Press Release
November 8th, 2018Duo Security Achieves FedRAMP “In Process” Milestone
U.S. Department of Energy sponsors Duo’s cloud-based Unified Access Security technology for federal risk management certification program
ANN ARBOR, Mich., November 8, 2018 - Duo Security, the leading provider of zero-trust security, today announced entrance into the Federal Risk and Authorization Management Program (FedRAMP) authorization process, with sponsorship from the U.S. Department of Energy (DOE). Duo’s cloud-based Duo Access product, which offers federal agencies an alternative to traditional card and token-based authentication methods with two-factor authentication (2FA) technology, among other capabilities, is currently “In Process” on the FedRAMP Marketplace.
“The federal government’s push to modernize its IT infrastructure is not only about increasing efficiency, but protecting against cyber threats meant to derail how we function as a society and democracy,” said Dug Song, vice president and general manager of Duo Security, a Cisco business unit. “Our path to FedRAMP certification is just one component of Duo’s investment and focus on serving government agencies and helping them secure access to critical applications and data.”
Revised National Institute of Standards and Technology (NIST) SP-800-63-3 guidelines and a recent Office of Management and Budget (OMB) directive on digital identity have paved the way for government agencies to transition to modern user authentication solutions such as Duo to protect against rapidly evolving cyber threats. Previously, federal agencies were required to secure critical data with complex and expensive personal identity verification (PIV) or common access cards (CAC), which are challenging to implement across all users and IT resources.
“Government agencies are addressing strong authentication for the portion of their workforce that are often without PIV cards, such as temporary workers, contractors and others,” said Sean Frazier, Duo Advisory CISO, Federal. “Duo helps agencies fill these security gaps with a sound, simple to deploy and easy to use cloud-smart solution, often in accompaniment with a Yubico Yubikey. We are proud to be part of the portfolio that will help the government increase the speed of its mission of overseeing and protecting our nation's critical infrastructure, while reducing cost and complexity.”
FedRAMP’s rigorous review process ensures cloud products and services used by federal agencies meet strict security requirements and capabilities, while also helping agencies accelerate their transition from legacy IT infrastructure to modern, cloud-based technology. Duo is on track to achieve a FedRAMP Agency Authorization in collaboration with the DOE and FedRAMP Program Management Office (PMO).
Duo’s focus on transparent and sound security practices earned the company Service Organization Control (SOC) 2 Type II certification in November 2017. This thorough independent review and approval of Duo’s security, technology availability, processing integrity, confidentiality and privacy, and operational effectiveness further exemplifies Duo’s commitment to the highest level of security for customers - both public and private.
Duo is a leading provider of zero-trust security, which grants access to applications and data based on user identity and the trustworthiness of devices, rather than the network from which access originates.
About Duo Security
Duo Security, now part of Cisco, is the leading provider of Unified Access Security (UAS) and multi-factor authentication. Duo's zero-trust security platform, Duo Beyond, enables organizations to provide trusted access to all of their critical applications - for any user, from anywhere, and with any device. Duo is a trusted partner to more than 14,000 customers globally, including Dresser-Rand, Etsy, Facebook, Paramount Pictures, Random House, Zillow and more. Founded in Michigan, Duo has offices in Ann Arbor and Detroit, as well as growing hubs in Austin, Texas; San Mateo, California; and London, UK. Visit Duo.com to find out more.