FedRAMP Authorization Streamlines HackerOne’s Ability to Provide Crowdsourced Security Solutions to U.S. Public Sector
SAN FRANCISCO--(BUSINESS WIRE)--HackerOne, the leading hacker-powered security platform, today announced that it became the first and only hacker-powered security platform to achieve Federal Risk and Authorization Management Program (FedRAMP) Tailored Low Impact-Software as a Service (LI-SaaS) Authorization for its full suite of hacker-powered security solutions. Sponsored by the General Service Administration (GSA), this final authorization step means that HackerOne’s hacker-powered security offering is now available on the FedRAMP Marketplace — a menu of authorized solutions for government organizations.
FedRAMP is a U.S. federal government program that provides a standardized approach to security assessment, authorization and continuous monitoring of cloud products and services to ensure that the proper level of security is in place when government agencies seek to access them. The program offers a “do once, use many times” authorization model, speeding up the government’s adoption of cloud services so that the agencies do not have to individually evaluate the same offerings.
“Achieving FedRAMP Tailored LI-SaaS authorization is a testament to HackerOne’s long-standing commitment to ensuring a secure environment for our U.S. government clients,” stated Lynn Chia, Director of Federal at HackerOne. “This authorization underscores the momentum that HackerOne has achieved in the federal government and demonstrates our ability to help make our public sector customers’ digital transformations into security transformations.”
HackerOne has worked with the U.S. federal government since 2016, starting with the first crowdsourced security initiative “Hack the Pentagon.” With the success of the initiative, HackerOne has operated several bug bounty challenges for the Department of Defense (DoD), including Hack the Army, Hack the Army 2.0, Hack the Air Force, Hack the Air Force 2.0, Hack the Air Force 3.0, Hack the Defense Travel System, and Hack the Marine Corps. The DoD also runs an ongoing Vulnerability Disclosure Program (VDP) with HackerOne, providing a legal avenue for security researchers to disclose vulnerabilities in any DoD public-facing system. More than 12,000 valid vulnerabilities have been reported as a result, significantly reducing cyber risk across the DoD’s digital assets.
GSA was the first U.S. federal civilian agency to deploy hacker-powered security solutions. In 2018, following the successful execution of a 2017 bug bounty and VDP with HackerOne, the GSA’s Technology Transformation Service (TTS) awarded HackerOne a multi-year bug bounty contract. GSA continues to run its bug bounty program with HackerOne today. HackerOne has worked with government agencies across the globe, including programs with the Singapore’s Ministry of Defense (MINDEF), Singapore’s Government Technology Agency (GovTech), the European Commission and the U.K. National Cyber Security Centre (NCSC).
For more information on how HackerOne works with government agencies, visit the following resources:
- Hack the Pentagon bug bounty program
- Hacker-powered Pen Tests at the U.S. Federal Government
- U.S. Department of Defense Challenge
- Hack the Marine Corps Bug Bounty Program
HackerOne has achieved other certifications and audits including ISO 27001, SOC 2 Type II, U.K. Cyber Essentials, among others. For a full list of HackerOne’s security, privacy, and compliance initiatives, please visit HackerOne’s trust page.
HackerOne is a hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be exploited. Fortune 500 and Forbes Global 1000 companies trust HackerOne as their hacker-powered security alternative. With over 1,800 customer programs, including The U.S. Department of Defense, General Motors, Google, Goldman Sachs, PayPal, Hyatt, Twitter, GitHub, Nintendo, Lufthansa, Microsoft, MINDEF Singapore, Panasonic Avionics, Qualcomm, Starbucks, Dropbox, and Intel, HackerOne has helped to find over 160,000 vulnerabilities and award over $90M in bug bounties to a growing community of 700,000 hackers. HackerOne is headquartered in San Francisco with offices in London, New York, the Netherlands, France and Singapore and is a Fast Company World’s Most Innovative Companies for 2020.