Project Hosts Deploys Checkmarx Solutions on FedRAMP.gov

3 min.

May 16, 2019

NEW YORK AND CONNEAUTVILLE, PA – May 16, 2019 – Checkmarx, the Software Exposure Platform for the enterprise, has deployed CxSAST on Project Hosts’ Federal Private Cloud (FPC) FedRAMP-authorized Platform-as-a-Service (PaaS). This deployment facilitates Federal agencies to grant a FedRAMP Moderate or DOD Impact Level 5 (IL5) Authority to Operate (ATO) for a cloud deployment of the Checkmarx CxSAST solution.  By being deployed on Project Hosts’ Federal Private Cloud (FPC) FedRAMP-authorized Platform-as-a-Service (PaaS), Checkmarx inherits a vast majority of the controls required for FedRAMP and DOD IL5 compliance.  Checkmarx also provides agencies with a System Security Plan (SSP) showing how the remainder of controls are implemented, making the compliance verification and ATO process significantly easier.

The Checkmarx Software Exposure Platform aligns software security with DevOps culture, detecting, intelligently prioritizing, and remediating exposure across the software development lifecycle (SDLC) from the coding stage through the runtime application testing stage. The platform tightly includes CxSAST, CxOSA, CxIAST, and CxCodebashing via a unified management and orchestration layer to address the entire software exposure lifecycle.
“Checkmarx is fully committed to the U.S. Federal government and is pleased to provide our software security solutions via the Project Hosts Platform as a Service that is both FedRAMP and DOD IL5 compliant,” said Rich Wajsgras, Vice President of U.S. Federal, Checkmarx.  “This makes it much easier for Federal organizations to move to a true DevSecOps model.”

CxSAST is a flexible and accurate static analysis solution used to identify hundreds of security vulnerabilities in both custom code and open source components. CxOSA empowers development and DevOps teams to control and manage open source components and mitigate potential risks to the application, organizations, and its users by providing a holistic view of the application. CxIAST detects vulnerabilities in running applications under test. Built for DevOps, it seamlessly integrates into the CI/CD pipeline. Finally, CxCodebashing provides continuous, in-context, bite-sized secure coding training that allows enterprises to grow their in-house security skills, and results in fewer vulnerabilities being introduced into code in the first place.

Checkmarx is deployed on Project Hosts’ Federal Private Cloud (FPC) Platform-as-a-Service (PaaS). Project Hosts’ FPC is built on Microsoft Azure Government and saves organizations a significant amount of time and money, obtaining FedRAMP compliance in as little as two months. The FPC from Project Hosts is a General Support System (GSS) composed of services that manage access control, authentication, auditing, monitoring, scanning, patching, configuration, management, malware prevention, intrusion prevention, incident response, backup, and disaster recovery for SaaS solutions.

About FedRAMP: The Federal Risk and Authorization Management Program, or FedRAMP, is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. This approach uses a “do once, use many times” framework that saves an estimated 30-40% of government costs, as well as both time and staff required to conduct redundant agency security assessments. FedRAMP is the result of close collaboration with cybersecurity and cloud experts from the General Services Administration (GSA), National Institute of Standards and Technology (NIST), Department of Homeland Security (DHS), Department of Defense (DOD), National Security Agency (NSA), Office of Management and Budget (OMB), the Federal Chief Information Officer (CIO) Council and its working groups, as well as private industry.

About Checkmarx: Checkmarx is the Software Exposure Platform for the enterprise. Over 1,400 organizations around the globe rely on Checkmarx to measure and manage software risk at the speed of DevOps. Checkmarx serves five of the world’s top 10 software vendors, four of the top American banks, and many government organizations and Fortune 500 enterprises, including SAP, Samsung, and Salesforce.com. Learn more at Checkmarx.com.

About Project Hosts: Project Hosts is a cloud service provider (CSP) that provides FedRAMP compliant environments to government agencies. Federal and state government agencies, and ISVs, rely upon Project Hosts to achieve FedRAMP cloud compliance for their applications. Our Federal Private Cloud for Windows and Linux apps is a ready-to-run security envelope built on top of Azure that delivers compliance at the FedRAMP, DoD IL 5 levels. Learn more at Projecthosts.com.

Checkmarx Media Contact:
InkHouse for Checkmarx
Jessica Bettencourt
jbettencourt@inkhouse.com

Project Hosts Media Contact:
James Ford                                                                                              
877-659-6055 ext. 3017
james.ford@projecthosts.com

Read More

Want to learn more? Here are some additional pieces for you to read.