Tag Archives: FedRAMP

Why AppExchange Use Offers Agencies Untapped Opportunity

Posted on by
Reply

In our first Insider’s Guide, we’re pulling back the curtain on the world’s largest cloud app marketplace, the Salesforce AppExchange, to offer a look at what it is, how it works and how it can provide value to agencies in extending their investment in the Salesforce platform. With the government’s increased focus on improving service delivery — particularly public-facing services per the presidential administration executive order on customer service — taking advantage of possible software-as-a-service integrations with the Salesforce customer relationship management platform makes logical sense. Download the guide to learn how AppExchange helps organizations increase productivity, eliminate risk and save time.

 

Nintex DocGen for Document Creation, Automation and Management

“A great example would be voter registration cards. Every year, you need to update it. We make it really easy to go out and maintain it with our solution and not have to go into code to make updates. It becomes easy to create, easy to maintain going forward and not having to spend budget on development cycles or development resources to build these solutions. The alternative is to write and maintain custom Apex code, which requires an advanced skill set and takes more time. This is a faster way to develop it and an easier way to maintain it.”

Read more insights from Steve Witt, Director of Public Sector at Nintex.

 

IIG FNN AppExchange Blog Embedded Image 2023FormAssembly for Secure Online Forms

“Specifically, we’re the most secure and compliant platform in the entire marketplace. That is how we go to market, that’s what we pride ourselves on: being good stewards of our data, being thought leaders in that space. Government organizations should use us because, doubling down on the security and compliancy, we’re tailored for highly sensitive data. We’re built for that. We hold the distinction of being the only FedRAMP-ready platform on the marketplace in this category. We also hold SOC 2, ISO 27001, PCI DSS and GDPR compliance. And really, what that means for our customers and partners is that we’re experts in this space, and that will mitigate any risk and collecting data for your organization, whether it’s here in the United States or abroad.”

Read more insights from Paul Lazatin, Director of Partnerships at FormAssembly.

 

WalkMe for No-Code Digital Adoption

“What makes us unique is that we have the ability to overlay on any enterprise application in the tech stack, commercial off-the-shelf (COTS), government off-the-shelf (GOTS) or custom-built. By doing so, we’re able to create better user experiences, drive employee productivity and monitor digital adoption on any enterprise application that’s being deployed out to the federal government, whether those applications are internal to employees or externally facing for taxpayers and constituents.”

Read more insights from Carl Wright, Director of Public Sector of Federal Sales at WalkMe.

 

Odaseva for Enterprise Data Protection

“Many federal and state organizations have questions that need answers when it comes to managing their Salesforce data. How do Salesforce users archive data that is no longer needed? How do they comply with regulations such as those from the National Institute of Standards and Technology or in the California Consumer Privacy Act? That’s why we at Odaseva consider the data management lifecycle. Odaseva helps organizations comply with the strictest data regulations and guard against data failure — all with precise control on a field-tested platform to scale with ease. And we deliver this with the strongest data security features that exceed the requirements of even the most complex, highly regulated businesses in the world.”

Read more insights from Matt Carstensen, Senior Solutions Engineer at Odaseva.

 

Conga Apps for Contract and Workflow Management

“Conga offers a flexible platform and set of solutions built natively on top of Salesforce that address a broad set of needs for federal, state and local government entities. Our products include Composer, the number one downloaded application on Salesforce’s AppExchange. Conga Composer allows public sector customers to automate document generation to get work done faster and easier in Salesforce. Users can create documents with dynamic data from Salesforce in the correct template, then send it, store it and trigger the next business process. Conga Sign is a modern and highly secure e-signature solution. We now offer a FedRAMP-certified version of our e-signature solution, which is getting quite a bit of attention.”

Read more insights from Eric Daggett, Vice President of Sales for Public Sector at Conga.

 

Download the full Insider’s Guide for more insights from these AppExchange leaders and additional interviews, research and infographics.

 

How to get StateRAMP Ready Faster with Security Snapshot

Posted on by
Reply

Security is of utmost importance to government agencies because they have access to the sensitive information of millions of people. To ensure this information stays private, StateRAMP (State Risk and Authorization Management Program) offers several guidelines to help.

StateRAMP is a nonprofit launched in 2021 and modeled after FedRAMP, a government-wide program that promotes secure cloud usage across the Federal government. State and local governments created StateRAMP to extend this authorization to the relationships between cloud service providers (CSPs) and state and local governments to improve cybersecurity posture. As an independent  nonprofit organization, StateRAMP has created a process for continuous cybersecurity improvement to efficiently and cost-effectively verify the cybersecurity of cloud service providers.

Carahsoft StateRAMP Security Snapshot Blog Embedded Image 2023A main initiative is evaluating the data security capabilities of cloud solution providers that sell to state and local governments. StateRAMP ensures CSPs meet minimum security requirements and helps them obtain verification and achieve certification. These verification statuses were created by StateRAMP and must be certified by a third party. To simplify this certification process, StateRAMP has introduced “Security Snapshot.”

Hurdles to Attaining StateRAMP Verification

StateRAMP has had an Authorized Product List since 2021,updated at the end of every business day. This list is comprised of verified providers who meet the minimum security requirements and provide an independent audit conducted by a Third Party Assessment Organization (3PAO). StateRAMP recognizes three verified statuses:

  1. Ready: The product meets minimum requirements.
  2. Provisional: The product exceeds minimum requirements and has a government sponsor.
  3. Authorized: The product satisfies all requirements and has a government sponsor.

There are 38 cloud service offerings (CSOs), 4 local government agencies, 2 universities and 17 states that are qualified in the above three tiers.

A Simpler Future with Security Snapshot

After StateRAMP’s verification process was introduced, providers encountered several questions. For some CSPs, it wasn’t easy to know if they could achieve a StateRAMP-Ready approval. The fear that CSPs would be left with a public, poor StateRAMP score induced anxiety in starting the approval process. Many agencies were unsure if they were making progress in the right direction. To combat this, StateRAMP released a new solution in early January 2023—the “Security Snapshot.”

Security Snapshot provides detailed information on how companies can get StateRAMP-certified. The snapshot offers a preliminary numerical score that CSPs can share with prospective government clients, which will not appear on the CSP’s record.

This resource acts as an early-stage security maturity assessment tool for cloud products. The intent of the service is to provide a first step toward achieving StateRAMP security status. The criteria are designed to help agencies validate minimum requirements and provide controls and additional benchmarks that would further aid in certification.

The Security Snapshot also helps providers gain quality insight into security postures and third-party cloud solutions such as Software as a Service (SaaS), Infrastructure as a Service (IaaS) and Platform as a Service (PaaS) products. Ultimately, it provides insights for providers and the government branches they serve.

With the introduction of Security Snapshot, CSPs can ease their concerns, knowing they will receive detailed, personalized support to help them qualify for StateRAMP’s verification.

 

For more information on StateRAMP’s security approach, visit our StateRAMP resource hub and watch our Carahsoft briefing at carah.io/StateRAMP.