How Okta is Modernising Critical Government Identity Infrastructure

Today we’re excited to announce that Okta has received Moderate certification in the Federal Risk and Authorisation Management Program (FedRAMP). Okta’s achievement of the FedRAMP certification enables federal agencies to adopt cloud applications that simplify identity management. In addition, the achievement allows Okta customers to inherit the security controls from Okta’s authority to operate. Customers can demonstrate that access control requirements for their employees are met, and reduce the amount of work needed for their own authority to operate. The FedRAMP process is simplified for partners and customers that use Okta within their own applications.

FedRAMP provides a standard approach for assessing, authorizing and continuous monitoring of cloud products and services. To receive accreditation, Okta demonstrated an advanced level of security compliance and technical proficiency across over 300 controls including vulnerability management, incident response capability, and business continuity.

The certification is reinforced by Okta customers and launch partners. As an Okta customer, the United States Department of Justice (DOJ) supported Okta’s FedRAMP Authorization to Operate (ATO). Additionally, as a launch partner in the Amazon Web Services (AWS) Government Competency, Okta and AWS are partnering strategically to deliver mission-critical workloads and applications to public sector customers.

Okta is committed to the achieving the highest level of security standards and supporting the security requirements of the most regulated and security-conscious industries. Our security certifications include:

• The ISO 27001 certification for its information security management system. ISO 27001 is a global information security standard, which sets requirements for the protection and management of information, intellectual property, employee details, and customer data.
• The AICPA SOC2 Type II process, formerly known as SAS 70 Type II that successfully certifies the operational and security processes of its service and the company. The detailed results of this stringent certification process are available upon request under a nondisclosure agreement.
• Becoming one of the first identity-as-a-service (IDaaS) companies to achieve the Cloud Security Alliance (CSA) Security, Trust & Assurance Registry (STAR) Level 2 Attestation. The CSA STAR program is the first cloud-specific security framework, and Attestation provides customers the assurance of a rigorous third-party independent assessment. Star Attestation is based on type 2 SOC attestations plus additional Cloud Controls Matrix criteria.

Learn more about how Okta can help government agencies by checking out our federal website, reading a press release on how Okta is working with Centers for Medicare and Medicaid, and reviewing a case study on how Okta is helping the American Federation of Government Employees (AFGE) become more agile and scalable.