Acquia, the digital experience company, has renewed its Authority to Operate (ATO) under the Federal Risk and Authorization Management Program (FedRAMP) managed by the U.S. General Services Administration. The move extends Acquia’s status as the only commercial provider of cloud services for creating and deploying digital experiences based on Drupal to meet the U.S. government’s requirements for security and protection of federal information.
FedRAMP is a U.S. government-wide program that takes a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. It provides assurance to agencies that the appropriate security and risk management practices are in place for their cloud properties.
The FedRAMP framework adheres to the requirements of federal, state, and local government as well as highly regulated industries such as financial services and life sciences that demand strict security protocols for their IT properties. Acquia’s continuous monitoring ensures a uniform approach to risk management and offers significant cost savings, improved efficiency, and a faster time to market for digital experience delivery.
Agencies such as the Centers for Medicare & Medicaid Services, Department of Commerce, Department of Education, Department of the Treasury, Internal Revenue Service, National Oceanic and Atmospheric Association, and Social Security Administration work with Acquia to help meet their security requirements. To learn more, visit FedRAMP.gov for Acquia’s listing among agency authorized Cloud Service Providers or go to www.acquia.com/government.
FedRAMP certification applies to the following solutions:
- Acquia Cloud Platform for hosting and managing Drupal applications
- Acquia Site Factory for multi-site management
- Acquia Site Studio for building and updating digital experiences using low code
- Acquia Search, now with Solr 8
- Acquia Platform Email capabilities
Acquia has also earned a positive recommendation from a third-party FedRAMP assessment organization.
“Acquia is the only non-governmental offering for Drupal to meet the requirements of the FedRAMP program,” said Robert Former, Chief Information Security Officer at Acquia. “We remain fully committed to delivering the industry’s strongest assurances around Drupal security, scalability, and performance to our federal customers. Acquia’s focus on upholding the industry’s most stringent infosecurity standards in turn benefits all customers across public and private sectors.”
Acquia’s Infosecurity Commitment
Acquia’s information security program helps to ensure customers operate in a cloud environment that complies with a wide array of industry standards and regulations, including ISO 27001, HIPAA, SSAE16/SOC 1/ISAE-3402, SOC 2, and PCI-DSS. In Australia, Acquia has been assessed under Infosec Registered Assessors Program (IRAP) for the Official: Sensitive level.
The company’s “security by design” includes out-of-the-box features such as multiple layers of firewall, multi-factor authentication, vulnerability management, security incident response, backups, and disaster recovery capabilities. Acquia offers powerful solutions to meet a wide range of compliance and security needs.
Acquia is a founding member of the Drupal Steward Program, a web application firewall operated by the Drupal Association and Drupal Security team. Acquia runs Drupal Steward protection across its Drupal cloud platform to supplement the company’s world-class Drupal application security capabilities.
Tune in to MTC Podcast for visionary Martech Trends.