Original press release published here.
REDWOOD CITY, Calif. – February 8, 2022 – Synack, the premier crowdsourced platform for on-demand security expertise, announced it has received Moderate "In Process" status from the Federal Risk and Authorization Management Program (FedRAMP).
The designation underscores Synack's commitment to stringent data security and compliance standards -- critical for U.S. Government clients and federal government contractors today -- and sets the company apart as an industry leader in on-demand security testing and Vulnerability Disclosure Program management.
A FedRAMP Moderate designation is widely considered one of the most rigorous security standards on the market with a defined set of 325 security controls for cloud systems, third-party auditing and continuous monitoring to ensure compliance.
The U.S. Department of Health and Human Services sponsored Synack to receive authorization from FedRAMP. The federal program provides a standardized approach for U.S. agencies and departments to deploy cloud services. Synack is now listed in the FedRAMP Marketplace.
The FedRAMP designation means even more federal departments, agencies and contractors can utilize Synack's global network of elite ethical hackers for on-demand, around-the-clock services in a highly secure manner to protect against the onslaught of cyberattacks at a time when information security talent is in dangerously short supply.
Synack has been protecting U.S. federal civilian and military assets since the company was founded in 2013 by former National Security Agency cybersecurity experts Jay Kaplan and Dr. Mark Kuhr, now Synack's CEO and CTO, respectively.
"Helping defend the U.S. against cyberattacks is in our DNA. It's why my co-founder Jay and I started Synack in the first place and it's what our network of trusted ethical hackers do every day on the platform," said Dr. Kuhr. "The FedRAMP designation will be a powerful accelerant for even more federal customers to benefit from crowdsourced security, which is an essential best practice especially in light of recent vulnerabilities like Log4j. The Synack offering can aid organizations by rapidly responding to the most urgent CVEs."
In total, Synack has worked with more than 30 federal agencies to quickly identify known and unknown vulnerabilities before attackers can take advantage of them.
Synack has participated in the "Hack the Pentagon'' program since its inception in 2016, when the Department of Defense invited ethical hackers to test its systems for vulnerabilities. The company has worked with the Pentagon on numerous crowdsourced security projects, ranging from tests to find and fix security issues in systems ranging from the F-15 Trusted Aircraft Information Download Station (TADS) system to an internal File Transfer Mechanism to a U.S. Air Force logistics system.
Synack also partnered with the Defense Advanced Research Projects Agency (DARPA) on the most technically challenging bug bounty programs in history to strengthen secure hardware prototypes.
To learn more about the Synack FedRAMP environment for pentesting, please visit https://www.synack.com/lp/fedramp/
If you like this article consider subscribing to our bi-monthly newsletter to get information about our portfolio, solutions, and insights delivered to your inbox.