FedRAMP Compliance

Thales eSecurity assists with data security compliance and encryption for FedRAMP.

Americas Map

Regulation

Active now

FedRAMP

The Federal Risk and Authorization Management Program, or FedRAMP, is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. Thales eSecurity helps Federal Government agencies and their suppliers meet these FedRAMP compliance standards. Read the white paper

FedRAMP Goals

According to FedRamp.Gov the goals of the program are as follows:

  • Accelerate the adoption of secure cloud solutions through reuse of assessments and authorizations
  • Increase confidence in security of cloud solutions
  • Achieve consistent security authorizations using a baseline set of agreed upon standards to be used for cloud product approval in or outside of FedRAMP
  • Ensure consistent application of existing security practice
  • Increase confidence in security assessments
  • Increase automation and near real-time data for continuous monitoring
Key Processes

Also according to FedRamp.Gov, FedRAMP authorizes cloud systems in a three step process:

  • Security Assessment: The security assessment process uses a standardized set of requirements in accordance with FISMA using a baseline set of NIST 800-53 controls to grant security authorizations.
  • Leveraging and Authorization: Federal agencies view security authorization packages in the FedRAMP repository and leverage the security authorization packages to grant a security authorization at their own agency.
  • Ongoing Assessment & Authorization: Once an authorization is granted, ongoing assessment and authorization activities must be completed to maintain the security authorization.
Facets of FedRAMP Compliance Thales eSecurity Can Help With

Core Thales eSecurity capabilities that help meet FedRAMP compliance standards include:

  • Encryption and Key Management: Strong, centrally managed, file, volume and application encryption combined with simple, centralized key management that is transparent to processes, applications and users.
  • Access Policies and Privileged User Controls: Restrict access to encrypted data – permitting data to be decrypted only for authorized users and applications, while allowing privileged users to perform IT operations without the ability to see protected information.
  • Security Intelligence: Logs that capture access attempts to protected data, providing high value security intelligence information that can be used with a Security Information and Event Management (SIEM) solution and for compliance reporting.

In addition to helping you with compliance for FedRAMP; FIPS 199; FIPS 200; FISMA; NIST 800-53, Revision 4, and FIPS 140-2; Thales eSecurity solutions are designed to help you comply with:

Thales eSecurity products help Federal Government agencies and their suppliers with FedRAMP compliance and encryption.

The Vormetric Data Security Platform

The Vormetric Data Security Platform from Thales eSecurity is the only solution with a single extensible framework for protecting data-at-rest under the diverse requirements of Federal Agencies across the broadest range of OS platforms, databases, cloud environments and big data implementations. The result is low total cost of ownership, as well as simple, efficient deployment and operation.

Vormetric Transparent Encryption

Vormetric Transparent Encryption from Thales eSecurity provides file and volume level data-at-rest encryption, secure key management and access controls required by regulation and compliance regimes.

Vormetric Key Management

Vormetric Key Management from Thales eSecurity enables centralized management of encryption keys for other environments and devices including KMIP compatible hardware, Oracle and SQL Server TDE master keys and digital certificates.

Vormetric Data Security Intelligence

Vormetric Data Security Intelligence from Thales eSecurity provides another level of protection from malicious insiders, privileged users, APTs and other attacks that compromise data by delivering the access pattern information that can identify an incident in progress.

Vormetric Application Encryption

Vormetric Application Encryption enables agencies to easily build encryption capabilities into internal applications at the field and column level.

Vormetric Tokenization with Dynamic Masking

Vormetric Tokenization with Dynamic Masking from Thales eSecurity lets administrators establish policies to return an entire field tokenized or dynamically mask parts of a field. With the solution’s format-preserving tokenization capabilities, you can restrict access to sensitive assets, yet at the same time, format the protected data in a way that enables many users to do their jobs.

Research and Whitepapers : Vormetric FedRAMP / NIST 800-53 Requirements Mapping

Critical to certification for meeting FIPS, is the implementation of security controls from NIST 800-53, Appendix F. Focusing on the capabilities needed to meet these requirements, this paper provides background about the Thales Data Security Platform and the Thales Transparent Encryption product that is delivered through that platform....

Download

Research and Whitepapers : Cracking the Confusion: Encryption and Tokenization for Data Centers, Servers, and Applications

By Securosis analysts and industry experts, Rich Mogull, CEO and Adrian Lane, CTO.

This paper cuts through the confusion to help you pick the best encryption and tokenization options for your projects. The focus is on encrypting in the data center: applications, servers, databases, and storage. It also covers cloud computing (IaaS: Infrastructure as a Service)....

Download

Other key data protection and security regulations

NIST 800-53 / FedRAMP

Americas Map Thumbnail

Mandate

Active now

Since June 5, 2014 federal agencies have been required to meet FedRAMP standards, ensuring they meet internal data security standards and extended security controls for cloud-computing.

Learn More

HIPAA

Americas Map Thumbnail

Regulation

Active now

These regulations cover healthcare information in the US, HIPAA relates to protection; encryption, key management. etc and HITECH relates to disclosure of data breaches.

Learn More

SOX

Americas Map Thumbnail

Regulation

Active now

United States Federal Law setting standards for a range of US companies, SOX Act sections 302 and 404 relate directly to data protection.

Learn More
Contact a Compliance Specialist Contact Us
Are you fit for GDPR Take our readiness assessment now
Read the Compliance and Regulations Solutions Handbook Read the eBook
Посмотрите интерактивное демо Подробнее
Записаться на демо Записаться
Свяжитесь со специалистом Свяжитесь с нами