Independent Software Vendors (ISVs) often ask Coalfire about the FedRAMP compliance framework and how it applies to them. They hear that all software procured by the U.S. federal government must be FedRAMP authorized, and they come to the experts to help them navigate the process. The good news is that the FedRAMP program is not directly applicable to most ISVs. An ISV cannot get their native product listed in the FedRAMP marketplace because it is a “software,” not a “service,” and the FedRAMP program was designed for Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS) providers that provide multi-tenant cloud solutions to the U.S. federal government.
Dedicated Forum to help removing adware, malware, spyware, ransomware, trojans, viruses and more!
More Stories
Automated application scanning: handling complicated logins with AppScan (only!)
New cybersecurity legislation to amend the Health Information Technology for Economic and Clinical Health (HITECH) Act – an analysis of H.R. 7898
AppSec Bites: A Podcast on Balancing Speed and Thorough AppSec Coverage (Part 1)