We’re thrilled to announce that the Orca Cloud Security Platform, a leading Cloud Native Application Protection Platform (CNAPP), has achieved FedRAMPauthorization at the moderate level. This accomplishment not only attests to the robust security capabilities of the Orca Platform but also underscores our operational security practices beyond the platform and our unwavering commitment to the US public sector. The Orca Platform is now listed as ‘FedRAMP Authorized’ on the FedRAMP Marketplace, the official online repository for FedRAMP Cloud Service Offerings (CSOs).

To obtain FedRAMP authorization, a SaaS platform must have a federal sponsor and go through a rigorous evaluation process to achieve Authority to Operate (ATO). Achieving this important milestone further demonstrates Orca Security’s commitment to helping the US government, its agencies and contractors, and other organizations alike, reduce their cloud risk and improve security visibility across multi-cloud environments.

“As the government relies increasingly on cloud ecosystems to deliver modern and cutting edge IT services, it needs a frictionless solution for securing them. Orca Security’s agentless platform provides this, and we’re pleased they selected us as their advisor and engineering partner to navigate the FedRAMP authorization process.”

Karen Laughton, EVP, Assessment Services, at Coalfire

What does FedRAMP Authorized mean?

FedRAMP stands for Federal Risk and Authorization Management Program, which is a US government program providing a standardized approach to security risk management, assessment, authorization and continuous monitoring to ensure that federal government agencies and departments can adopt cloud based products and services securely. 

Orca Security’s FedRAMP Authorization not only demonstrates that the Orca Cloud Security Platform meets and maintains the stringent data and security requirements required by FedRAMP, but also helps agencies and departments manage and maintain their complex cloud security challenges.

“As a partner of Orca, it’s been exciting to watch and participate in their FedRAMP authorization journey as the Orca Cloud Security Platform will enable agencies to accelerate their digital transformation to the cloud, and more quickly address ZeroTrust initiatives while improving their cloud security posture.”

Lauren Knausenberger, Chief Innovation Officer at SAIC

How does Orca help secure government cloud assets?

Whether addressing the Executive Order on Improving the Nation’s Cyber Security (Executive Order 14028), transforming to a cloud ecosystem, maintaining continuous compliance or beginning the zero trust journey, Orca helps the public sector secure their missions in the cloud.

Orca Security's Identity and Access dashboard that helps manage identities to ensure least privileges in the cloud
Orca helps manage identities to ensure least privileges in the cloud

According to DelTek’s recent Federal Cloud Market Forecast, it is anticipated that demand for cloud services will grow to $23B by FY 2027. Additionally, the report highlights the challenges and complexities with multi-cloud environments and the need for security and automation, which are all solved with Orca’s FedRAMP authorized security platform.

“With the acceleration of the US government’s zero trust initiatives, SBOM requirements, and the need to improve the nation’s cybersecurity, Orca’s FedRAMP Authorized cloud security platform is positioned to play a valuable role in helping federal agencies achieve these milestones quickly with a comprehensive solution that is easy to deploy and operationalize,” said Michael Hylton, Head of Public Sector, Orca Security.  

A screenshot of the Orca Platform including controls for 150+ regulatory frameworks and CIS benchmarks
The Orca Platform includes controls for 150+ regulatory frameworks and CIS benchmarks

Meet government compliance mandates

The Orca Platform helps the federal government and its agencies maintain continuous compliance with key government security and data privacy frameworks such as NIST CSF, NIST SP 800-53, ISO 27001. Orca also supports a wide range of CIS benchmarks, including Apache CIS, AWS CIS, Azure CIS, Docker CIS, GCP CIS, Linux CIS, and Windows CIS. Teams can leverage Orca’s 120+ built-in compliance templates, or customize them to meet specific needs.

An example of Orca Security's DISA STIG compliance framework control tests
Example of DISA STIG compliance framework control tests

In addition, Orca supports the DISA (Defense Information Systems Agency) frameworks, also known as STIG (Security Technical Implementation Guide). STIG outlines how organizations should handle and manage security software and systems and are mandatory compliance requirements for DoD agencies.

Learn more about Orca Security for Government

Would you like to learn more about how Orca is deployed in a FedRAMP environment? View our government solutions page, or schedule a personalized demo. If you would like to discuss your FedRAMP cloud security requirements with us, please fill out our contact form.