Rackspace and Telos are partnering on an effort to help small to mid-size SaaS vendors achieve FedRAMP compliance in a faster, more affordable way.
The program is called Rackspace Inheritable Security Controls (RISC). It is powered by Rackspace’s existing Joint Authorization Board (JAB)-authorized platform-as-a-service and Telos Corporation’s Xacta. Rackspace claims that RISC significantly shortens the time and reduces the cost required to achieve Authorization to Operate (ATO) for independent software vendors (ISVs) selling software-as-a-service (SaaS) to the federal government.
“Our joint approach to the FedRAMP process represents a significant departure from traditional, consultant-led engagements typically required to provide federally compliant solutions,” said Raymond Kalustyan, vice president and general manager of Rackspace Government Solutions.
Running a consultant-based process for FedRAMP compliance can typically take a few years and includes fees for consulting alongside costs associated with coming into compliance. The time and upfront costs associated with trying to achieve FedRAMP certification are barriers to entry for smaller vendors and can keep many new innovations on the sidelines for government users.
The program relies on automation and cyber risk management to help vendors achieve compliance. “Think of it as FedRAMP-as-a-Service,” Kalustyan says.
RISC is using Telos’ Xacta, a first-of-its-kind cyber risk management solution that automates the necessary FedRAMP authorization package, including documentation, registration of projects, assessments, authorizations and continuous monitoring. Also participating in the RISC program are SecureIT, an accredited Third Party Assessment Organization (3PAO), delivering full lifecycle FedRAMP assessment and advisory solutions, and Carahsoft, a public sector distributor for Rackspace.