This means that Red Hat is now listed on the FedRAMP Marketplace as actively pursuing JAB authorization, with additional updates showing our progress and achievements across the two paths for authorization: The existing Agency Authority to Operate listing and a separate listing for the JAB path.
Red Hat currently has an Agency authorization through the National Oceanic and Atmospheric Administration but Red Hat is now adding to its authorizations by working with the JAB to obtain a Provisional Authorization to Operate.
By going through the JAB process, Red Hat's ATO with NOAA is still valid and customers are still able to fully use and deploy Red Hat product offerings, which include ROSA and the approved Red Hat Insights for RHEL service, with full confidence.
Agencies can then review this authorization knowing that the strictest of standards were maintained.
Red Hat is currently in the middle of testing with a Third-Party Assessment Official for our FedRAMP JAB Security Assessment, which will bring us closer to our next goal of a Provisional Authority to Operate.
As Red Hat completes the JAB Security Assessment, where artifacts like the System Security Plan, authorization boundary diagrams, Plan of Actions and Milestones, and various processes and procedures are reviewed, a Security Assessment Report is issued to the JAB. Once the JAB determines that ROSA is successfully meeting government requirements, it will issue the P-ATO. With a JAB authorization, Red Hat will be able to streamline its continuous monitoring practices to increase internal efficiency while delivering a highly scrutinized, leading managed platform.
In the meantime, customers can continue to leverage Red Hat's current FedRAMP Agency-authorized product.
This Cyber News was published on www.redhat.com. Publication date: Sat, 16 Mar 2024 22:43:07 +0000