Press release

Project Hosts Deploys Checkmarx Solutions on FedRAMP.gov

0
Sponsored by Businesswire

Checkmarx,
the Software Exposure Platform for the enterprise, has deployed CxSAST
on Project Hosts’ Federal Private Cloud (FPC) FedRAMP-authorized
Platform-as-a-Service (PaaS). This deployment facilitates Federal
agencies to grant a FedRAMP Moderate or DOD Impact Level 5 (IL5)
Authority to Operate (ATO) for a cloud deployment of the Checkmarx
CxSAST solution.
By being deployed on Project Hosts’ Federal
Private Cloud
(FPC) FedRAMP-authorized Platform-as-a-Service (PaaS),
Checkmarx inherits a vast majority of the controls required for FedRAMP
and DOD IL5 compliance. Checkmarx also provides agencies with a System
Security Plan (SSP) showing how the remainder of controls are
implemented, making the compliance verification and ATO process
significantly easier.

The Checkmarx
Software Exposure Platform
aligns software security with DevOps
culture, detecting, intelligently prioritizing, and remediating exposure
across the software development lifecycle (SDLC) from the coding stage
through the runtime application testing stage. The platform tightly
includes CxSAST, CxOSA, CxIAST, and CxCodebashing via a unified
management and orchestration layer to address the entire software
exposure lifecycle.

“Checkmarx is fully committed to the U.S. Federal government and is
pleased to provide our software security solutions via the Project Hosts
Platform as a Service that is both FedRAMP and DOD IL5 compliant,” said
Rich Wajsgras, Vice President of U.S. Federal, Checkmarx. “This makes it
much easier for Federal organizations to move to a true DevSecOps model.”

CxSAST
is a flexible and accurate static analysis solution used to identify
hundreds of security vulnerabilities in both custom code and open source
components. CxOSA
empowers development and DevOps teams to control and manage open source
components and mitigate potential risks to the application,
organizations, and its users by providing a holistic view of the
application. CxIAST
detects vulnerabilities in running applications under test. Built for
DevOps, it seamlessly integrates into the CI/CD pipeline. Finally, CxCodebashing
provides continuous, in-context, bite-sized secure coding training that
allows enterprises to grow their in-house security skills, and results
in fewer vulnerabilities being introduced into code in the first place.

Checkmarx is deployed on Project Hosts’ Federal Private Cloud
(FPC) Platform-as-a-Service (PaaS). Project Hosts’ FPC is built on
Microsoft Azure Government and saves organizations a significant amount
of time and money, obtaining FedRAMP compliance in as little as two
months. The FPC from Project Hosts is a General Support System (GSS)
composed of services that manage access control, authentication,
auditing, monitoring, scanning, patching, configuration, management,
malware prevention, intrusion prevention, incident response, backup, and
disaster recovery for SaaS solutions.

About FedRAMP: The Federal Risk and Authorization Management
Program, or FedRAMP, is a government-wide program that provides a
standardized approach to security assessment, authorization, and
continuous monitoring for cloud products and services. This approach
uses a “do once, use many times” framework that saves an estimated
30-40% of government costs, as well as both time and staff required to
conduct redundant agency security assessments. FedRAMP is the result of
close collaboration with cybersecurity and cloud experts from the
General Services Administration (GSA), National Institute of Standards
and Technology (NIST), Department of Homeland Security (DHS), Department
of Defense (DOD), National Security Agency (NSA), Office of Management
and Budget (OMB), the Federal Chief Information Officer (CIO) Council
and its working groups, as well as private industry.

About Checkmarx: Checkmarx is the Software Exposure Platform for
the enterprise. Over 1,400 organizations around the globe rely on
Checkmarx to measure and manage software risk at the speed of DevOps.
Checkmarx serves five of the world’s top 10 software vendors, four of
the top American banks, and many government organizations and Fortune
500 enterprises, including SAP, Samsung, and Salesforce.com. Learn more
at Checkmarx.com.

About Project Hosts: Project Hosts is a cloud service provider
(CSP) that provides FedRAMP compliant environments to government
agencies. Federal and state government agencies, and ISVs, rely upon
Project Hosts to achieve FedRAMP cloud compliance for their
applications. Our Federal Private Cloud for Windows and Linux apps is a
ready-to-run security envelope built on top of Azure that delivers
compliance at the FedRAMP, DoD IL 5 levels. Learn more at Projecthosts.com.