Software AG Government Solutions Achieves FedRAMP Authorization
Software AG Government Solutions announced it has been awarded FedRAMP Moderate Authorization for Software AG Government Cloud, which allows Federal agencies to take advantage of Software AG’s Alfabet product in a secure SaaS model. This provides rapid deployment and fast time-to-value within the recognized leadership and security of the FedRAMP program.
Software AG is a SaaS provider of market leading Enterprise Architecture and IT Planning and Portfolio Management solutions, Alfabet and ARIS. While enabling the business of Federal agencies and ensuring security protection of agency and citizen information assets is top of mind for government IT leaders, the adoption of more rigorous IT Enterprise Architecture and IT Planning is helping agencies gain a better overall picture of their IT environments in order to make better decisions. Alfabet and ARIS enable agencies to more reliably analyze and answer business questions about the value to be received from IT and develop more accurate pictures of mission gains and risks during project delivery. With government agencies facing mandates today, such as FITARA and TBM, and new mandates in the future, the need for flexible visibility and transparency for not only IT spend but how IT is aligned to mission, has never been more critical.
PLATFORM IMPLEMENTATION DETAILS
- Fast deployment into Azure Government Cloud P-ATO at FedRAMP Moderate
- Central contact point for all issues including hosting, software deployment, and optionally end-user support
- Single Tenant deployments per customer providing peace of mind security while avoiding multi-tenant headaches and forced upgrade timelines
- Shared Help Desk, Security, and Operations Staff to optimize cost and skillset management
- Single-Sign On Capability leveraging approved SAML providers supporting PIV/CAC authentication
- Environment provisioning and operations meeting NIST 800-53 Rev 4 FedRAMP Moderate
- All US Person staff
- Faster time-to-value for the mission
- Well-defined tenant boundary for streamlined agency ATO signoff
- Simplified cost structure removing separate costs for hardware, software and hosting removing capital funding requirements
- Reduced training and staffing requirements for software configuration and patch/upgrade cycles
Assists organizations in IT planning, portfolio management, risk management and enterprise architecture.
Key Solution Capabilities:
- Accelerated deployment for government agencies
- Support for TBM, FITARA, DODAF, and many other frameworks and standards, “out of the box”
- Manage and reduce costs by rationalizing the IT landscape
- Improve business and IT agility with a clear understanding of impacts and dependencies in your architecture
- Enhance decision-making, drive innovation and reduce time-to-market
- Plot your transformation success with road mapping capabilities across multiple dimensions
- Create operational efficiencies by eliminating information silos
- Improve compliance and reduce risk through the definition and effective analysis of compliance information
Assists organizations in following the Architecture of Integrated Information Systems approach to enterprise modeling. Agencies can analyze, process and take a holistic approach to design, management, workflow, and application processing.
Key Solution Capabilities:
- Business Modeling- Easily design your processes with a rich modeling environment supporting whatever notation or topic from BPMN 2.0 to customer journey mapping
- Business Analysis – Analyze your business from simple to complex. From easy search & queries, ad-hoc analysis, decision-making, reporting & macros
- Central Repository – Based on a central repository and administration make sure you are in full control of your operations
- Connected Operations – Design is tightly integrated with publishing and collaboration and integrated e.g. via interfaces to external tools like SAP
- Business Clarity – A state-of the-art look-and-feel makes it fun to view processes. Innovative ways to publish process content enable anyone to understand processes
- Process Improvement – By using social collaboration, you unlock the wisdom of the crowd for process improvement
- Direct Access – Access dedicated & up-to-date information to analyze and evaluate content, contribute to process improvements, view and share best practices
AGENCIES USING THIS SERVICE
The Department of Education will use Alfabet to manage their Business, Application and Technology portfolios. The Department will leverage advanced optimization and rationalization features to reduce costs, remove duplicate applications, and provide better access and transparency to their agency-wide IT landscape. Alfabet will also integrate with many external systems to generate visualizations of interactions with External Service Providers.
Steven Corey-Bey, Chief Enterprise Architect for the Department of Education commented, “We have been assessing how we can gain better visibility over all of our technology. We consider Software AG’s Alfabet solution the missing piece, which is why we sponsored them through the authorization.”
FEDRAMP AUTHORIZATION DETAILS & SYSTEM PROFILE
Authorization Type: Agency
Independent Assessor: Kratos
Agency Authorization Date: 05/20/2020
In-Process Date: 11/05/2019
Authorized Date: 07/09/2020
Package ID: FR2000945223
What is FedRAMP?
The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products & services. This method uses a “do once, use many times” framework that saves cost, time, and staff required to perform redundant Agency security assessments.
Is FedRAMP mandatory?
Yes, FedRAMP is mandatory for Federal Agency cloud deployments and service models at the low, moderate, and high-risk impact levels. Private cloud deployments meant for single organizations and implemented fully within federal facilities are the only exception.
How do you get access to the FedRAMP Package?
Here is the FedRAMP Package Access Request Form for Review of FedRAMP Security Package.
What is the difference between “FedRAMP Authorized” and “FedRAMP Ready”? How do Agencies access and approve security authorization packages?
The main distinction is that FedRAMP Ready systems are not FedRAMP Authorized. FedRAMP Ready systems must still undergo an authorization process, while FedRAMP Authorized systems have completed the process at least once already.
Agencies can review the list of FedRAMP Authorized systems in the FedRAMP Marketplace to determine if they are suitable for their use and can issue Agency ATOs. Agency personnel can request access to FedRAMP Agency authorization packages in the FedRAMP Secure Repository by completing an access request form.
How will FedRAMP help make cloud computing more secure for the federal government?
FedRAMP requirements include additional controls above the standard NIST baseline controls in NIST SP 800-53 Revision 4. These additional controls address the unique elements of cloud computing to ensure all federal data is secure in cloud environments.