service offering that is managed by SAS Institute Inc. The SAS AIA information system aims to help customers reduce workload and operational cost. It is a Software as a Service (SaaS) cloud option for SAS Software customers and more specifically, government agencies, including State, Local and Federal. The SAS AIA information system infrastructure leverages Microsoft Azure Commercial cloud within United States data centers. SAS provides and manages the platforms and software included in these offerings.Live Tanium, Inc.Tanium Cloud for US Government (TC-USG)AuthorizedSaaSModerate2023-05-05SR22019LunarlineEric Kirscherstateramp@tanium.comGovRAMP Approvals Committee"Tanium Cloud for US Government (TC-USG) delivers an agent-based endpoint management and security platform, managed and delivered as a cloud-hosted SaaS. The Tanium Core Platform and its services are automatically configured and maintained. For more information, please visit https://tanium.com The following TC-USG services are included within authorization boundary and are offered to customers individually or as desired: Tanium Interact, Tanium Asset, Tanium Comply, Tanium Connect, Tanium Deploy, Tanium Discover, Tanium Enforce, Tanium Impact, Tanium Integrity Monitor, Tanium Map, Tanium Patch, Tanium Performance, Tanium Provision, Tanium Reveal, Tanium Risk, Tanium Threat Response, Tanium Trends." From FedRAMP Marketplace.Live T-Metrics, Inc.T-Metrics Cloud Contact CenterAuthorizedSaaSModerate2023-05-23SR23009A-LignMichael Jollymjolly@tmetrics.comGovRAMP Approvals CommitteeThe T-Metrics Cloud Contact Center is an Omnichannel Contact Center as a Service (CCaaS) solution that offers voice, email, SMS, artificial intelligence, analytics, ACD, call and screen recording, scorecard, and survey to state and local agencies to improve constituent services. The advanced SaaS solution enables agencies to leverage their investments in Unified Communications, Phones, Carrier and SMS Services with its unique design. The architecture offers agencies the flexibility to consume the service however they decide - premises, hybrid, cloud.Live ZscalerZscaler Private AccessAuthorizedSaaSModerate2023-05-08SR22044Schellman and Company, LLCVidya Meenakshisundaram Vidya@zscaler.comGovRAMP Approvals CommitteeZscaler Private Access delivers your security stack as a service from the cloud, eliminating the cost and complexity of traditional secure web gateway approaches.Live MicrosoftMicrosoft Azure GovernmentAuthorized, Federal JABSaaS, PaaS, IaaSHigh2021-12-152022-04-25SR21024KratosJohn Gallagherjogallag@microsoft.comGovRAMP Approvals CommitteeMicrosoft Azure Government is a separate cloud platform to support US federal, state, local, and tribal government agencies. It can support data that’s subject to the CJIS Security Policy and IRS Publication 1075 along with FedRAMP High and other compliance standards. Microsoft Azure Government is delivered through separate datacenters with physical, logical, and network isolation from the commercial cloud and is operated by US persons who have passed fingerprint-based background checks performed by the states.Live InfobloxBloxOne Threat Defense Federal CloudProvisionally AuthorizedSaaSModerate2024-04-15SR23073Kratos DefenseChris Carlsonccarlson@infoblox.comGovRAMP Approvals CommitteeB1TD FedCloud is a suite of capabilities that enable organizations to defend their networks, conduct threat investigations and research, and provide rapid correlation and contextualization to minimize incident response times. B1TD FedCloud contains millions of verified indicators in vendor-agnostic formats that may be exported to facilitate detection, blocking, and containment of modern malware (e.g., Advanced Persistent Threats (APTs), ransomware, phishing, exploits) via an open application programming interface (API) and an analyst research portal.Live GoogleGoogle ServicesAuthorized, Federal JABIaaS, PaaS, SaaSHigh2022-11-04SR21005Coalfire Systems Amit Patelstateramp@google.comGovRAMP Approvals CommitteeGoogle Services is comprised of Google’s multi-tenant public cloud Google Cloud Platform and built atop the Google Common Infrastructure. The Google Common Infrastructure powers Google worldwide.Live