Acquia, a Drupal solutions provider, announced today that it has received a second Federal Information Security Management Act (FISMA) Authorization to Operate (ATO) for federal customers using Acquia Cloud. FISMA compliance provides a path for government agencies to develop next-generation digital experiences with Drupal that incorporate the web, mobile and social communities.
FISMA and its associated National Institute of Standards and Technology (NIST) standards provide a risk-based framework to support security best practices for systems managed by federal agencies. Acquia is the first provider to offer enterprise-class Drupal cloud services with a FISMA moderate ATO, which provides insight and assurance in Acquia’s ability to deliver secure cloud services for government websites and social communities. The authorization, obtained earlier this year as part of Acquia’s work with the Bureau of Alcohol, Tobacco and Firearms, provides documentation to federal agencies that are evaluating the security protocols of Acquia’s cloud services.
“Secure, scalable cloud services are critical for digital constituent services, and Acquia Cloud is designed to provide the enterprise-class security and reliability that government requires,” said Tom Erickson, Acquia CEO. “As part of the Digital Government Strategy, federal agencies are adopting open source technology for greater innovation, while Cloud First initiatives are providing speed and efficiency for IT projects. Acquia is an important partner in helping federal agencies speed their adoption of open source, gain cost and operational efficiencies through cloud computing, and assure compliance with strict requirements for security and control.”
The United States government is increasingly looking to open source to share more effectively and “innovate with less.” By leveraging shared platforms to deliver digital services, federal agencies are adopting new technologies more rapidly while reducing cost and duplication. Acquia Cloud provides a secure, highly available environment for Drupal. FISMA compliance for Acquia Cloud at the moderate level attests that required security controls are in place to meet and exceed compliance standards for cloud computing.
Last year, Acquia received its first FISMA ATO for Acquia Cloud. At the time, it was reported that Drupal is the open source content management system used by 24% of all .Gov web sites. Some examples of United States federal government sites currently running on Drupal include the Commerce Department, The White House, the Department of Education, and the Department of Energy.
In addition to its FISMA ATO, Acquia is focused on achieving FedRAMP authorization. FedRAMP will supersede FISMA for cloud services like Acquia Cloud, enabling streamlined federal authorization for cloud services. Acquia has included FedRAMP controls in its FISMA documentation and is working on FedRAMP authorization for Acquia Cloud. Acquia Cloud is built on Amazon Web Services (AWS) and utilizes Amazon Elastic Compute Cloud (Amazon EC2), which has received a FedRAMP authorization.