Press Release

Coalfire completes FedRAMP audit for VMware vCloud Government Service provided by Carpathia. Coalfire acted as the 3PAO for the FedRAMP assessment for the Carpathia and VMware service.

February 13, 2015

VMware vCloud Government Service provided by Carpathia gains FedRAMP P-ATO for government-wide acceptance

Denver, Colo. – February 13, 2015 – Today Coalfire announced that it completed the independent assessment of the VMware vCloud® Government Service provided by Carpathia™ (vCGS) under the Federal Risk and Authorization Management Program (FedRAMP), and that the vCGS cloud was granted a provisional authority to operate (P-ATO) from the FedRAMP Joint Authorization Board (JAB).

Acting as the third party assessment organization (3PAO) for VMware and Carpathia, Coalfire validated that the IaaS provided by Carpathia met the requirements outlined by FedRAMP’s security requirements. A key benefit of vCGS is that it offers a seamless platform for migrating and managing workloads between dedicated environments, on-premise infrastructures, third-party data centers and the cloud.  It also allows agencies to leverage their existing investments in VMware tools and training – which many agencies already have – and eliminate migration costs since the platform is compatible with existing environments.  Together, VMware and Carpathia, a leading provider of hybrid cloud services and managed hosting, provide a unique synergy that offers existing and prospective agencies another option to meet the Cloud First policy.

“The depth and quality of the assessment performed by the Coalfire 3PAO team was a major factor in gaining P-ATO status for the VMware vCloud Government Service,” said Jon Greaves, chief information security officer and chief scientist, Carpathia.  “We look forward to aiding the government in achieving its Cloud First mission and continue our work with Coalfire as we begin the continuous monitoring phase of our provisional authorization with the government.”
The FedRAMP process was established to ensure that the government’s cloud service providers were properly secured and tested. “VMware and Carpathia were diligent in their efforts to meet FedRAMP requirements and we are proud to have assessed them through this process the first time,” says Nick Son, managing director, Technology Advisory & Assessment Services for Coalfire Public Sector. “As we are working with many other CSPs in the FedRAMP queue, our team’s efficiency in assessing or advising various CSPs through the process increases.”

Cloud service providers preparing for the FedRAMP process with another 3PAO or considering FedRAMP should contact Coalfire to provide an independent review of their readiness or progress towards FedRAMP.

About Coalfire

Coalfire Public Sector is a division of Coalfire, a global cyber risk management and compliance firm. Founded in 2001, Coalfire has offices in Atlanta, Dallas, Denver, Los Angeles, New York, San Francisco, Seattle and Washington, D.C. and completes thousands of projects annually in retail, financial services, healthcare, government and utilities. Coalfire Public Sector services focus on the certification and accreditation process of information systems for government authorization under DIARMF, DISA ECSB, FedRAMP and FISMA.