nist-800-53-fedramp-fedramp-compliance-banners

FedRAMP Compliance

Thales with data security compliance and encryption for FedRAMP.

FedRAMP

map
Regulation | Active Now

The Federal Risk and Authorization Management Program, or FedRAMP, is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. Thales helps Federal Government agencies and their suppliers meet these FedRAMP compliance standards.

Read the white paper

  • Regulation
  • Compliance

FedRAMP Goals

According to FedRamp.Gov the goals of the program are as follows:

  • Accelerate the adoption of secure cloud solutions through reuse of assessments and authorizations
  • Increase confidence in security of cloud solutions
  • Achieve consistent security authorizations using a baseline set of agreed upon standards to be used for cloud product approval in or outside of FedRAMP
  • Ensure consistent application of existing security practice
  • Increase confidence in security assessments
  • Increase automation and near real-time data for continuous monitoring

Key Processes

Also according to FedRamp.Gov, FedRAMP authorizes cloud systems in a three step process:

  • Security Assessment: The security assessment process uses a standardized set of requirements in accordance with FISMA using a baseline set of NIST 800-53 controls to grant security authorizations.
  • Leveraging and Authorization: Federal agencies view security authorization packages in the FedRAMP repository and leverage the security authorization packages to grant a security authorization at their own agency.
  • Ongoing Assessment & Authorization: Once an authorization is granted, ongoing assessment and authorization activities must be completed to maintain the security authorization.

Facets of FedRAMP Compliance Thales Can Help With

Core Thales capabilities that help meet FedRAMP compliance standards include:

  • Encryption and Key Management: Strong, centrally managed, file, volume and application encryption combined with simple, centralized key management that is transparent to processes, applications and users.
  • Access Policies and Privileged User Controls: Restrict access to encrypted data – permitting data to be decrypted only for authorized users and applications, while allowing privileged users to perform IT operations without the ability to see protected information.
  • Security Intelligence: Logs that capture access attempts to protected data, providing high value security intelligence information that can be used with a Security Information and Event Management (SIEM) solution and for compliance reporting.

In addition to helping you with compliance for FedRAMP; FIPS 199; FIPS 200; FISMA; NIST 800-53, Revision 4, and FIPS 140-2; Thales solutions are designed to help you comply with:

Thales products help Federal Government agencies and their suppliers with FedRAMP compliance and encryption.

CipherTrust Data Security Platform

The CipherTrust Data Security Platform from Thales is the industry’s only solution with an extensible framework for protecting data-at-rest under the diverse requirements of Federal Agencies across the broadest range of OS platforms, databases, cloud environments and big data implementations. The result is low total cost of ownership, as well as simple, efficient deployment and operation.

CipherTrust Transparent Encryption

CipherTrust Transparent Encryption from Thales provides file and volume level data-at-rest encryption, secure key management and access controls required by regulation and compliance regimes.

CipherTrust Key Management

CipherTrust Key Management from Thales enables centralized management of encryption keys for other environments and devices including KMIP compatible hardware, Oracle and SQL Server TDE master keys and digital certificates.

CipherTrust Application Data Protection

CipherTrust Application Data Protection enables agencies to easily build encryption capabilities into internal applications at the field and column level.

CipherTrust Tokenization

CipherTrust Tokenization from is offered Vaultless with Dynamic Data Masking, which lets administrators establish policies to return an entire field tokenized or dynamically mask parts of a field. CipherTrust Vaulted Tokenization is also available. With either solution’s format-preserving tokenization capabilities, you can restrict access to sensitive assets, yet at the same time, format the protected data to minimize database schema changes.

Other key data protection and security regulations

GDPR

Regulation
Active Now

Perhaps the most comprehensive data privacy standard to date, GDPR affects any organization that processes the personal data of EU citizens - regardless of where the organization is headquartered.

PCI DSS

Mandate
Active Now

Any organization that plays a role in processing credit and debit card payments must comply with the strict PCI DSS compliance requirements for the processing, storage and transmission of account data.

Data Breach Notification Laws

Regulation
Active Now

Data breach notification requirements following loss of personal information have been enacted by nations around the globe. They vary by jurisdiction but almost universally include a “safe harbor” clause.