FedRAMP & NIST SP 800-53

    When You Need a FedRAMP Compliant Cloud Service

    We first launched our software on a FedRAMP Authorized platform and infrastructure in 2018. Since then, Sharetru has aided hundreds of defense and aerospace companies with the sharing of sensitive data between parties both inside and outside the federal government.

    Cloud Security According to Federal Standards

    It's important to choose a SaaS solution that's FedRAMP Moderate Equivalent and has a datacenter partner that's FedRAMP Moderate Authorized at the IaaS and PaaS layers. 

    You can have confidence in knowing Sharetru’s FedRAMP controls are met and assessed at the IaaS and PaaS layers, while our SaaS provides the cybersecurity controls issued in paragraphs (c) through (g) of DFARS 7012 for FedRAMP Moderate equivalency.

    FedRAMP is a core set of controls and processes based substantially on the NIST SP 800-53 framework — so much so that the next revision will likely align directly to one another. It is targeted at cloud service providers (CSPs) used directly by federal agencies utilizing IaaS, PaaS, or SaaS service models.

    The FedRAMP and NIST SP 800-53 controls at the Moderate baseline are also used as a measuring stick by the Defense Industrial Base (DIB) when choosing a CSP to store or transmit controlled unclassified information (CUI) in non-federal systems.

    Benefits of Working With a FedRAMP Moderate CSP

    Sharetru is one of only a few secure file sharing platforms serving defense and aerospace contractors’ requirements as a FedRAMP Moderate Equivalent SaaS company while operating on a cloud platform and infrastructure that are both FedRAMP Moderate Authorized.

    ShareTru Icons_Adhering to Top-Level Requirements
    Mitigated Risk Adhering to Top-Level Requirements Using SaaS that's FedRAMP Moderate Equivalent helps you maintain compliance with government standards and reduce the risk of sensitive data falling into the wrong hands. You can trust that it has all the appropriate measures in place to effectively protect your data. 
    ShareTru Icons_Time, Saving Money
    Cost-Effectiveness Saving Time, Saving Money Whether the CSP is FedRAMP Ready, FedRAMP in Process, or FedRAMP Authorized, you can rest assured in knowing all due diligence was well documented without checking every single one of their security controls yourself. Avoiding time-intensive risk analysis will save substantial time and resources, while letting you get back to revenue generating activities.
    ShareTru Icons_We Go Above What’s Expected
    Unparalleled Security Above and Beyond Industry Standards Data security is of particular concern for federal agencies and their contractors, as government data is a popular target for hackers and nation-state bad actors. When your data is stored in a datacenter and on a platform that's FedRAMP Moderate Authorized, you can trust in your data’s safety because FedRAMP adherence is a high bar to clear.
    ShareTru Icons_Checksum Verification
    Third-Party Verification Don’t Just Take It From Us Your organization may not have the time or resources to verify that a cloud service provider has met all 325 of the FedRAMP security controls. But with third-party verification, another trained entity has conducted this assessment, saving you time and stress. 
    Compliance - FedRAMP Foreground Hero

    Why a FedRAMP Authorized or Equivalent CSP Matters

     If you’re a federal agency moving data or applications to the cloud, the benefit to choosing only FedRAMP Authorized CSPs is obvious; it is required by law. If you're a federal agency and can’t find a FedRAMP Authorized service that you like, consider sponsoring a CSP you prefer through the FedRAMP audit.

    If you’re a contractor subject to NIST SP 800-171 and DFARS 7012 in need of software to securely transfer data files containing CUI, a FedRAMP Moderate Equivalent CSP has what you need to meet your security and compliance requirements.

    How Our Features Support FedRAMP Compliance

    Explore the Sharetru features that serve to keep our solution compliant with FedRAMP.

    Our Audit Features

    • Audit trails and immutable logs
    • Annual audits to ensure compliance at the IaaS and PaaS layers

    Our Resources

    • A dedicated virtual machine that’s completely separate from all other clients (Enterprise plan only)
    • Our Moderate Authorized datacenter with physical controls required by FedRAMP
    • Platform that provides granular access to folders
    • FedRAMP Moderate Authorized U.S.-based datacenter supported only by screened U.S. citizens
    • FedRAMP Moderate Authorized disaster recovery (DR) datacenter on warm standby

    Our Data Security

    • Monitoring and vulnerability scanning through perimeter network security, including IDS, IPS, and virus and malware detection
    • Encryption at rest using AES-256 and encryption in transit at TLS 1.2 (FIPS 140-2 validated) and AES-256

    Going Above and Beyond for Our Customers

    Sharetru has invested heavily in selecting and using a datacenter partner FedRAMP Moderate Authorized at the infrastructure and platform layers, so you don’t have to. Find out how you can benefit from working with a FedRAMP-compliant CSP today with a demo.

    Book Your Demo