We’re pleased to announce that the Orca Cloud Security Platform has achieved StateRAMP Authorization, attesting to the robust security capabilities of the Orca Platform. The Orca Platform is now listed as StateRAMP “Authorized” on the Authorized Product List, the official online database for StateRAMP Cloud Service Offerings (CSOs).

To obtain StateRAMP authorization, a SaaS, PaaS, or IaaS platform must have a state sponsor and go through a rigorous evaluation process. Achieving this important milestone demonstrates Orca Security’s commitment to helping state, local, and education (SLED) agencies and other organizations alike, reduce their cloud risk and improve security visibility across multi-cloud environments. 

“We are thrilled to become StateRAMP Authorized. This key milestone means we can help participating state, local, and education agencies fully secure their multi-cloud environments,” said Gil Geron, CEO of Orca Security. “The Orca Cloud Security Platform offers complete coverage and comprehensive risk detection across the entire cloud estate. With Orca, agencies can effectively prioritize and remediate risks, ease compliance efforts, and adhere to the strictest cybersecurity standards.”

What does StateRAMP Authorized mean?

StateRAMP, which stands for State Risk and Authorization Management Program, is a voluntary cybersecurity assessment framework used by state and government agencies to validate the security of cloud service offerings (CSO). StateRAMP requires government-selected service providers to demonstrate compliance with NIST 800-53 standards and other security controls before providing services to SLED agencies. 

The StateRAMP program provides a standardized approach to security risk management, assessment, authorization, and continuous monitoring to ensure that SLED institutions can adopt cloud-based products and services securely. The program aims to assist SLED procurement officials, information security officers, and privacy officers in validating that service providers meet and maintain published cybersecurity standards. Orca’s StateRAMP Authorization not only demonstrates that the Orca Cloud Security Platform meets and maintains the stringent data and security requirements of the StateRAMP Program Management Office (PMO), but also helps agencies manage and maintain their complex cloud security challenges. The authorization comes after Orca earned its FedRAMP “In Process” status last year.

“Orca’s path to becoming StateRAMP Authorized was not only relatively fast, but seamless. This confirms that Orca Security is not only purpose-built to solve complex issues in multi-cloud environments, but to support continuous compliance through automated and efficient design.”

Alex Whitworth, Cybersecurity Solutions Vertical Executive at Carahsoft

How does Orca help secure SLED cloud estates?

Whether meeting NIST 800-53 standards, moving to a cloud ecosystem, maintaining continuous compliance or beginning the zero trust journey, Orca helps the public sector secure their missions in the cloud.

Orca Security's Identity and Access dashboard
Orca helps manage identities to ensure least privileges in the cloud

According to the National Association of State Chief Information Officers (NASCIO) Capitals in the Cloud Part II Report, nearly 90% of state CIOs report they are accelerating cloud adoption across operational domains, with nearly 75% of respondents identifying security as the most important benefit of moving to the cloud. Additionally, the report highlights the challenges and complexities of adopting cloud services, including skill and staff shortages, which Orca’s StateRAMP authorized security platform helps solve.

The Orca Cloud Security Platform greatly eases the burden of compliance on SLED agencies. It offers a number of efficient and automated features that makes continuous compliance—staying compliant proactively on an ongoing basis—practical and advantageous for institutions. 

The Orca Platform helps SLED institutions maintain continuous compliance with key government security and data privacy frameworks such as NIST CSF, NIST SP 800-53, and ISO 27001. Orca also supports a wide range of CIS benchmarks, including Apache CIS, AWS CIS, Azure CIS, Docker CIS, GCP CIS, Linux CIS, and Windows CIS. 

An example of Orca's Platform including controls for 150+ regulatory frameworks and CIS benchmarks
The Orca Platform includes controls for 150+ regulatory frameworks and CIS benchmarks

Using Orca, SLED agencies can choose from more than 150 out-of-the-box compliance frameworks to immediately assess their current compliance status. Orca automatically and continually maps all security risks and issues to each framework, revealing areas of compliance and non-compliance on demand. 

An example of Orca's NIST 800-53 compliance framework listing all security controls
Example of NIST 800-53 compliance framework listing all security controls

Additionally, teams can leverage Orca’s custom frameworks to combine two or more frameworks—entirely or partially—from Orca’s extensive library. They can also create an entirely new framework from scratch using Orca’s catalog of more than 2,200 alerts, which cover the full spectrum of cloud use cases. 

Orca Security's Custom Compliance feature
Orca Custom Frameworks feature provides maximal flexibility and efficiency

The Orca Platform empowers teams to remediate issues efficiently and effectively. Each Orca alert features multiple remediation options, including detailed remediation instructions, the ability to auto-remediate certain risks, and AI-powered remediation. The latter leverages Amazon Bedrock, Azure OpenAI, or Vertex AI to generate specific instructions tailored to your unique remediation process. 

Orca's Filter dashboard featuring an Azure member user with permissive IAM role assignment and remediation steps
Orca’s remediation capabilities offer multiple options to accommodate different skill and capacity requirements

In addition, Orca enhances collaboration between cross-functional teams. Using Orca’s two-way integrations with Jira and ServiceNow, security teams can create and assign tickets directly from an Orca alert and monitor its status. Once the ticket is closed, Orca automatically verifies whether the issue is resolved.

Orca's Filter dashboard featuring an Azure member user with permissive IAM role assignment and IAM misconfigurations
Orca offers more than 50 technical integrations with security, productivity, and communication solutions

Using the Orca Platform, SLED agencies can streamline compliance reporting. Orca allows teams to automatically generate ad hoc or recurring compliance reports in PDF, JSON, or CSV format. They can also schedule reports to send automatically to an email address, Slack channel, or storage bucket. 

An example of Orca's compliance reporting allowing teams to schedule one-time or recurring reports
Orca eases compliance reporting by allowing teams to schedule one-time or recurring reports

“With the acceleration of cloud initiatives and the need to improve the cybersecurity of SLED agencies, Orca’s StateRAMP Authorized cloud security platform is positioned to play a valuable role in helping state and local agencies achieve these milestones quickly with a comprehensive solution that is easy to deploy and operationalize,” said Louis Simonen, Head of Public Sector, Orca Security.  

Learn more about Orca Security for Government

Interested in learning more about how Orca is deployed in a StateRAMP environment? View our government solutions page, or schedule a personalized 1:1 demo. If you would like to discuss your StateRAMP cloud security requirements with us, please fill out our contact form.

The Orca Cloud Security Platform is certified across 24 cloud frameworks by the Center of Internet Security (CIS Benchmarks). This certification validates that Orca accurately identifies any configurations that deviate from best practices in more than 60 CIS Benchmarks. 

Further reading