Okta Moves to Modernize Critical Government Identity Infrastructure, Achieves FedRAMP Certification from the U.S. Government

SAN FRANCISCO — May 11, 2017 — Okta, the leading independent provider of identity for the enterprise, today announced it has received Moderate certification in the Federal Risk and Authorization Management Program (FedRAMP). The U.S. government-wide program provides a standard approach for assessing, authorizing and continuous monitoring of cloud products and services. The certification will allow government agencies to realize the benefits of the Okta Identity Cloud and simplify the adoption of Okta’s identity, mobility and security solutions at scale on the Amazon Web Services (AWS) Cloud.

As an Okta customer, the Department of Justice (DOJ) issued an Authorization to Operate (ATO) leveraging Okta’s FedRAMP certification. To support the ATO, Okta demonstrated compliance with 300 controls including vulnerability management, incident response capability and business continuity.

With integrations to over 5,000 applications, the Okta Identity Cloud delivers an agile architecture and secure solution for many of the world’s largest enterprises. For government agencies, in addition to enhancing security, Okta’s modern identity and access management solutions enable digital transformation by providing a simplified user experience and enabling better performance across employees, partners, suppliers and customers. With the help of companies like AWS, the Okta Identity Cloud allows organizations to streamline access to the cloud, giving DevOps the ability to build secure user experiences.

“FedRAMP is considered the gold standard, with the most stringent set of security controls for cloud companies,” said Mark Settle, Chief Information Officer at Okta. “Okta’s achievement of FedRAMP certification will make it easy for government agencies to attain the benefits of the cloud — improved user experience, productivity, security and cost savings — for the public at scale and with great impact.”

Additionally, as a launch partner in the AWS Partner Network (APN) Government Competency Program, Okta works strategically with AWS to deliver mission-critical workloads and applications to public sector customers. Okta is built on AWS and leverages many of its core services, including the Amazon EC2 Container Service (ECS) and the AWS Key Management Service (KMS). “The cloud continues to be a major catalyst for governments to innovate, become more efficient, and to help secure citizen services. FedRAMP certification enables consistency and confidence in the security of cloud solutions. We are so pleased that APN partner Okta has met the high bar to achieve FedRAMP certification,” said Troy Bertram, General Manager of Business Development, Worldwide Public Sector, Amazon Web Services.

Okta is committed to the achieving the highest level of security standards, and supporting the security requirements of the most regulated and security-conscious industries. Okta’s security certifications include:

  • The ISO 27001 certification for its information security management system. ISO 27001 is a global information security standard, which sets requirements for the protection and management of information, intellectual property, employee details, and customer data.
  • The AICPA SOC2 Type II process, formerly known as SAS 70 Type II that successfully certifies the operational and security processes of its service and the company. The detailed results of this stringent certification process are available upon request under a nondisclosure agreement.
  • Becoming one of the first identity-as-a-service (IDaaS) companies to achieve the Cloud Security Alliance (CSA) Security, Trust & Assurance Registry (STAR) Level 2 Attestation. The CSA STAR program is the first cloud-specific security framework, and Attestation provides customers the assurance of a rigorous third-party independent assessment. Star Attestation is based on type 2 SOC attestations plus additional Cloud Controls Matrix criteria.