Trellix’s High FedRAMP Efforts Benefit All Customers

By Harold Rivas · April 24, 2023

The United States federal government’s efforts to strengthen cybersecurity reach beyond the scope of protecting U.S. citizens and organizations. The certification process of the Federal Risk and Authorization Management Program (FedRAMP) sets authorization standards of security necessary to protect the federal government’s most sensitive unclassified data in cloud computing environments, including information used by law enforcement, emergency services, and healthcare agencies. The results of Trellix’s commitment to achieving FedRAMP certification not only spotlights our products’ security proficiencies, but also benefits our U.S. public sector customers.

Government Security Levels Organizations Can Follow

FedRAMP categorizes risk associated to a provider’s authorization level – High, Moderate, or Low – based on compliance standards of data security controls, including the way data leaves and comes into an environment. For example, any data going into a SaaS-hosted solution from either a cloud service provider or an independent third party must have the same level of security controls implemented to safeguard all Federal Government data for Confidentiality, Integrity, and Availability.

So, why should any non-government organization concern itself with FedRAMP authorization levels? Trellix’s commitment to FedRAMP provides great compliance value to non-government organizations. Commercial customers will know the provider has already been vetted by the U.S. government as compliant, and as a result, their data will be protected and secure without running their own assessments.

The public sector places a tremendous value on its government compliance standards. For example, the US Food and Drug Administration standards are mirrored by other countries to use for their own compliance models. If it passes the scrutiny of the U.S. government, it likely meets other government standards, too.

Global customers can use FedRAMP’s accreditation standards automatically approving vendors to set their cybersecurity requirements rather than spend significant resources in due diligence. FedRAMP-certified cybersecurity vendors such as Trellix are not fly-by-night companies hyping security designed by amateurs.

Trellix’s FedRAMP Impact Levels

We are pleased our commitment to FedRAMP certification resulted in positive authorization levels for the following Trellix solutions.

• Trellix XDR (GovCloud High) has attained Authority to Operate (ATO) at the High impact level and is in the process of attaining FedRAMP High Authorization from the FedRAMP Program Management Office (PMO).
• Trellix Email Security Cloud is certified at the Moderate level.
• Trellix XDR is certified at the Moderate level.

Trellix’s Commitment to High FedRAMP Levels

FedRAMP’s levels of security controls aren’t static. And the pool of available vendors inside FedRAMP’s High Authorization level is very small. As a result, FedRAMP stimulates security improvements by encouraging vendors like Trellix to commit to achieving the agency’s highest standard. As the U.S. government analyzes its future cybersecurity needs, the pursuit of higher authorization levels also signals future demands for improved security controls.

Trellix will continue to closely work with the FedRAMP and the U.S. government in our commitment to placing more products in the High authorization level. Taking cybersecurity to the next level is a constant need in securing our public sector and government customers from an ever-evolving threat landscape.