Security Scorecard Receives “FedRAMP Ready” Designation to Provide Supply Chain Risk Management, Critical Infrastructure Monitoring, and Regulatory Oversight to U.S. Federal Agencies.
Why is FedRAMP Important?
- FedRAMP is a US government-sponsored security compliance and certification program that sets the bar high on core security controls for cloud solutions.
- The US Congress codified FedRAMP as the authoritative standard governing the deployment of cloud computing products for the US Federal Government.
- The impact of the FedRAMP mandate extends far beyond U.S. federal agencies.
- FedRAMP serves as the gold standard for cybersecurity worldwide and is an indicator of cybersecurity maturity in the private sector.
- It is often used as a benchmark in regulated industries such as healthcare and financial services.
- White House National Cybersecurity Strategy mandates a ‘data-driven’ approach
- The TSA partnership is a model for U.S. federal agencies that oversee critical infrastructure.
Summary of the News
NEW YORK – October 24, 2023 – Security Scorecard today announced that the company has achieved the Federal Risk and Authorization Management Program (FedRAMP) ‘Ready’ designation, highlighting robust security standards to protect customer information. With this success, the Security Scorecard meets US federal agencies’ demand for a Third Party Cyber Risk Management Platform and provides a standardized letter grade to measure the US Government’s cybersecurity, particularly for its suppliers and vendors (and in some cases, to monitor critical infrastructure and/or regulated entities). The system is ready to be implemented.
Third-party cyber risk is a national security risk: 98% of companies have a breached supply chain relationship
To reduce third-party risk, Security Scorecard offers standardized “A to F” letter grades that measure and verify organizations’ security posture and supply chains in real time. Security Scorecard combines national security-grade threat intelligence, automatic third-party vendor detection, and the world’s most complete Security Rating Platform to reduce supply chain attacks.
Security Scorecard CEO and Founding Partner Dr. Aleksandr Yampolskiy said: “You cannot manage what you cannot measure. FedRAMP confirms our broader commitment to providing a standardized approach to measuring cybersecurity.”
Security Scorecard accelerates partnerships across the US government as a trusted partner
Security Scorecard is already a trusted partner across the U.S. government with “FedRAMP Ready” accelerating the adoption of mission-critical cyber capabilities. The Security Scorecard US Public Sector business continues to see strong momentum, with 96% year-over-year growth. Recent highlights include:
- Public Sector partnerships: Security Scorecard has established strategic partnerships with eight public sector associations, including the U.S. Conference of State Bank Supervisors (representing all 50 state banking regulators) and national associations for U.S. counties and state legislators.
- Cybersecurity and Infrastructure Security Agency (CISA) recognition: Notably, in 2022, CISA included Security Scorecard in its Free Cybersecurity Services and Tools catalogue. Additionally, CISA has publicly partnered with Security Scorecard through the CISA Joint Cyber Defense Collaborative.
- DHS approval: Security Scorecard Attack Surface Intelligence, which also achieved FedRAMP “Ready” status, received approval from the Department of Homeland Security (DHS) Continuous Diagnostics and Mitigation (CDM) Program’s approved products list (APL) to identify, contextualize and prioritize critical threats .
TSA partnership creates blueprint for US federal agencies with critical infrastructure surveillance
- Security Scorecard “FedRAMP Ready” status comes on the heels of a partnership with the Transportation Security Administration (TSA). In the wake of ransomware attacks on the transportation industry, TSA has begun using Security Scorecard Ratings to measure and verify the security posture of critical infrastructure, using a simple A-to-F letter grade rating system that the White House recently described as a “game changer.” started reporting the hygiene of these assets.
- The model used by TSA can easily be replicated by other “Sector Risk Management Agencies,” i.e., federal agencies that oversee U.S. critical infrastructure. A fully FedRAMP-authorized solution from Security Scorecard will provide organizations with real-time monitoring of critical infrastructure and secure collaboration capabilities to increase resiliency.
Key benefits of the Security Scorecard Platform for US federal agencies:
- Operationalizing third-party cyber risk management: Out-of-the-box compliance to operationalize third-party cyber risk management in critical infrastructure.
- Efficient risk prioritization: By prioritizing risks at scale, federal agencies can provide actionable insights and increase operational awareness.
- Improving collaboration: The platform facilitates the provision of insight and intelligence by encouraging operational collaboration.
- Dynamic risk insights: Actionable insights into risks associated with key industries enable organizations to respond proactively.
- Raising threat awareness: Federal agencies can raise awareness of threat exposure with operational stakeholders and business partners.
- Facilitating collaboration: Improve collaboration across the entire federal cybersecurity ecosystem.
A standardized approach to security assessment, authorization and continuous monitoring
FedRAMP is a security compliance and certification backed by the US government that sets an extremely high bar for security audits, with less than 450 cloud-based products achieving the FedRAMP designation. At the end of 2022, the US Congress codified FedRAMP as the authoritative standard governing the deployment of cloud computing products for the US federal government.
The impact of the FedRAMP mandate goes far beyond U.S. federal agencies. FedRAMP is the gold standard for cybersecurity worldwide and an indicator of cybersecurity maturity in the private sector. For example, FedRAMP is used as a proxy in regulated industries such as healthcare and financial services.
“Cybersecurity is a critical component of national security, and SecurityScorecard is making a huge impact in how it helps organizations become cyber resilient in the face of global threats,” said John Katko, former U.S. Congressman and Senior Advisor at Security Scorecard. Government agencies can instantly know the cyber risk of any organization worldwide, including their own competitors, vendors and suppliers. “I look forward to partnering with the SecurityScorecard team as they help users measure and monitor cyber risks.”
Susan Gordon, former US Deputy Director of National Intelligence and Independent Director of Security Scorecard, added: “Increasing cyber attacks are an attack by adversaries on the public’s trust in our most critical systems. Security Ratings provide federal agencies with the visibility needed to defend against these threats and create a common cybersecurity language. “As a result, the Security Scorecard empowers organizations to understand and manage dynamic risks, evaluate the effectiveness of cybersecurity investments, and ensure public trust through transparent cybersecurity metrics.”
If you would like to manage the cyber security risks of your institution and the third parties that provide products and services to your institution, we kindly ask you to fill out our form to get information about the TRiM service we can offer.