FedRAMP

The Federal Risk and Authorization Management Program (FedRAMP) was established to enable the secure, risk-based adoption of cloud services for the federal government. Achieving & maintaining a FedRAMP Authorization to Operate (ATO) requires implementing the required FedRAMP control baseline based on the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53 revision 4 controls, undergoing an independent assessment performed by an accredited third-party assessment organization (3PAO) & agency ATO review, and performing on-going continuous monitoring (including annual 3PAO assessments). To read more about the FedRAMP program: click here.

ATO

The Virtru Data Protection Platform has held a FedRAMP agency ATO at the Moderate impact level since March 1, 2019. You can review the Virtru ATO status on the FedRAMP marketplace. While an ATO specifically apply to federal agencies, all Virtru customers benefit from the security controls implemented in the course of our participation in FedRAMP.

Scope

Note that Virtru's FedRAMP ATO for the Virtru Data Protection Platform does not include the Virtru Data Protection Gateway; however, Virtru applies the same level security controls to that environment.