Knightscope | June 07, 2022
Knightscope, Inc., a provider of sophisticated physical security technology aimed at improving U.S. security operations, revealed today that the Federal Risk and Authorization Management Program has reached the "In-Process" level (FedRAMP). FedRAMP is a federal-level program that encourages the use of safe cloud services by establishing a standardized approach to security evaluation, authorization, and continuous monitoring of cloud goods and services.
Knightscope's cyber security team has been working relentlessly for the past 17 months to create a safe, hardened environment dedicated entirely to supporting U.S. Government clients. Knightscope was able to create a tightly controlled version of its product offering from the ground up. A FedRAMP-authorized Third-Party Assessment Organization tested the secure environment.
Knightscope's product was put to the test utilizing the most cutting-edge cyber technology, and it was discovered that the ASR was far too secure to be entered without the Company's help. Knightscope has now been listed as a service provider because of these findings, and it may begin conversations with government agencies about delivering services to federal authorities.
One of the key roles of government is to protect its citizens, so it is critical that we provide them with the most advanced public safety technologies available. The FedRAMP process is arduous, but we believe it is a great investment of time and resources as it ensures our cybersecurity efforts are top notch. I'm looking forward to continuing to build even more cutting-edge technology to support our mission to make America the safest country in the world."
Mercedes Soria, EVP and Chief Intelligence Officer, Knightscope, Inc.
To conduct business with the federal government, cloud-based service providers must complete the FedRAMP procedure and acquire an Authority to Operate ("ATO"). Only 262 ATOs have been granted as of this publication, and only 83 firms have reached the "In-Process" stage. Knightscope's service offering for a Government Law Enforcement Agency was accepted as a consequence of the team's hard work, and Knightscope is now listed on the FedRAMP Government Market Place.
CyberSheath Services International, LLC | February 03, 2021
CyberSheath Services International today launched its Managed IT Services for Defense Contractors to ensure compliance with the new cybersecurity standards for commercial contractors of the United States government. The managed services include a Shared Security Compliance Framework to ensure compliance for both DFARS Clause 252.204-7012 / NIST SP 800-171 and the new DFARS 252.204-7019-7021 CMMC requirements.
When combined with CyberSheath’s existing Managed Compliance and Security Services, the new Managed IT Services cover the full spectrum of managed services needs for most U.S. Defense Industrial Base (DIB) contractors. CyberSheath has long recognized that a large part of IT delivery, tasks such as patching and asset management, are foundational to NIST 800-171 and CMMC compliance, and customers need a force multiplying solution for Managed IT services. This offering is only available to defense contractors and uniquely built to make CMMC and NIST 800-171 compliance a natural outcome of day-to-day operations.
This new consolidated solution is anchored on Microsoft technology or Microsoft Solution Partner technology, but flexible enough to “meet you where you are.” It has the distinct ability to add compliance or security-as-a-service either upon initial onboarding, or at any time during the subscription period. As a “Hosted Compliance,” it combines elements of MSSP and Managed IT and uses a Microsoft-focused technology stack, including Azure Government Blueprints, Microsoft 365 Government (GCC High), and the full strength of the vast Department of Defense (DoD)-approved Microsoft security portfolio. CyberSheath’s CMMC Managed Services future-proof clients against CMMC policy changes and new implementation requirements.
“Any defense contractor that fails to comply with the CMMC will not be doing business with the DoD moving forward as the DoD now prevents non-compliant contractors from participating in DoD contract awards,” said Andy Shooman, COO at CyberSheath Services International. “Our IT managed services are built for the many defense contractors, both Primes and Subs, that still don’t fully understand the DFARS requirements and believe that their weakest link to compliance may be their existing IT services. Simply put, the new DFARS rules raise the stakes and companies that don’t quickly become compliant will be left out of DoD contracts. Our IT managed services ensure that doesn’t happen.”
The U.S. Department of Defense (DoD) established the CMMC as a new security measure to protect Controlled Unclassified Information (CUI), Federal Contract Information (FCI), and other sensitive data residing on systems and networks owned by defense contractors. The DoD requires all of its contractors and suppliers to comply with the new CMMC standards at a given level and undergo a certification process based on review by an accredited third-party assessment organization prior to contract award.
CyberSheath uses a proven AIM™ (Assess – Implement – Manage) methodology to meet defense contractors where they are and bring them up to standard both for existing regulatory requirements and CMMC. CyberSheath offers five CMMC levels of assured compliance, ranging from premise-based technology companies to cloud-driven FedRAMP High environments. Leveraging AIM™ to identify gaps against CMMC requirements, CyberSheath quickly implements any needed changes and revises architectures to maintain desired levels of CMMC compliance.
