VMware issued FedRAMP certification for its cloud services

The Palo Alto, California-based company becomes the first in 2015 to earn an authority to operate in the federal government.


VMware Inc. announced Thursday that its vCloud Government Services has been given authority to operate, or ATO, through the Federal Risk and Authorization Management Program, also known as FedRAMP.

The ATO means that all Cabinet-level agencies, military services, the Department of Defense, and the judicial and legislative branches of government can safely use VMware’s infrastructure-as-a-service hybrid cloud services.

“Much of U.S. government IT runs on VMware virtual infrastructure, and VMware vCloud Government Services provided by Carpathia will enable agencies to extend their infrastructure to the cloud by leveraging the technology and personnel investments they have already made,” VMware CEO Pat Gelsinger said in a release.



VMware becomes the first company to have its cloud services cleared by FedRAMP in 2015. About 20 companies — including Amazon Web Services, Microsoft Corp. and IBM — can safely provide cloud services to the government.

“As the government continues to move to a cloud-first approach to IT, VMware used FedRAMP’s standard approach for conducting security assessments to reduce duplicative authorization efforts while also ensuring it meets the federal requirements for all customers across government,” FedRAMP Director Matt Goodrich said in a statement. “This provisional authorization confirms that VMware meets the stringent security and privacy requirements of FedRAMP.”

VMware’s cloud services are run through its Carpathia data centers, three of which are located within 100 miles of Washington, D.C. One such center, Carpathia’s IBX Vault in Dulles, Virginia, is a 64,000-square-foot, Tier 3-compliant facility that the company says is “designed to ensure healthcare agencies remain HIPAA compliant, federal agencies conform to FedRAMP cloud guidelines and are FISMA compliant.”

The announcement comes as FedRAMP recently released its high-security baseline for public comment last week. The baseline is part of a two-year plan to streamline the often-lengthy process for cloud service providers to earn an ATO.

Greg Otto

Written by Greg Otto

Greg Otto is Editor-in-Chief of CyberScoop, overseeing all editorial content for the website. Greg has led cybersecurity coverage that has won various awards, including accolades from the Society of Professional Journalists and the American Society of Business Publication Editors. Prior to joining Scoop News Group, Greg worked for the Washington Business Journal, U.S. News & World Report and WTOP Radio. He has a degree in broadcast journalism from Temple University.

Latest Podcasts