Ready, Set, Let’s Modernize Government IT! Duo Is Now FedRAMP Approved!
Sometimes the lights all shining on me
Other times I can barely see
Lately it occurs to me
What a long strange trip it's been
— Grateful Dead ("Truckin")
We are proud to announce the Duo has achieved FedRAMP Authorization – another milestone in our endeavor to help secure our democracy. What an amazing journey to get to this point!
Cue the parade! It is official, Duo Security achieved FedRAMP Authorization with sponsorship from the U.S. Department of Energy (DOE). Our cloud-based Duo Access 2FA solution, which enables federal agencies to replace or augment traditional security card authentication methods with Duo’s push-based two-factor authentication (2FA) technology is available at the FedRAMP Marketplace.
Getting here, as you know, is no easy feat. As I had discussed previously HERE, FedRAMP is not a destination but a lifestyle choice. It’s something that you build into your daily operating environment and into your security DNA. It has a long storied life from its humble beginnings of SP-800-53, through directly applied FISMA metrics to cloud and now, in its current form, an enabler for cloud service providers (CSP) to deliver commercial off the shelf (COTS) cloud services to government agencies. We will live in this – it will become part of our DNA here at Duo and the greater Cisco.
How Duo’s MFA Helps Federal and Government Agencies
Duo’s Access and MFA product editions are perfectly suited to help government agencies protect their most precious assets — their users. We help those users by protecting their most utilized resources — their devices and their access to critical agency applications.
Duo was born on the cloud, which gives us a unique perspective in our belief that the way to deliver cloud security is through cloud-based security. This is what the government’s IT modernization and “Cloud Smart” initiatives are all about – using cloud computing to deliver better, more secure services to all of our various constituencies.
Duo has also endeavored to align it’s FedRAMP offering with the latest and most “cloud friendly” and “Zero Trust Ready” standards. Standards such as NIST’s SP-800-63-3 where certain authenticators such as SMS based 2FA and “call back” based 2FA, have been deprecated due to their susceptibility to compromise. We’ve also built in FIPS validated crypto all the way through the stack. This is harder than it sounds but we believe that providing the strongest level of encryption available was important. This is not always done and your mileage may vary with some providers. Pays to ask.
I firmly believe that Duo’s vision of a user-focused security model aligned to zero trust is the best security hope for this IT modernization journey. This journey is bound to include all of a government or military agencies’ computer systems, whether they are in the cloud or a datacenter. Our goal is to consistently provide the same security “connective tissue” regardless of where your applications live and breathe or from where your users access these things.
It’s also worth mentioning that being part of Cisco, the world’s largest cybersecurity company, helps Duo accelerate this mission of securing democracy. The public sector is one of Cisco’s biggest and most important markets. Cisco has proven that it gets IT modernization. It gets federal and government agencies where they want to go, and it secures them along that journey.
Duo is proud to be part of Cisco and proud to be helping federal and government agencies of all shapes and sizes realize their IT modernization goals while building in the security that is required to protect the things we hold dear.
Check out this article on CyberScoop that reports both the Republican National Committee (RNC) and the Democratic National Committee (DNC) are using Duo's 2FA solution ahead of elections to thwart potential threats.
Duo is now FedRAMP Authorized! Achievement unlocked! FIPS baked in! Now, let’s get to work and secure some stuff (like our democracy)!