CyberSheath takes ownership of CMMC compliance, leveraging a Shared Responsibility Model, a concept uniquely adapted from cloud providers and applied to CMMC Managed Services. This management framework dictates the security obligations of a CMMC compliance environment and its users to ensure accountability and define where and how security measures should be applied, with a special focus on CUI and other sensitive government data. The result is a self-reinforcing model that reduces the burden on government contractors and ensures compliance.
“Frankly, defense contractors have seen a lot of changes in cybersecurity compliance over the past year, but we have been delivering audit-ready, U.S. DoD compliance-focused managed services for more than five years in response to the original NIST 800-171 requirements and know we can assist contractors expeditiously with their needs,” said Mr. Shooman.
About CyberSheath Services International, LLC
Established in 2008, CyberSheath is one of the most experienced and trusted IT security services partners for the U.S. defense industrial base. From CMMC compliance to strategic security planning to managed security services, CyberSheath offers a comprehensive suite of offerings tailored to clients’ information security and regulatory compliance needs.
Puppet | November 01, 2021
Puppet, the industry standard for infrastructure automation, is increasing the availability of Puppet Enterprise on preferred government purchasing vehicles through a new relationship with Carahsoft. This partnership will make Puppet’s flagship product available to organizations like the General Services Administration (GSA) Schedule 70 and numerous other federal, state and local contracts.
Puppet is a trusted partner of the U.S. government and is deeply committed to enhancing security in government cloud operations as well as helping government agencies maintain agility. More than 50% of U.S. Federal cabinet departments and 7 of 10 contractors use Puppet. Many of the largest branches of the U.S. government also use Open Source Puppet or Puppet Enterprise, including the U.S. Navy, Air Force, Federal Bureau of Investigation, Defense Information Systems Agency, Health and Human Services, National Institute of Health, Internal Revenue Service, Department of Energy and the National Security Agency.
“Puppet has long been committed to faster, more secure delivery and we’re eager to see more agencies and contractors get the same benefits as their counterparts in the private sector,” said Melissa Palmer, vice president of public sector sales. “Puppet Enterprise has already seen widespread government adoption from military branches, and intelligence agencies. Through our partnership with Carahsoft, we’re looking forward to helping even more agencies and contractors receive the same security and delivery benefits.”
Federal agencies can leverage Puppet Enterprise to rapidly deploy new applications while maintaining infrastructure integrity and availability. Puppet Enterprise delivers the most comprehensive feature set for government agencies who want to quickly start or scale their transformation initiatives, with modern automation tools that provide continuous, intelligent compliance required to meet mission goals.
“We are pleased to offer Puppet’s infrastructure automation solutions through our GSA Schedule and authorized reseller partners. IT automation is the key Government DevOps teams are seeking to manage and scale infrastructure across their organization.”
Will Jones, Senior Vice President of Virtualization Solutions at Carahsoft
In addition to wide contract availability, Puppet Enterprise supports critical government standards, enabling the Department of Defense to automate and enforce compliance with configuration standards and security and privacy controls. Puppet Enterprise provides powerful capabilities such as FIPS 140-2 certification, reporting and compliance, role-based access control, extended platform support, orchestration and workflow, code management and enterprise support. DoD agencies can achieve rapid and continuous compliance with DISA STIGs and NIST SP 800-53 by automating configuration management and enforcing desired state as often as needed, up to every thirty minutes.
Puppet Enterprise also advances DevSecOps capabilities by incorporating security into the entire application and infrastructure development cycle. Mission-critical programs, such as DCGS-A, rely on Puppet to ensure continuous compliance through deployment and enables government agencies to automate repetitive tasks, quickly deploy critical applications, proactively manage infrastructure across all major operating systems, on-prem or in cloud environments.
Puppet helps enterprises modernize and manage their infrastructure with the solutions to automate anywhere, reliably scale, and integrate compliance and security across hybrid infrastructure. More than 40,000 organizations — including more than 80 percent of the Global 5000 — have benefited from Puppet’s open source and commercial solutions to ensure business continuity, optimize costs, boost compliance and ensure security, all while accelerating the adoption of DevOps practices and delivery of self-service. Headquartered in Portland, Oregon, Puppet is a privately held company with offices in London, Belfast, Singapore, Sydney and Timișoara.