Keeper Security Announces FedRAMP Authorization

Keeper Security | August 25, 2022 | Read time : 04:28 min

Keeper Security, the leading provider of zero-trust and zero-knowledge cybersecurity software protecting passwords, secrets, and connections, today announced that the company has obtained FedRAMP Authorization at the Moderate Impact Level for its Keeper Security Government Cloud (KSGC).

The KSGC password management and security solution has successfully completed the rigorous FedRAMP accreditation process. This highly sought-after and difficult to attain designation sets KSGC apart from its competitors as the best in class zero-trust and zero-knowledge security solution for government agencies to protect their passwords, data, and secrets. KSGC is hosted in AWS GovCloud (US), designed to host sensitive data, regulated workloads, and address the most stringent U.S. government security and compliance requirements.

To receive FedRAMP Authorization, organizations must implement controls from 17 different control families that originate from National Institute of Standards and Technology Special Publication 800-53. This alone can take organizations months or years, depending on the complexity of the system. Authorization can only be pursued by an organization through partnering with a federal agency or the Joint Authorization Board (JAB). Additionally, the system must be evaluated and assessed by an authorized independent third-party auditor prior to submitting for final review and authorization by the FedRAMP Program Management Office.

"Keeper is proud to bring its password management and cybersecurity platform to FedRAMP Authorized status," said Darren Guccione, CEO and Co-Founder of Keeper Security. "This authorization demonstrates Keeper's longstanding -- and, some would say, fanatical -- commitment to the highest standards of internal security controls and encryption. Keeper is prepared to help federal agencies protect their digital assets against ransomware, data breaches and other password-related cyberattacks."

"As a FedRAMP Authorized password management and security solution, KSGC will enable Carahsoft and our reseller partners to help federal agencies better secure their sensitive information and protect against password related breaches, Keeper's zero-knowledge, zero-trust architecture solves compliance and regulatory enforcement requirements, providing a trusted, reliable solution that meets government needs."

-Steve Jacyna, who leads the Keeper Security team at Carahsoft.

Today's attackers are advanced at using any breached username and password combination to run through analytics and bots to find any use or similar use combination. By leveraging password managers, a constant health check can be maintained for password diversification and security, said Jean-Paul Bergeaux, Federal Chief Technology Officer of GuidePoint Security. Enterprises cannot assume users are doing this and KSGC provides a way for government security teams to maintain password security while also significantly improving user experience throughout their work life.

The FedRAMP Authorized KSGC follows a White House Executive Order mandating zero-trust architecture and strong encryption, along with a draft memorandum by the Office of Management and Budget (OMB) and the Cybersecurity and Infrastructure Security Agency (CISA) mandating all federal agencies adopt a zero-trust security architecture by 2024. The memorandum specifically calls out password security requirements that KSGC facilitates, including strong password policies, the removal of a deprecated requirement to require special characters and regular password rotation, and the ability to compare user passwords against weak and breached data.

Keeper provides government agencies with a human-centric cybersecurity solution that promotes adoption of password best practices, like the use of MFA, by employees and contractors. Keeper also promotes secure collaboration with encrypted record sharing that allows system administrators to regulate privileged access to files, as well as masking credentials. Keeper's zero-knowledge system architecture provides the highest levels of security and privacy. Encryption and decryption of data always occurs locally on the user's device, and only the encrypted ciphertext is stored in KSGC.

About Keeper Security:
Keeper Security, Inc. ("Keeper") is transforming the way organizations and individuals protect their credentials, secrets, connections and sensitive digital assets to significantly reduce the risks of identity security-related cyber attacks while gaining visibility and control. Keeper is the leading provider of zero-trust and zero-knowledge security cloud services trusted by millions of people and thousands of organizations for password and secrets management, privileged access, secure remote infrastructure access and encrypted messaging.

Keeper's products are the highest-rated in the industry across G2, Trustpilot, PCMag and U.S. News & World Report. For the last several years, Keeper has received several InfoSec Awards from Cyber Defense Magazine for its cyber security enterprise software. Keeper is SOC 2 and ISO 27001 certified, and FIPS 140-2 validated, and Keeper is the only FedRAMP Authorized enterprise password management solution. Keeper is backed by Insight Partners, a leading venture capital and private equity firm with $90b AUM.

