Press Release

Coalfire Public Sector Completes FedRAMP Audit for Virtustream

June 11, 2015

Virtustream Federal Cloud receives FedRAMP JAB P-ATO

Denver, CO – June 11, 2015 – Coalfire has announced today that it has completed the independent assessment of the Virtustream Federal Cloud under the Federal Risk and Authorization Management Program (FedRAMP). Virtustream, the enterprise-class cloud software and services provider, received their Provisional Authority to Operate (P-ATO) from the Joint Authorization Board for the Federal Risk and Authorization Management Program (FedRAMP).

Acting as the third party assessment organization (3PAO) for Virtustream, Coalfire validated that the IaaS provided by Virtustream met the requirements outlined by FedRAMP’s security requirements. Now Virtustream’s Federal Cloud can be leveraged by U.S. government agencies.

“Achieving a FedRAMP JAB P-ATO is an important milestone for our company,” said Jim Kaufold, EVP, Federal at Virtustream. “Coalfire’s federal experience across multiple cloud service models was a great asset to Virtustream in achieving this FedRAMP P-ATO.”
The FedRAMP process was established to ensure that the government’s cloud service providers were properly secured and tested. “Coalfire is honored to serve as the 3PAO for the Virtustream FedRAMP assessment,” says Nick Son, managing director, Technology Advisory & Assessment Services for Coalfire Public Sector.

Cloud service providers preparing for the FedRAMP process with another 3PAO or considering FedRAMP should contact Coalfire to provide an independent review of their readiness or progress towards FedRAMP.

About Coalfire

Coalfire Public Sector is a division of Coalfire, a global cyber risk management and compliance firm. Founded in 2001, Coalfire has offices in Atlanta, Dallas, Denver, Los Angeles, New York, San Francisco, Seattle and Washington, D.C. and completes thousands of projects annually in retail, financial services, healthcare, government and utilities. Coalfire Public Sector services focus on the certification and accreditation process of information systems for government authorization under DoD RMF, DoD Cloud Computing SRG, FedRAMP and FISMA. For more information, visit