Keeper Security Announces FedRAMP Authorization

Keeper Security, a provider of zero-trust and zero-knowledge cybersecurity software protecting passwords, secrets and connections, has obtained FedRAMP Authorization at the Moderate Impact Level for its Keeper Security Government Cloud (KSGC).

The KSGC password management and security solution has completed the FedRAMP accreditation process. This sought-after and difficult-to-attain designation sets KSGC in the best-in-class zero-trust and zero-knowledge security solution for government agencies to protect their passwords, data and secrets. KSGC is hosted in AWS GovCloud (U.S.), designed to host sensitive data, and regulated workloads and address stringent U.S. government security and compliance requirements.

To receive FedRAMP Authorization, organizations must implement controls from 17 different control families that originate from the National Institute of Standards and Technology Special Publication 800-53. This can take months or years, depending on the complexity of the system. Authorization can be pursued only by an organization through partnering with a federal agency or the Joint Authorization Board (JAB). Additionally, the system must be evaluated and assessed by an authorized independent third-party auditor prior to submitting for final review and authorization by the FedRAMP Program Management Office.

The FedRAMP Authorized KSGC follows a White House Executive Order mandating zero-trust architecture and strong encryption, along with a draft memorandum by the Office of Management and Budget (OMB) and the Cybersecurity and Infrastructure Security Agency (CISA) mandating all federal agencies adopt a zero-trust security architecture by 2024.

The memorandum specifically calls out password security requirements that KSGC facilitates, including strong password policies, the removal of a deprecated requirement to require special characters and regular password rotation, and the ability to compare user passwords against weak and breached data.

Keeper provides government agencies with a human-centric cybersecurity solution that promotes the adoption of password best practices, like the use of MFA, by employees and contractors. Keeper also promotes secure collaboration with encrypted record sharing that allows system administrators to regulate privileged access to files, as well as masking credentials. Keeper’s zero-knowledge system architecture provides the highest levels of security and privacy. Encryption and decryption of data always occurs locally on the user’s device, and only the encrypted ciphertext is stored in KSGC.