Federal Risk and Authorization Management Program (FedRAMP)

As the leading SaaS solution for TBM for Federal agencies, Apptio is proud to have obtained JAB P-ATO (Provisional Authority to Operate).

What is FedRAMP?

The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. FedRAMP created and manages a core set of processes to ensure effective, repeatable cloud security for the government. FedRAMP established a mature marketplace to increase utilization and familiarity with cloud services while facilitating collaboration across government through open exchanges of lessons learned, use cases, and tactical solutions.

Why is it important?

FedRAMP provides a unified and consistent approach to cloud products and services across federal agencies to streamline the process for both agencies as well as cloud vendors. FedRAMP enables Agencies to rapidly adapt from old, insecure legacy IT to mission-enabling, secure, and cost effective cloud-based IT.

What are the different types of FedRAMP authorizations?

  • Provisional Authority to Operate (P-ATO) from the Joint Authorization Board (JAB) – The JAB (consisting of DOD, DHS, and GSA) works to create a marketplace of approved providers. Based on limited resources, the JAB prioritizes six vendors twice a year to work towards authorization. The authorization is obtained after passing a full security assessment led by the JAB and supported by a 3PAO (Third Party Assessment Organization) and the CSP (Cloud Solution Provider)
  • Agency Authority to Operate (ATO) – This authorization comes from an individual agency and is provided following a full security review by that agency.

Is Apptio FedRAMP compliant?

Yes, Apptio has met the FedRAMP security requirements defined by the Joint Authorization Board (JAB) ATO.

What is IL-2 certification?

IL-2 (or Impact Level-2) certification is provided by DISA for cloud application vendors who meet the Department of Defense compliance requirements. Apptio was able to obtain this certification by leveraging our existing FedRAMP Joint Operational Board (JAB) Provisional Authorization to Operate (P-ATO). The authorization allows DoD entities to evaluate Apptio for their TBM solution needs.

In what data center cloud environment do these products run?

Apptio’s SaaS solutions leverage the AWS GovCloud data centers for their infrastructure needs.

Do you have US federal government customers today?

Yes, numerous civilian and defense agencies currently leverage Apptio products to run IT like a business. Learn more about current Apptio customers.

Which Apptio products fall under the certification?

In May 2024, Apptio underwent a repackaging and renaming of our portfolio products as part of it’s integration into IBM, who acquired Apptio in September 2023. Today, the following products are FedRAMP certified: IBM Apptio Costing Standard for US Federal, IBM Apptio Planning for US Federal, IBM Apptio Billing for US Federal, and IBM Apptio Costing and Planning for US Federal.

From April 2021 to May 2024, Apptio sold the following FedRAMP certified products: ApptioOne, ApptioOne Plus, ApptioOne Benchmarking, ApptioOne Billing, and Vendor Insights.

The following products sold prior to April 2021 are also FedRAMP certified: Cost Transparency, IT Financial Management Foundation, Bill of IT, Vendor Insights, Business Insights, Agile Insights, IT Benchmarking and IT Planning and Project Financial Planning.

Apptio’s cloud cost management tooling, Cloudability Government, is FedRAMP authorized as of February 2023.

Learn more about how Apptio is designed to meet the missions of the Federal government