The Forrester Wave™: Cybersecurity Risk Ratings Platforms, Q2 2024
SecurityScorecard Achieves FedRAMP® Ready Designation to Enable U.S. Federal Agencies with Supply Chain Risk Management, Critical Infrastructure Monitoring, and Regulatory Oversight
U.S. federal agencies positioned to adopt A to F letter-grade rating system
News Summary
- White House National Cybersecurity Strategy mandates a ‘data-driven’ approach
- TSA partnership is a model for U.S. federal agencies with oversight of critical infrastructure
NEW YORK – October 24, 2023 — SecurityScorecard today announced it achieved the Federal Risk and Authorization Management Program (FedRAMP) Ready designation, highlighting the company’s robust security standards to protect customer information. With this achievement, SecurityScorecard is ready to meet demand from U.S. federal agencies for its Third-Party Cyber Risk Management Platform and implement a standardized letter-grade system for measuring the U.S. government’s cybersecurity, particularly for its suppliers and vendors (and in certain cases for monitoring critical infrastructure and/or regulated entities).
Third-party cyber risk is a national security risk: 98% of firms have a supply chain relationship that has been breached
To mitigate third-party risk, SecurityScorecard delivers standardized “A to F” letter grades that measure and validate organizations’ security posture and supply chains in real-time. SecurityScorecard combines national security-grade threat intelligence, automatic third-party vendor detection, and the world’s most complete Security Ratings Platform to mitigate supply chain attacks.
Dr. Aleksandr Yampolskiy, CEO and Co-Founder at SecurityScorecard, said: “You can’t manage what you can’t measure. FedRAMP affirms our broader commitment to providing a standardized approach to measuring cybersecurity.”
SecurityScorecard accelerates its partnership across the U.S. government as a trusted partner
SecurityScorecard is already a trusted partner across the U.S. government, with FedRAMP Ready accelerating the adoption of mission-critical cyber capabilities. SecurityScorecard U.S. Public Sector business continues to see strong momentum with 96% year-over-year growth. Recent highlights include:
- Public Sector partnerships: SecurityScorecard forged strategic partnerships with eight public sector-related associations, including the U.S. Conference of State Bank Supervisors (representing all 50 state banking regulators) and national associations for U.S. counties and state legislators.
- Cybersecurity and Infrastructure Security Agency (CISA) recognition: Notably, in 2022, CISA incorporated SecurityScorecard into its catalog of Free Cybersecurity Services and Tools. Furthermore, CISA publicly partnered with SecurityScorecard through the CISA Joint Cyber Defense Collaborative.
- DHS approval: SecurityScorecard Attack Surface Intelligence, which also achieved FedRAMP Ready status, also received approval from the Department of Homeland Security (DHS) Continuous Diagnostics and Mitigation (CDM) Program’s approved products list (APL) to identify, contextualize, and prioritize critical threats.
TSA partnership sets blueprint for U.S. federal agencies with critical infrastructure oversight
SecurityScorecard FedRAMP Ready status comes on the heels of a partnership with the Transportation Security Administration (TSA). Following ransomware attacks on the transportation sector, the TSA began using SecurityScorecard Ratings to measure and validate the security posture of critical infrastructure and reporting on the hygiene of these entities using a straightforward A to F letter-grade rating system — which the White House recently described as “game-changing.”
The model being used by the TSA can be easily replicated by other “Sector Risk Management Agencies,” i.e., federal agencies with oversight of U.S. critical infrastructure. A fully FedRAMP-authorized solution from SecurityScorecard will provide agencies with real-time monitoring of critical infrastructure and secure collaboration capabilities to enhance resilience.
Key benefits of the SecurityScorecard Platform for U.S. federal agencies:
- Operationalize third-party cyber risk management: Out-of-the-box compatibility to operationalize third-party cyber risk management across critical infrastructure.
- Efficient risk prioritization: Federal agencies can prioritize risks on a large scale, providing actionable insights and enhancing operational awareness.
- Enhance collaboration: The platform promotes operational collaboration, facilitating the delivery of insights and intelligence.
- Dynamic risk insights: Actionable insights into risk associated with key sectors, empowering agencies to respond proactively.
- Improve threat awareness: Federal agencies can drive awareness of threat exposure with operational stakeholders and partners.
- Streamline collaboration: Improve collaboration across the entire federal cybersecurity ecosystem.
A standardized approach to security assessment, authorization, and continuous monitoring
FedRAMP is a U.S. government-sponsored security compliance and certification that sets an extremely high bar for security controls, with less than 450 cloud-based products achieving FedRAMP designation. At the end of 2022, the U.S. Congress codified FedRAMP as the authoritative standard governing the deployment of cloud computing products for the U.S. federal government.
The impact of FedRAMP authorization goes well beyond U.S. federal agencies. FedRAMP is a gold standard for cybersecurity worldwide and is a marker of cybersecurity maturity in the private sector. For example, FedRAMP is used as a proxy in regulated industries, such as healthcare and financial services.
Former U.S. Congressman John Katko and SecurityScorecard Senior Advisor, stated: “Cybersecurity is a critical component of national security, and SecurityScorecard is making a huge impact in how it helps organizations become cyber resilient in the face of global threats. Government entities can instantly know the cyber risk of any organization worldwide, including their own, competitors, vendors, and suppliers. I’m looking forward to partnering with the SecurityScorecard team as they help users measure and monitor cyber risks.”
Susan Gordon, Former Principal Deputy Director of U.S. National Intelligence and Independent Director at SecurityScorecard, added: “Increasing cyberattacks are an assault by adversaries on the public’s trust in our most critical systems. Security Ratings give federal agencies essential visibility to defend against these threats and establish a common cybersecurity language. Ultimately, SecurityScorecard empowers agencies to understand and manage dynamic risks, evaluate the effectiveness of cybersecurity investments, and ensure the public’s trust with transparent cybersecurity metrics.”
Availability
SecurityScorecard is now listed on the FedRAMP Marketplace.
About SecurityScorecard
Funded by world-class investors, including Evolution Equity Partners, Silver Lake Partners, Sequoia Capital, GV, Riverwood Capital, and others, SecurityScorecard is the global leader in cybersecurity ratings, response, and resilience, with more than 12 million companies continuously rated.
Founded in 2013 by security and risk experts Dr. Aleksandr Yampolskiy and Sam Kassoumeh, SecurityScorecard’s patented rating technology is used by over 25,000 organizations for enterprise risk management, third-party risk management, board reporting, due diligence, cyber insurance underwriting, and regulatory oversight.
SecurityScorecard makes the world safer by transforming how companies understand, improve and communicate cybersecurity risk to their boards, employees, and vendors. SecurityScorecard is listed as a free cyber tool and service by the U.S. Cybersecurity & Infrastructure Security Agency (CISA). Every organization has the universal right to its trusted and transparent Instant SecurityScorecard rating. For more information, visit securityscorecard.com or connect with us on LinkedIn.
Media Contact
Ashley Nakano
SecurityScorecard
[email protected]