Commvault announced that its SaaS-delivered data protection offerings have achieved the Federal Risk and Authorization Management Program (FedRAMP) High Authorisation. This certification signifies that Commvault Cloud for Government can securely handle the most sensitive, controlled unclassified information (CUI) in cloud computing environments for government agencies and contractors, providing unmatched data protection and cyber resilience.
FedRAMP is a government certification program that provides a standardised security assessment for SaaS application vendors to become authorized to work with federal and state agencies in the United States. Built on a three-level framework, FedRAMP High Authorization, the highest level of security authorization within the program, ensures that cloud solutions meet the stringent security standards established by the National Institute of Standards and Technology (NIST) and can protect data by the U.S. government’s most rigorous security protocols.
Commvault’s achievement of FedRAMP High Authorization for its Commvault Cloud for Government SaaS-delivered data protection solution demonstrates the company’s commitment to providing government agencies with the highest level of data protection and cyber resilience, helping to ensure their critical data remains secure and available in the face of evolving cyber threats.
“We are thrilled to have achieved FedRAMP High Authorisation for our Commvault Cloud for Government offering,” said Don Maruca, Vice President, Federal, Commvault. “This certification validates our dedication to delivering secure and reliable data protection solutions for government agencies. With our FedRAMP High Authorization, customers can have confidence in the security and cyber resilience of their data, knowing that the strictest industry-leading protocols and benchmarks protect it.”
Commvault Cloud elevates cyber resilience beyond the norm, making it easy to implement the recovery readiness and testing practices outlined in legislation like DORA and frameworks like NIST.
With features such as continuous cyber recovery plan testing and the ability to recover automatically to an isolated, secure cleanroom in the cloud, Commvault transforms immutable data storage into a proactive resilience mechanism. Government agencies can now safeguard their data while actively engaging with it to ensure uninterrupted operations and rapid response to cyber incidents.
Commvault Cloud’s FedRAMP High Authorization applies specifically to its Commvault Cloud for Government SaaS offerings. These dedicated solutions are designed to meet the unique needs of federal agencies and are hosted exclusively using government cloud deployment models, which also comply with U.S. government and federal regulations.
“The U.S. Department of the Treasury, as the initial agency supporting Commvault Cloud for Government (formerly Metallic), congratulates the FedRAMP team, our internal security team and Commvault for achieving the FedRAMP High Authorization as of 17 May 2024, the Federal government’s highest cybersecurity certification for protecting controlled unclassified information (CUI).”
“The FedRAMP team has completed the review of the Commvault Cloud for Government (formerly Metallic) authorization package and concluded FedRAMP High Authorization. FedRAMP acknowledges that this achievement is based on the support of Federal agencies such as the Department of the Treasury in their role as the initial agency to issue an ATO, Commvault as the CSP, and Coalfire and the Treasury security team as the independent assessors.”
“NIST has authorized and is currently using Commvault Cloud for Government (formerly Metallic). NIST commends the FedRAMP team and the Department of the Treasury in completing the approval of the FedRAMP High Authorisation for Commvault Cloud for Government on 17 May 2024.”
“This certification is yet another clear indicator that Commvault Cloud is a critical tool for government agencies handling sensitive data in the cloud,” said Craig P. Abod, President, Carahsoft. “As a long-standing Commvault partner, we look forward to working with our reseller partners to provide these newly authorized solutions to our public sector customers. With its FedRAMP High Authorization, Commvault is now in a league of its own, going beyond data protection to provide top-tier data security and rapid recoverability from cyber attacks.”
Commvault Cloud’s FedRAMP High Authorized solutions are currently available for purchase by US agencies and organizations. The FedRAMP Marketplace, a public government-controlled portal, lists all FedRAMP designated solutions and provides a catalog for government agencies to discover authorized solutions.
Commvault Cloud SaaS solutions are also FIPS 140-2 Compliant, ISO/IEC 27001: 2013 Certified, NIST 800-53 CP9 & CP10 Compliant, SOC 2 Type II Compliant, CJIS Compliant, and Infosec Registered Assessor Program (IRAP) PROTECTED.