Keeper Security, a provider of zero-trust and zero-knowledge cybersecurity software protecting passwords, secrets and connections, has obtained StateRAMP Authorization at the Moderate Impact Level for its Keeper Security Government Cloud (KSGC).
The nationwide StateRAMP cybersecurity verification program promotes the adoption of secure cloud services across state and local governments by providing a standardized approach to security and risk assessment for cloud technologies for state and local governments, as well as higher-educational institutions, to protect their passwords, data, and secrets.
StateRAMP Authorization enables these governments and organizations to accelerate the adoption of cloud computing by creating transparent standards and processes for security authorizations. It allows them to leverage Keeper’s password management and cybersecurity platform on an institution-wide scale with confidence that the solution meets strict standardized security requirements. KSGC is hosted in AWS GovCloud (US), designed to host sensitive data, regulated workloads and address the most stringent security and compliance requirements.
Keeper provides government agencies with a human-centric cybersecurity solution that promotes the adoption of password best practices, like the use of MFA, by employees and contractors. Keeper also promotes secure collaboration with encrypted record sharing that allows system administrators to regulate privileged access to files, as well as masking credentials. Keeper’s zero-knowledge system architecture provides the highest levels of security and privacy. Encryption and decryption of data always occur locally on the user’s device, and only the encrypted ciphertext is stored in KSGC.
KSGC’s FedRAMP and StateRAMP Authorizations follow a White House Executive Order mandating zero-trust architecture and strong encryption, along with a draft memorandum by the Office of Management and Budget and the Cybersecurity and Infrastructure Security Agency mandating all federal agencies adopt a zero-trust security architecture by 2024. The memorandum specifically calls out password security requirements that KSGC facilitates, including strong password policies, the removal of a deprecated requirement to require special characters and regular password rotation, and the ability to compare user passwords against weak and breached data.