Application Security, Inc., a provider of enterprise database security solutions, has released a new, built-in policy for FedRAMP in the SHATTER Knowledgebase KB 4.25 release. This will provide cloud service providers with a simplified process to become part of the Federal Risk and Authorization Program (FedRAMP).
FedRAMP is a risk management program for large outsourced and multi-agency information systems established by the U.S. government. The program authorizes and continuously monitors IT services that are used by multiple federal departments and agencies, specifically cloud service providers. To gain FedRAMP approval, cloud service providers must continuously meet strict security guidelines.
AppDetectivePro and DbProtect, products from AppSecInc, now have a built-in policy for FedRAMP. Any Cloud Service Provider (CSP) or Third Party Assessor for FedRAMP (3PAO) can use this policy as the basis for their database security assessments. CSPs must provide database scans that show results for vulnerabilities, configuration issues, weak passwords, missing patches, access control concerns, and other issues. AppSecInc products automate continuous scanning required by the FedRAMP certification process and maintenance of the annual re-certification process.
DbProtect and AppDetectivePro enable organizations to cost-effectively meet regulatory mandates and secure sensitive data. “We figured out all the different checks and test you need to run against a database to decide if that database meets FedRAMP standards, and we built every one of those checks and tests into our software so the software can run the tests and validate the results automatically,” Josh Shaul, AppSecInc’s CTO, tells 5 Minute Briefing. AppSecInc’s products help organizations understand their database ecosystem, and focus on suspicious and unauthorized database activity. “It makes it very simple and consistent, and allows organizations to do really high quality database assessments without having to go out and find experts to do that,” Shaul adds.
The built-in policy for FedRAMP is available now as part of the DbProtect and AppDetectivePro platforms. For more information, visit www.appsecinc.com/products/index.shtml.