Proofpoint Achieves In-process Status for FedRAMP and Kicks-off Common Criteria Certification Testing to Help Federal Agencies Stop Sophisticated Cyberattacks

June 19, 2017
Tony D’Angelo

Knocking power grids offline, immobilizing intelligence and even upending elections are within the realm of today’s digital attacks. As we saw with the Office of Personnel Management (OPM) and the Democratic National Committee (DNC) breaches, all it takes is one email phish to circumvent outdated, perimeter defenses and significant damage follows. Our Federal government is in a tough fight but it’s critical to secure the digital communication channels that power our society.

Research has shown that in 95% of breaches, email is the means of communication to the target. And cybercriminals are aggressively creating lures to deceive people into running an attacker’s code for them or handing over credentials to what they believe to be a trustworthy recipient.

With this as the backdrop, we are proud to announce that Proofpoint’s cloud Email Protection and Information Protection solutions have achieved in-process status for the Federal Risk and Authorization Management Program (FedRAMP). Concurrently, the Proofpoint Email Protection appliance is undergoing testing with a national information assurance partnership (NIAP)-approved Common Criteria Testing Laboratory (CCTL). More information on this effort is available in today’s press release.

FedRAMP certification involves rigorous testing under a variety of conditions, resulting in a standardized approach for cloud product/service assessments and monitoring. The FedRAMP standard reduces an estimated 30-40 percent of government IT costs.

These measures underscore Proofpoint’s ongoing commitment to helping our Federal government improve defenses against modern cyber threats. At the same time, it allows agencies to modify security controls to address how people work today. Regardless of size, nearly every cyber attack starts the same way – by targeting a person via email, social networks or mobile devices. FedRAMP standardization brings these environments under one security umbrella.

It’s clear that the nature of today’s threats (malware, bad URLs, spoofing, etc.) are changing constantly, which requires an aggressive and sophisticated defense to thwart all of these threat vectors, no matter the type or entry point. For more information on how Proofpoint is helping Federal agencies detect, block, and quickly respond to advanced cyber threats, please visit