RegScale announces that it has achieved FedRAMP High Authorization
It achieved the milestone in just six months, compared to the industry average of 18-24 months.
RegScale, a leader in Continuous Controls Monitoring (CCM), announced on Thursday that the company has achieved FedRAMP High Authorization, a significant milestone that positions the company among a select group of vendors trusted to support the federal government’s most sensitive systems.
CCM is a generation 2 Cyber Governance, Risk and Compliance (GRC) package, purpose-built for the Chief Information Security Officer as an operational risk tool that leverages compliance as code and artificial intelligence to achieve extreme automation within risk and compliance programs. RegScale earned this designation by using its own CCM platform to automate and accelerate the entire process, demonstrating the real-world impact and maturity of its technology.
This achievement was made possible through the sponsorship of the U.S. Department of Homeland Security (DHS), which issued RegScale’s Authority to Operate (ATO) and submitted it to the FedRAMP Program Management Office. RegScale is now fully listed on the FedRAMP Marketplace. In parallel, RegScale is working on approvals for DoD IL5, which would potentially allow reciprocity across the Department of Defense, allowing mission owners to accelerate adoption of the RegScale platform.
RegScale achieved FedRAMP High in just six months, compared to the industry average of 18-24 months. During the assessment process, the security team completed its work with 95 percent less effort, requiring only three full-time employees and 90 hours compared to the 10+ FTEs and hundreds to thousands of hours typical of traditional manual methods.
The team leveraged its AI-powered RegML engine to write and implement all 410 required controls in just two weeks, a task that normally takes a six-person team more than three months. As a result, RegScale achieved over 50 percent cost savings compared to standard FedRAMP efforts.
“Most companies our size don’t even attempt to pursue FedRAMP Moderate, let alone achieve FedRAMP High,” said Travis Howerton, Co-Founder and Chief Executive Officer of RegScale. “We set out to prove that risk and compliance can be real-time, cost-effective, and scalable, without sacrificing security. With this authorization, we’re ready to support the most secure missions across the government that are in dire need of efficiency and modernization while supporting the highest levels of assurance and security.”
RegScale prioritized FedRAMP High from the beginning, treating it not as an aspirational goal but as a foundational security architecture decision. Using its own CCM platform and incorporating Compliance as Code and AI, RegScale integrated compliance into day-to-day development operations and CI/CD pipelines, providing real-time visibility, maintaining control and transparency on every change, tracking our SBOM on every build, and making security a continuous, automated function of its delivery pipeline.
“Achieving FedRAMP High Authorization is a significant validation of RegScale’s commitment to building the industry’s most robust GRC solution,” said Art Coviello, Chairman of the Board for RegScale. “Few companies at this stage reach this level of trust and technical maturity. This milestone reflects the strength of the platform and positions RegScale to accelerate growth across all markets.”
The Tysons Corner, VA-based company has its R&D team in the Innovation North Building at the University of Tennessee Research Park in Knoxville.
To learn more, read the RegScale news release here.
Like what you've read?
Forward to a friend!