About Carahsoft:
Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider®, supporting Federal, State and Local Government and Education and Healthcare. As the Master Government Aggregator® for its vendor and reseller partners, Carahsoft delivers solutions for Cybersecurity, MultiCloud, DevSecOps, Big Data, Artificial Intelligence, Open Source, Customer Experience and Engagement, and more.

About GuidePoint Security:
GuidePoint Security provides cybersecurity solutions and services that help organizations make better decisions. GuidePoint Security's holistic approach enables organizations to identify threats, optimize resources, and integrate solutions that mitigate risk.

Spotlight

More featured news

Spotlight

Related News

Emerging Technology

FM:Systems Achieves FedRAMP "In Process" Designation

PR Newswire | July 21, 2023

FM:Systems, provider of the most scalable and intuitive all-in-one workplace management platform, announced today its FMS:Workplace solution has achieved the Federal Risk and Authorization Management Program's (FedRAMP) "In Process" designation. FedRAMP is a government-wide program that promotes the adoption of secure cloud services across the federal government by providing a standardized approach to security and risk assessment for cloud technologies, like FM:Systems solutions. Through its sponsorship with the U.S. Department of Education, FM:Systems is working to reach full FedRAMP authorization for FMS:Workplace within one year. "With the rise of remote and hybrid work, many organizations are looking for smart ways to optimize their real estate, reduce expenses, and deliver productive workplace experiences," said Kurt von Koch, CEO of FM:Systems. "Achieving the FedRAMP In Process designation for our FMS:Workplace solution allows federal clients to access our trusted workplace management suite of software solutions in a secure cloud environment so they can gain the data-backed insights needed to make strategic decisions about their real estate and workplace needs." As a flexible, easy-to-use Integrated Workplace Management Solution, federal agencies can use FMS:Workplace to seamlessly manage, analyze, and report on facilities and real estate operations and maintenance (O&M) information all in a single system. The FMS:Workplace solution includes: Space Management Sustainability Management Move Management Maintenance Management Strategic Scenario Planning Real Estate Management Asset Management Project Management "The increase of data breaches and phishing campaigns taking place across the U.S. and globally means it's critical for government agencies to take every step they can to safeguard sensitive information and data privacy," said the Chief Information Officer (CIO), of the U.S. Department of Education. "FM:Systems provides workplace management solutions that meet FedRAMP authorization requirements and federal cloud security standards." FM:Systems workplace management solutions are used by over 150 government institutions, including 10 of the 15 federal government departments. About FM:Systems FM:Systems all-in-one workplace management platform helps more than 1,200 of the world's largest organizations access, manage, and measure every aspect of their real estate portfolio. With the most complete range of intuitive and scalable space management, hybrid work, workplace analytics and smart sensor solutions, our customers gain the data-backed clarity and vision necessary to make strategic real estate decisions and deliver high-performance workplaces today and long into the future. For more information about FM:Systems, please visit www.fmsystems.com.

Emerging Technology, Cybersecurity

Axiad Launches New Passwordless Authentication Package for Government, Critical Infrastructure and Defense Industrial Base

