Remains the Only Application Security Managed Service Vendor Certified by the Federal Risk and Authorization Management Program
SANTA CLARA, CA – June 10, 2020 – Micro Focus Fortify on Demand has migrated its application security testing services to AWS GovCloud, furthering the ability to offer enhanced testing, vulnerability management, and support to critical federal agencies. Fortify on Demand remains the first and only application security managed service vendor that is authorized by the Federal Risk and Authorization Management Program (FedRAMP) to offer government agencies seamless application security testing while adhering to internal risk management policies.
“Since 2015, Fortify on Demand has been the only authorized FedRAMP AppSec solution in the market,” said Scott Johnson, General Manager for Micro Focus Fortify. “Micro Focus’ Fortify on Demand has earned the trust of federal agencies for its enhanced capabilities and features that offer testing, vulnerability management, expertise, and support. The migration to AWS GovCloud will provide these critical government organizations with the ability to accelerate their AppSec programs with the fastest, most accurate results available.”
With the migration to AWS GovCloud, Fortify on Demand now offers secure services such as static, dynamic, and mobile application testing as a service to the nation’s critical agencies, including the Department of Defense, the Department of Homeland Security, the Department of State, the Federal Aviation Administration, the United States Army, and the United States Air Force. Essential benefits by Fortify on Demand include:
- The ability to adhere to International Traffic in Arms Regulations (ITAR), the FedRAMP requirements, Defense Federal Acquisition Regulation Supplement (DFARS), DoD (SRG) Impact Levels 2, 4, and 5, FIPS 140-2, IRS-1075, and other compliance regimes.
- The ability to protect sensitive unclassified data files with server-side encryption in Amazon S3.
- The ability to strengthen identity management controls by limiting access to sensitive data by individual, time, and location.
Additionally, Fortify on Demand on AWS GovCloud is the first and only cloud-accessible managed application security testing platform that is Joint Authorized Board (JAB) certified and FedRAMP authorized. This means government agencies can perform application security testing easily and confidently while adhering to internal risk management policies. This allows for the following key benefits:
- Enables government programs, security organizations, and application development teams to extend and scale their Software Security Assurance Programs quickly and efficiently.
- Combines the most advanced, comprehensive application testing methodologies with manual expert review.
- A centralized portal provides intuitive, user-friendly and comprehensive application dashboards, vulnerabilities, and work streams for a single application or across your entire portfolio.
- Integration of on-premises and cloud-based application security testing and program management solutions, specifically for U.S. government agencies.
- The ability for State, Local and Education (SLED) entities to utilize Fortify on Demand services within the FedRAMP environment.
Micro Focus’ Fortify on Demand delivers complete solutions for both on-premises and as-a-service offerings that give customers the flexibility to choose based on their application security needs. The updated portfolio can be fully integrated into any DevOps tool chain with enhanced automation capabilities, and is just one of the ways Micro Focus helps customers address the four most common objectives of digital transformation – to move faster, have greater agility, secure what matters most, and leverage insights to drive value.
About Micro Focus
Micro Focus delivers enterprise software to empower our 40,000 customers worldwide to digitally transform. With a broad portfolio, underpinned by a robust analytics ecosystem, the company enables customers to address the four core pillars of digital transformation: Enterprise DevOps, Hybrid IT Management, Predictive Analytics and Security, Risk & Governance. By design, these tools bridge the gap between existing and emerging technologies so customers can run and transform at the same time.