Ping's Government Cloud IAM Solution Now In-Process with FedRAMP

We recently announced that Ping Identity’s cloud identity and access management (IAM) solution, PingOne for Government, has achieved "In Process'' designation for the Federal Risk and Authorization Management Program (FedRAMP). PingOne for Government is now listed on the FedRAMP marketplace, putting us one step closer to being able to help government agencies modernize their legacy IAM tools with cloud solutions to give the right people access to the right resources at the right time and for the right reasons.

The U.S. government needs to rapidly transition from outdated and insecure legacy systems to mission-enabling, secure and cost-effective IT solutions. And it’s gaining much-needed financial support for federal IT security and upgrades as part of the $1.9T American Rescue Plan (also known as the COVID-19 Stimulus Package). Signed into law on March 11, 2021, the plan allocates $650M to the Cybersecurity and Infrastructure Security Agency (CISA), who will use the money for cybersecurity risk mitigation and the transition to Zero Trust. The plan also provides $1B to the Technology Modernization Fund, marking a significant milestone for government IT modernization.

Following a number of high-profile cybersecurity incidents, President Biden signed the Executive Order on Improving the Nation’s Cybersecurity on May 12, 2021.

The executive order (EO) outlines extensive new requirements for Federal agencies and creates an urgency to respond. These include the need for agencies to develop a plan to prioritize cloud technology and implement Zero Trust architecture.

As agencies look to develop and execute these plans, the Federal Cloud Computing Strategy is there to guide them. It places a stronger emphasis on security, including through the use of Zero Trust networks, with its shift from Cloud First to Cloud Smart. For the good of the country and American citizens, federal agencies need to modernize legacy IT in a “Cloud Smart” way, and that’s where FedRAMP comes in.

FedRAMP standardizes security assessment, authorization and continuous monitoring for cloud products and services across the U.S. government. Before FedRAMP was established, cloud vendors had to meet different security requirements for each agency. FedRAMP solves for this by providing a common security framework that makes it possible for agencies and cloud service providers to reuse authorizations. Mandatory for all cloud offerings used to hold or process government data, it helps federal government agencies adopt cloud offerings at scale by providing a set of transparent standards and processes for authorization.

To achieve FedRAMP designation, a cloud service provider must go through a rigorous authorization process. Achievement of the In Progress designation indicates that Ping Identity is a cloud service provider actively working toward a FedRAMP authorization with either the joint authorization board (JAB) or a federal agency. Ping is taking the agency sponsorship route with the Department of Energy (DoE). 

The DoE will conduct a security package review, perform a risk analysis, accept risk and issue an Authorization to Operate (ATO) for Ping’s cloud service offering based on the DoE’s risk tolerance. Upon completion and final review of the ATO by the FedRAMP Program Management Office, our status in the marketplace will be updated to FedRAMP Authorized, indicating that the authorization security package is available for agency review and reuse.

More than one year after the global pandemic created mass shutdowns, maximum telework is still a critical priority for the U.S. federal government. With a distributed workforce, federal agencies need a central way to federate and authenticate access to sensitive information and resources for their workforce and mission partners. 

The Federal Government already has an architecture and services framework for Federal Identity, Credential, and Access Management (ICAM), which details what identity management, credential management, access management, federation and governance should look like. But siloed identity security and outdated IAM systems make it challenging to support remote work, adopt cloud resources, and protect those resources and employees with Zero Trust security. Ping Identity can help federal agencies modernize identity security and uplevel their ICAM program for today’s remote work, multi-cloud and hybrid IT challenges. 

PingOne for Government solves these challenges by providing a cloud identity control plane that streamlines authentication and access to assets and applications, especially across hybrid IT environments. Upon receiving FedRAMP authorization at the moderate impact level, Ping Identity will offer agencies a cloud-delivered authentication authority that includes federation, identity management, and access management capabilities for every user, asset, environment, and endpoint across government hybrid, multi-cloud architectures.

Ping Identity’s capabilities are already proven within the federal government. Because of its reputation for flexible options for deploying in government-managed infrastructure, Ping components are currently being used by many government agencies to enable their ICAM programs. FedRAMP authorization will let U.S. government agencies also take advantage of Ping’s enterprise-proven capabilities as a managed cloud service, so they can remove the burden of infrastructure management and focus on high-value initiatives. 

Ping helps the U.S. government:

• Enable secure telework. Modern IAM gives your agency the ability to secure access to anything from anywhere so you can enable government employees and mission partners to continue mission-critical work. By enabling a flexible workplace, Ping’s authentication authority also gives you the ability to attract, train and empower talented civil servants who can accelerate transformation of public services to continue the cycle of improvement for all Americans.
  
  
• Accelerate Cloud Smart initiatives. Whether identity services are consumed from the cloud or deployed on-premises, Ping’s authentication authority secures access to all cloud resources. Your agency can abandon the false notion that “cloud” is separate and requires new cloud identities, and embrace Cloud Smart initiatives with an identity platform that lets you maintain control and manage access to all resources, even across hybrid IT environments.
  
  
• Modernize legacy government IT systems. Ping delivers modernized identity security for government agencies. And since all digital resources ultimately point back to identity, having a central authentication authority from Ping is the steel thread that enables integration of everything across your evolving multi-generational infrastructure.
  
  
• Lay the foundation for Zero Trust. This identity-centric security approach is a fundamental shift in how many organizations have historically approached security, so it’s going to require an overhaul of identity infrastructure. Ping’s standards-based components enable you to easily augment your existing ICAM infrastructure to implement the adaptive approach to authentication and authorization required by a Zero Trust environment.
  
  

By helping government agencies at all levels and their partners establish interoperable trust across complex organization boundaries, Ping Identity helps mission-critical federal IT organizations uplevel ICAM and lay the foundation for Zero Trust and Cloud Smart. 

To learn more about FedRAMP Solutions for Government, visit the webpage.