Proofpoint is proud to announce that Proofpoint Security Awareness Training has achieved Federal Risk and Authorization Program (FedRAMP) In Process status. We’re working with the FedRAMP Program Management Office (PMO) towards a FedRAMP Agency Authorization.
This FedRAMP government-wide program reduces approximately 30-40 percent of government IT costs. When the process is complete, Proofpoint Security Awareness Training will be certified as a FedRAMP-defined Moderate-Impact software-as-a-service (SaaS) offering, which enables Proofpoint to manage controlled, unclassified information such as personally identifiable information (PII) with over 300 controls.
Helping Government Agencies Improve Security by Leveraging the Cloud
This effort is part of Proofpoint’s broader commitment to help federal agencies protect their most valuable and most attacked asset: their people. Proofpoint email security solutions including Email Protection, Targeted Attack Protection and Email Data Loss Prevention are in the process for FedRAMP certification. These solutions have received FedRAMP Authority to Operate (ATO) from the Federal Communications Commission.
This ATO marks a crucial step in receiving FedRAMP certification from the General Services Administration (GSA).
FedRAMP Moderate versus Low-Impact SaaS
There are two major reasons why government agencies should utilize a FedRAMP Moderate solution like Proofpoint Security Awareness versus a Low-Impact SaaS solution:
First, agencies need to consider what is meant by PII and what PII is collected in their security awareness programs. Some agencies may determine that PII includes attributes like email address, first or last names, department, age, title, office location, hire start date, and other common attributes many organizations want to include for reporting. With a Moderate solution, there is a strict security implementation as well as operational requirements that PII data will be protected. With a Low-Impact SaaS implementation, there is no such assurance.
Second, agencies need to consider the sensitivity of the data surrounding the interactions of their employees with their security awareness training program. For example, a FedRAMP Moderate solution, protects interactions with simulated phishing attacks, knowledge assessments, training modules, and reported phishing emails as well as any other interaction with the platform and enables these interactions to be reported on over time to gauge progress. With a Low-Impact SaaS implementation, that protection requirements are much weaker, and agencies may not want to take the risk of storing and reporting on that employee data.
FedRAMP itself says it best, noting that the Moderate-Impact level certification, “accounts for nearly 80% of CSP applications that receive FedRAMP authorization and is most appropriate for CSOs where the loss of confidentiality, integrity, and availability would result in serious adverse effects on an agency’s operations assets, or individuals.”
By contrast, security awareness training programs that are Low-Impact SaaS FedRAMP level are only appropriate, “for CSOs where the loss of confidentiality, integrity, and availability would result in limited adverse effects on an agency’s operations, assets, or individuals.”
Security Awareness Training for the Federal Market
As an organization that works with many federal agencies performing critical missions, we felt it was important to give our customers better peace-of-mind about protecting their data, assets, and people. This Moderate FedRAMP implementation, when completed, will provide our Federal customers with confidence to securely store PII and report on their progress over time.
With a leadership position and our investment in FedRAMP, we are thrilled to better serve Federal customers. We look forward to continuously innovating with our security awareness training solutions, recently recognized by Gartner as a Leader for the sixth year in a row in the Magic Quadrant, to meet the needs of this critical segment with best in class security.
To learn more about all our products for the Federal space, please visit our Federal Solutions page.