PR Newswire | August 18, 2023

Axiad, a leading provider of organization-wide passwordless orchestration, today announced a new Unified Credential Management System (UCMS) package calledPasswordless for Air Gapped and Critical Environmentsto meet the phishing-resistant requirements of The White House Executive Order (EO) 14028. This package brings passwordless authentication and end user self-service capabilities to air gapped and critical infrastructure environments that integrate Microsoft Security solutions. Overall, the package helps government agencies as well as critical infrastructure and defense industrial base (DIB) organizations maximize security and end-user acceptance and minimize security overhead. In the United States, critical infrastructure systems continue to be a top target for cybercriminals. In fact,Microsoft reportedthat critical infrastructure cyberattacks doubled in 2022 from 20% to 40% of nation-state-sponsored attacks. Because of this, the U.S. government, via EO 14028 on improving the nation's cybersecurity, has mandated security measures, including strong passwordless multi-factor authentication (MFA), for government agencies and is strongly recommending the use of this technology for critical infrastructure. In response to this growing need, Axiad's Passwordless for Air Gapped and Critical Environments provides a seamless way for organizations to integrate government-grade, phishing-resistant passwordless authentication as well as key functional and operational support into on-premises air gapped environments. The new package provides full interoperation with a range of Microsoft products – including Microsoft Active Directory Federation Services and Microsoft Certificate Authority – to ensure authentication is highly secure and consistent and customers get maximum value out of their existing environments. Additionally, it provides credential management and self-service credential enrollment and account recovery (CEAR), which are critical capabilities due to the high costs or the complete lack of on-site IT support in air gapped environments. "Organizations with air gapped and critical infrastructure environments need passwordless authentication and a range of physical and platform authenticators to help prevent cyber-attacks," said Jerome Becquart, chief operating officer at Axiad. "With this new package, Axiad is the first company to provide all these elements plus the critical missing ingredient – self-service authentication management, including enrollment and account recovery – and bring them to the on-premises Microsoft ecosystem." Axiad's Passwordless for Air Gapped and Critical Environments provides the following unique capabilities: Strong Authentication:The package provides government-grade FIPS 140 validated passwordless authentication with the flexibility needed to accommodate the full range of needs of employees, contractors, vendors and suppliers. For example, it offers a range of passwordless options, including both physical (YubiKeys, smart cards, PIV cards, USB keys, etc.) and platform (virtual smart cards). Powerful Self-Service Capabilities:Axiad AirLock, which provides help desk automation by eliminating temporary passwords, provides self-service credential enrollment, and Axiad MyCircle provides self-service account recovery within a trusted circle of colleagues rather than waiting for the help desk to respond – both of which help to increase operational efficiencies for frontline workers and reduce IT costs. Ready Implementation:The package's architecture is made to operate in air gapped environments and to seamlessly interoperate with existing authentication and infrastructure investments without requiring upgrades. This package fully leverages and extends the life of Microsoft authentication (e.g., Microsoft Active Directory) and infrastructure (e.g., Microsoft Windows Server) investments. "Axiad's integration with Microsoft empowers critical infrastructure, government and defense industrial base to easily upgrade their existing Microsoft on-premises infrastructure to become passwordless," said Ehud Itshaki, principal product manager at Microsoft. "With phishing-resistant, passwordless authentication, they can enhance their security posture and comply with the recent EO mandating phishing-resistant MFA – all while getting more out of their existing Microsoft authentication and infrastructure investments." About Axiad Axiad delivers organization-wide passwordless orchestration to secure people, machines, and interactions for enterprise and public sector organizations that must optimize their cybersecurity posture while navigating underlying IT complexity. The company's flagship product, Axiad Cloud, is a comprehensive, secure and integrated authentication platform that allows customers to move to a passwordless future without the friction and risk of fragmented solutions. Axiad supports the widest range of credentials in the industry including FIDO, mobile MFA, Windows Hello for Business, YubiKeys, smart cards, TPM and biometrics, and is trusted by public sector organizations and Fortune 500 companies across aerospace & defense, financial services, insurance, healthcare, oil & energy and more. For more information visitaxiad.comand follow us onTwitterandLinkedIn.

Emerging Technology, Government Business

CSG Government Solutions Selected for Program Management Office Services on the Connecticut Medicaid Enterprise Technology System Program

Prweb | August 03, 2023

CSG Government Solutions, a national leader in government program modernization, today announced that it has been selected by the Connecticut Department of Social Services (DSS) to provide Program Management and Project Support Services for the Connecticut Medicaid Enterprise Technology System (CT METS) Program, including the implementation of an Enterprise Data Warehouse and Analytics module and Enterprise Provider module. CSG is supporting DSS’ initiative to replace their core MMIS and other systems supporting the Medicaid Enterprise with modern, modular solutions. The CSG team will provide full-service Program Management Office (PMO) services and expertise in Medicaid, enterprise architecture, system integration, Health Information Exchange, and security. The team is also providing quality assurance, risk management, schedule and resource management, and CMS certification support. “CSG is a leader in providing PMO and other services for Medicaid system modernizations across the country,” says Robin Dufresne, Executive Vice President and Senior Practice Director. “Our team applies our Medicaid expertise and dedication to help the DSS Medicaid Enterprise make a positive impact on the health and well-being of Connecticut’s individuals, families, and communities.” About CSG Government Solutions CSG Government Solutions is a leading government operations consulting firm helping states modernize critical program enterprises. We help governments leverage innovative technology and processes to meet the challenges of administering complex programs. Founded in 1997, CSG clients include 47 state and territory governments, the U.S. Department of Health and Human Services, the U.S. Department of Labor, and large municipal governments. For more information, visithttp://www.csgdelivers.comand connect with us onLinkedInandTwitter.