Wiz achieves FedRAMP Moderate authorization

Wiz is now the fastest company to be listed FedRAMP Moderate Authorized on the FedRAMP Marketplace, making it easier for government agencies to effectively protect their cloud environment with Wiz’s CNAPP

4 minutes read

Today, we are proud to announce that Wiz for Government has achieved FedRAMP® Moderate authorization just four years since the company was founded. This achievement, in addition to our StateRAMP authorization(1) and our IL4 in-process status, shows our commitment to the US public sector and empowering these organizations to secure everything they build and run in the cloud.

We are excited about the timing of our FedRAMP authorization.  The Federal Government remains in a transition to the cloud. The President's EO on Zero Trust [EO 14028] was an effort to modernize cyber across the Government to keep pace with the cloud.   AI now creates opportunities and cyber challenges for the government.  Wiz stands at the brink of all three: cloud, AI, and cyber.  Wiz provides a single platform to view and contextualize risk across all clouds as well as AI security posture management.

Dean Scontras, AVP, Public Sector, Wiz

FedRAMP is a government-wide program that provides a standardized approach to security in the cloud, helping government agencies accelerate cloud adoption with a common security framework. Achieving a FedRAMP Moderate authorization means Wiz has gone under rigorous internal and external security assessment to show it meets the security standards of the Federal Government and complies with required controls from the National Institute of Standards and Technology (NIST) Special Publication 800-53. 

As government agencies protect critical missions, they are required to follow the highest security standards(2) in their cloud environments. In Executive Order on Improving the Nation’s Cybersecurity (EO 14028(3), May 2021), the White House made it clear that: 

To keep pace with today’s dynamic and increasingly sophisticated cyber threat environment, the Federal Government must take decisive steps to modernize its approach to cybersecurity, including by increasing the Federal Government’s visibility into threats, while protecting privacy and civil liberties.

Wiz helps government agencies address the challenges discussed in the EO; providing a critical service to ensure their cloud security keeps pace with the complexity of cloud threats(4). With Wiz’s FedRAMP Moderate authorization, it is now even easier for government agencies to take advantage of our Cloud-Native Application Protection Platform (CNAPP(5)) to effectively improve their cybersecurity posture in the cloud. 

Government civilian and defense agencies are already using Wiz to secure their missions in the cloud. One example is the U.S Navy(6), which is leveraging Wiz to secure their COSMOS platform and effectively prioritize alerts according to risk level and potential remediation paths.

Introducing Wiz for Gov

Wiz for Government(7) is a cloud security solution that enables the Government to operate in the cloud with confidence and support critical missions more effectively. Wiz provides the Government with complete visibility into their environment, proactive risk reduction, and continuous compliance assessment in the cloud, helping them accelerate their journey to zero trust(8).

With Wiz we’ve been able to provide real time risk assessment into these environments, out-of-the-box for all our users. COSMOS is automating those steps to be able to be able to auto-generate the security documentation, automate regular deliverables like POA&Ms; and with that we’ve been able to take a process that typically takes 3 months, down to 3 minutes

Michael Johnson, Director, Federal Services, SBS

With Wiz for Gov, organizations with FedRAMP Moderate requirements can: 

  • Gain 100% visibility- Wiz, a revolutionary new approach to cloud security(9), enables agencies to remove the risk of blind spots. Wiz’s agentless, graph-based CNAPP provides full-stack visibility into every technology running in your environment across virtual machines, containers, serverless, and AI technologies all without having to deploy a single agent. You can connect your entire environment to Wiz in minutes and gain immediate time-to-value. 

  • Remove critical security risk in the cloud- Wiz continuously monitors for risk in your environment across vulnerabilities, identities, network exposures, misconfigurations, secrets, and malware. Risks are prioritized and modeled on the Wiz Security Graph enabling agencies to effectively focus on removing the most critical risk in their environment.  

  • Meet compliance requirement- Agencies, contractors, and other cloud providers can assess and compare their cloud compliance posture against CIS Benchmarks including CIS Linux, Windows, Red Hat STIG benchmarks. You can leverage Wiz’s over 140 built-in compliance frameworks to help build compliance reports, and investigate vulnerability findings and inventory.  

  • Ensure readiness against the next Log4j- Stay ahead of threats like the Log4j, MOVEit, and XZ Backdoor Util vulnerabilities with Wiz’s Threat Center which flags down emerging threats and whether you are exposed to them in your environment.  

  • Establish secure use of AI- With Wiz AI-SPM (AI Security Posture Management) capabilities, agencies can securely adopt AI in their organization by gaining visibility into their AI pipelines, detecting misconfigurations in AI services such as Amazon Bedrock and Sagemaker, and proactively removing attack paths to AI models 

The Wiz Security Graph 

Wiz’s approach to cloud security is based on our Wiz Security Graph, which enables the Government to effectively remove the most critical risk in their environment with graph-based context. The Security Graph models every resource and technology in your cloud, as well as every risk found in your environment. Wiz conducts a deep risk assessment(10) across misconfigurations, network exposure, secrets, vulnerabilities, data, malware, and identities and maps all risks on the graph which enables Wiz to detect attack paths in your environment and provide you with a prioritized queue of risks based on the real criticality of an issue. With the Wiz Security Graph, you don’t have to deal with alert fatigue faced with traditional tools anymore, and you can truly focus on the risks that pose a real threat to your business.  

Hear more about how Wiz helps the U.S. Navy secure their cloud environment in the case study(6) with Strategic Business Systems (SBS). Read here to learn how Gartner defines a complete CNAPP solution(11). You can learn more about Wiz for Gov by visiting the Wiz for Government(7) webpage. If you prefer a live demo(12), we would love to connect with you. 

 

Links in this article: 

1 https://www.wiz.io/blog/wiz-achieves-stateramp-authorization

2 https://www.wiz.io/academy/cloud-security-standards 

3 https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity/ 

4 https://www.wiz.io/cloud-threat-landscape 

5 https://www.wiz.io/academy/what-is-a-cloud-native-application-protection-platform-cnapp 

6 https://www.wiz.io/customers/niwc-pac-sbs 

7 https://www.wiz.io/verticals/government 

8 https://www.wiz.io/academy/how-to-implement-zero-trust 

9 https://www.wiz.io/academy/what-is-cloud-security 

10 https://www.wiz.io/lp/cloud-security-assessment 

11 https://www.wiz.io/blog/gartner-cnapp-market-guide-key-takeaways 

12 https://www.wiz.io/demo 

Continue reading

Get a personalized demo

Ready to see Wiz in action?

“Best User Experience I have ever seen, provides full visibility to cloud workloads.”
David EstlickCISO
“Wiz provides a single pane of glass to see what is going on in our cloud environments.”
Adam FletcherChief Security Officer
“We know that if Wiz identifies something as critical, it actually is.”
Greg PoniatowskiHead of Threat and Vulnerability Management