Keeper Security, the leading provider of zero-trust and zero-knowledge cybersecurity software protecting passwords, secrets, and connections, today announced that the company has obtained FedRAMP Authorization at the Moderate Impact Level for its Keeper Security Government Cloud (KSGC).
The KSGC password management and security solution has successfully completed the rigorous FedRAMP accreditation process. This highly sought-after and difficult to attain designation sets KSGC apart from its competitors as the best in class zero-trust and zero-knowledge security solution for government agencies to protect their passwords, data, and secrets. KSGC is hosted in AWS GovCloud (US), designed to host sensitive data, regulated workloads, and address the most stringent U.S. government security and compliance requirements.
To receive FedRAMP Authorization, organizations must implement controls from 17 different control families that originate from National Institute of Standards and Technology Special Publication 800-53. This alone can take organizations months or years, depending on the complexity of the system. Authorization can only be pursued by an organization through partnering with a federal agency or the Joint Authorization Board (JAB). Additionally, the system must be evaluated and assessed by an authorized independent third-party auditor prior to submitting for final review and authorization by the FedRAMP Program Management Office.
"Keeper is proud to bring its password management and cybersecurity platform to FedRAMP Authorized status," said Darren Guccione, CEO and Co-Founder of Keeper Security. "This authorization demonstrates Keeper's longstanding -- and, some would say, fanatical -- commitment to the highest standards of internal security controls and encryption. Keeper is prepared to help federal agencies protect their digital assets against ransomware, data breaches and other password-related cyberattacks."
"As a FedRAMP Authorized password management and security solution, KSGC will enable Carahsoft and our reseller partners to help federal agencies better secure their sensitive information and protect against password related breaches, Keeper's zero-knowledge, zero-trust architecture solves compliance and regulatory enforcement requirements, providing a trusted, reliable solution that meets government needs."
-Steve Jacyna, who leads the Keeper Security team at Carahsoft.
Today's attackers are advanced at using any breached username and password combination to run through analytics and bots to find any use or similar use combination. By leveraging password managers, a constant health check can be maintained for password diversification and security, said Jean-Paul Bergeaux, Federal Chief Technology Officer of GuidePoint Security. Enterprises cannot assume users are doing this and KSGC provides a way for government security teams to maintain password security while also significantly improving user experience throughout their work life.
The FedRAMP Authorized KSGC follows a White House Executive Order mandating zero-trust architecture and strong encryption, along with a draft memorandum by the Office of Management and Budget (OMB) and the Cybersecurity and Infrastructure Security Agency (CISA) mandating all federal agencies adopt a zero-trust security architecture by 2024. The memorandum specifically calls out password security requirements that KSGC facilitates, including strong password policies, the removal of a deprecated requirement to require special characters and regular password rotation, and the ability to compare user passwords against weak and breached data.
Keeper provides government agencies with a human-centric cybersecurity solution that promotes adoption of password best practices, like the use of MFA, by employees and contractors. Keeper also promotes secure collaboration with encrypted record sharing that allows system administrators to regulate privileged access to files, as well as masking credentials. Keeper's zero-knowledge system architecture provides the highest levels of security and privacy. Encryption and decryption of data always occurs locally on the user's device, and only the encrypted ciphertext is stored in KSGC.
About Keeper Security:
Keeper Security, Inc. ("Keeper") is transforming the way organizations and individuals protect their credentials, secrets, connections and sensitive digital assets to significantly reduce the risks of identity security-related cyber attacks while gaining visibility and control. Keeper is the leading provider of zero-trust and zero-knowledge security cloud services trusted by millions of people and thousands of organizations for password and secrets management, privileged access, secure remote infrastructure access and encrypted messaging.
Keeper's products are the highest-rated in the industry across G2, Trustpilot, PCMag and U.S. News & World Report. For the last several years, Keeper has received several InfoSec Awards from Cyber Defense Magazine for its cyber security enterprise software. Keeper is SOC 2 and ISO 27001 certified, and FIPS 140-2 validated, and Keeper is the only FedRAMP Authorized enterprise password management solution. Keeper is backed by Insight Partners, a leading venture capital and private equity firm with $90b AUM.
About Carahsoft:
Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider®, supporting Federal, State and Local Government and Education and Healthcare. As the Master Government Aggregator® for its vendor and reseller partners, Carahsoft delivers solutions for Cybersecurity, MultiCloud, DevSecOps, Big Data, Artificial Intelligence, Open Source, Customer Experience and Engagement, and more.
About GuidePoint Security:
GuidePoint Security provides cybersecurity solutions and services that help organizations make better decisions. GuidePoint Security's holistic approach enables organizations to identify threats, optimize resources, and integrate solutions that mitigate risk.