Federal Risk and Authorization Management Program (FedRAMP)

What is FedRAMP?

The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. FedRAMP created and manages a core set of processes to ensure effective, repeatable cloud security for the government. FedRAMP established a mature marketplace to increase utilization and familiarity with cloud services while facilitating collaboration across government through open exchanges of lessons learned, use cases, and tactical solutions.

Why is it important?

FedRAMP provides a unified and consistent approach to cloud products and services across federal agencies to streamline the process for both agencies as well as cloud vendors. FedRAMP enables Agencies to rapidly adapt from old, insecure legacy IT to mission-enabling, secure, and cost effective cloud-based IT.

What are the different types of FedRAMP authorizations?

• Provisional Authority to Operate (P-ATO) from the Joint Authorization Board (JAB) – The JAB (consisting of DOD, DHS, and GSA) works to create a marketplace of approved providers. Based on limited resources, the JAB prioritizes six vendors twice a year to work towards authorization. The authorization is obtained after passing a full security assessment led by the JAB and supported by a 3PAO (Third Party Assessment Organization) and the CSP (Cloud Solution Provider)
• Agency Authority to Operate (ATO) – This authorization comes from an individual agency and is provided following a full security review by that agency.

Is Apptio FedRAMP compliant?

Yes, Apptio has met the FedRAMP security requirements defined by the Joint Authorization Board (JAB) ATO.

What is IL-2 certification?

IL-2 (or Impact Level-2) certification is provided by DISA for cloud application vendors who meet the Department of Defense compliance requirements. Apptio was able to obtain this certification by leveraging our existing FedRAMP Joint Operational Board (JAB) Provisional Authorization to Operate (P-ATO). The authorization allows DoD entities to evaluate Apptio for their TBM solution needs.

In what data center cloud environment do these products run?

Apptio’s SaaS solutions leverage the AWS GovCloud data centers for their infrastructure needs.

Do you have US federal government customers today?

Yes, numerous civilian and defense agencies currently leverage Apptio products to run IT like a business. Learn more about current Apptio customers here.

Which Apptio products fall under the certification?

In April 2021, Apptio underwent a repackaging and renaming of our portfolio products. The following products are FedRAMP certified: Apptio One, Apptio One Plus, Apptio One Benchmarking, Apptio One Billing, and Vendor Insights.

The following products sold prior to April 2021 are also FedRAMP certified: Cost Transparency, IT Financial Management Foundation, Bill of IT, Vendor Insights, Business Insights, Agile Insights, IT Benchmarking and IT Planning and Project Financial Planning.

Learn more about how Apptio is designed to meet the missions of the Federal government