DoD CIO - FedRAMP Equivalency for CSPs Cloud Service Offerings

Modified on Fri, Jun 21 at 10:01 AM


The Department of Defense has released a memorandum (attachment provided below) providing guidance on how the Federal Risk and Authorization Management Program Moderate equivalency applies to cloud service offerings that are used for processing, transmitting or storing covered defense information, also known as CDI.


Our software is designed to serve Industrial Security Management Professionals with the tools necessary to fully manage security tasks while maintaining compliance. Our software processes Personally Identifiable Information (PII); therefore, we adhere to robust security and compliance frameworks, including NIST 800-171, NIST 800-53, and NIST 800-218, ensuring that our applications meet high standards of protection and security.


Our software is available on-premise or in a secure cloud-hosted FedRAMP-Authorized environment. Our client base does not include U.S. federal agencies, and our applications do not handle any federal data. Based on the nature of our data and client base, FedRAMP-Authorization of our software is not required. Should our client base or data scope change in the future, we will reassess our compliance requirements accordingly.