Cloud security provider Zscaler said this week that its Zscaler Internet Access (ZIA) service received Federal Risk and Authorization Management Program (FedRAMP) High Authority to Operate (ATO) from the FedRAMP Joint Authorization Board (JAB).
FedRAMP is administered by the General Services Administration (GSA) as a civilian government-wide program to provide a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services that government agencies can use.
The company said the FedRAMP High ATO enables its ZIA service “to meet the requirements of civilian agencies with high-security requirements, as well as Department of Defense (DoD) and intelligence organizations.”
The new certification currently makes ZIA the only Secure Access Service Edge (SASE) Trusted Internet Connections (TIC) 3.0 solution that has achieved FedRAMP’s highest authorization – which means it has “undergone rigorous audits of critical security controls to protect the government’s most sensitive unclassified data in remote cloud computing environments,” the company said.
“The certification confirms that ZIA can securely connect government users to external applications, including SaaS applications and internet destinations, regardless of device, location, or network, providing superior cyber and data protection for mission-critical government information,” Zscaler explained.
The FedRAMP High ATO for ZIA – along with the similar certification for the Zscaler Private Access (ZPA) Government solution – makes it possible for Federal agencies to “resolve ongoing user experience and cost challenges associated with securing the explosive use of cloud-based applications,” the company said.
“These challenges include continued poor user experience through VPNs, security risks from users who bypass VPNs leading to a lack of visibility and protection, and increased network usage costs associated with backhauling the growing volume of internet traffic flowing through the government’s Trusted Internet Connections (TIC),” Zscaler said.
“This FedRAMP High authorization elevates Zscaler and our support of the US government as currently the only cloud security company with two FedRAMP High JAB authorizations in the market,” commented Drew Schnabel, Vice President of Federal at Zscaler.
The company explained that “Federal agencies, DoD commands, and federal contractors can now take full advantage of the Zero Trust Exchange at the JAB High or Moderate level,” and that customers can align their security posture with their workload requirements and meet Executive Order 14028 zero trust goals at all levels available under the FedRAMP program.
The Zero Trust Exchange is a cloud-native security platform that securely connects any user, device, and application, regardless of location.
“Delivering zero trust and SASE through FedRAMP Authorized platforms at the highest impact levels is crucial for the security of our nation’s future,” said Stephen Kovac, Chief Compliance Officer at Zscaler.
“Zscaler committed to our customers that we would deliver a comprehensive zero trust and SASE platform at the High and Moderate baseline levels,” he said. “Today, we are proud to announce we have met that commitment.”
“FedRAMP High is a must-have for many federal agency deployments,” commented Zeus Kerravala Founder and Principal Analyst at ZK Research. “We see more and more CISOs and CIOs across state and local government, education, and the private sector recognizing the value of a third-party validated security assessment.”