Dynatrace completes 2024 FedRAMP Moderate reauthorization with Rev.5 transition

Dynatrace completed its FedRAMP Moderate reauthorization with the transition from Rev.4 to Rev.5. This achievement underscores our ongoing commitment to providing secure and reliable solutions for U.S. government agencies.

Understanding FedRAMP Moderate and transition to Rev.5

FedRAMP (Federal Risk and Authorization Management Program) is a government program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services for U.S. state and federal agencies. The FedRAMP Moderate baseline is designed to protect sensitive data that, if compromised, could seriously adversely affect operations, assets, or individuals.

What you need to know

FedRAMP Revision 5 (Rev.5) prioritizes customizing security controls for specific risks. It aligns with Cloud Service Providers, providing a baseline while allowing tailored adjustments for individual federal agencies. FedRAMP adopts a threat-based approach to security controls. Rather than a one-size-fits-all model, this methodology tailors controls based on specific threats and risks. The result is a more effective security posture.

FedRAMP increased emphasis on privacy, which takes center stage in Rev.5, including:

• Configuration Change Control and CM-4 – Impact Analysis now requires privacy impact analysis for configuration changes.
• Role-based training requires privacy training alongside security training.
• System Backup now requires the backup of privacy-related system documentation.

FedRAMP Rev.5 has some notable changes in control families and controls, such as:

• SR – Supply Chain Risk Management is a new addition to the Rev.5 control family that more comprehensively addresses the risks associated with acquiring, developing, and maintaining information systems and components associated with third-party and vendor services, products, and supply chains.
• Public Disclosure Program, which requires a reporting channel for the public to notify Cloud Service Providers of vulnerabilities.

FedRAMP assessments for Moderate and High systems now require an annual Red Team exercise (in addition to the previously required penetration tests). These exercises go beyond penetration testing by targeting multiple systems and potential avenues of attack. They help organizations understand risks, improve processes, and boost security readiness.

You can find more details about the changes in Rev.5 on the FedRAMP website.

Dynatrace for U.S. government

Dynatrace for the U.S. government enables federal agencies to accelerate cloud adoption while ensuring compliance with stringent security standards. It provides deep, AI-powered insights across the entire digital ecosystem, facilitating proactive resolution, enhanced collaboration, and streamlined operations. This robust solution supports the U.S. government’s mission-critical applications by optimizing performance, reducing costs, and driving innovation, ultimately leading to improved service delivery for the public.

We continue to invest in our security infrastructure, refine our processes, and expand our capabilities to meet the evolving needs of U.S. government clients. By maintaining our FedRAMP Moderate status and continuously enhancing our offerings, including our commitment to achieve FedRAMP High, Dynatrace remains a trusted partner for U.S. government agencies seeking reliable and secure cloud solutions.