Skip navigation

Duo News & Press

All things Duo from our press room, blog and around the Web

Press Release
November 20th, 2019

Cisco’s Duo Security Achieves FedRAMP Authorization; Launches Federal Product Editions

- U.S. Department of Energy to pilot Duo’s FedRAMP-authorized Federal Editions to secure IT modernization efforts -

ANN ARBOR, Mich. - November 20, 2019 - Cisco’s Duo Security, the leading multi-factor authentication (MFA) and Zero Trust for the Workforce provider, today announced authorization at the moderate impact level under the Federal Risk and Authorization Management Program (FedRAMP), with sponsorship from the U.S. Department of Energy (DOE). FedRAMP’s rigorous assessment, authorization and continuous monitoring ensures cloud services such as Duo that are used by federal agencies meet strict data security requirements and capabilities.

With FedRAMP’s stamp of approval, Duo launches its public sector-tailored Federal MFA and Federal Access product editions, delivering strong cloud-based authentication and device visibility with FedRAMP-authorized security controls at their core. As part of its sponsorship, the DOE will pilot Duo Federal MFA and Federal Access to protect data and critical systems, amid the agency’s transition to modern, cloud-based technology.

“The Department of Energy is a bellwether in the federal government’s efforts to modernize our IT infrastructure by adopting cloud-smart technology,” said Bill Wright, Director, Cybersecurity Compliance and Oversight at DOE. “Embracing modern technology and strengthening security must go hand-in-hand in order to protect our nation’s energy infrastructure and strengthen our country’s economic and national security, and we’re proud to lead by example in this respect.”

Duo Federal Editions are built to enable customer compliance with FIPS 140-2 compliant authentication standards and align with National Institute of Standards and Technology (NIST) SP 800-63-3 guidelines. Duo Federal editions meet Authentication Assurance Level 2 (AAL2) with Duo Push or Duo Mobile Passcode for both iOS and Android Devices out of the box and by default with no additional configuration required. Duo also supports AAL3 authenticators such as the FIPS Yubikey from Yubico.

“Cybersecurity is one of the biggest geopolitical issues of our time, one that requires real collaboration and partnership between the public and private sectors to address,” said Dug Song, vice president and general manager of Duo Security, a Cisco business unit. “Our team has worked diligently with our federal partners through the FedRAMP process to deliver a solution that can uniquely address the most pressing security concerns that federal agencies have regarding their environments.”

Revised NIST guidelines and Office of Management and Budget (OMB) directives have paved the way for government federal agencies to transition to modern user authentication such as Duo to protect against evolving cyber threats. Previously, federal agencies were required to secure critical data with complex and expensive personal identity verification (PIV) or common access cards (CAC), which are often not compatible with cloud applications and mobile. The federal government spends more than $1 billion annually on PIV/CAC and corresponding public key infrastructure.

Duo is one of many Cisco products receiving FedRAMP authorization. Cisco, the world’s largest security seller, is committed to delivering FedRAMP solutions that help agencies achieve their missions with simple, strategic and secure digital capabilities. With Cisco’s suite of federal-tailored products for communications, collaboration and security, government agencies and contractors can securely and efficiently modernize their IT infrastructure.

In addition to FedRAMP, Duo’s focus on transparent and sound security practices has earned the company Service Organization Control (SOC) 2 Type II certification and approval with the Department of Homeland Security’s Continuous Diagnostic and Mitigation (CDM) program. Duo also helps federal agencies address FISMA, DFARS/FARS (NIST SP 800-171) and ISO 2000 requirements.

Duo Federal MFA and Duo Federal Access editions are listed on FedRAMP Marketplace, and can be purchased via DHS’ CDM or by visiting

About Duo Security

Cisco’s Duo Security is the leading multi-factor authentication (MFA) and Zero Trust for the Workforce provider. The company’s zero-trust security platform, Duo Beyond, enables organizations to provide trusted access to all critical applications - for any user, from anywhere, and with any device. Duo is a trusted partner to more than 18,000 customers globally, including Dresser-Rand, Etsy, Facebook, Paramount Pictures, Random House, Zillow and more. Founded in Ann Arbor, Michigan, Duo has offices in growing hubs in Detroit; San Francisco; London and Austin, Texas. Please visit to find out more.