GovEagle maintains the highest compliance and security standards to ensure any proprietary content shared with GovEagle is safe and secure. We have achieved FedRAMP Moderate Equivalency and are under continuous monitoring to maintain these rigorous security standards.
CMMC Status (Handling CUI/CDI/FCI)
GovEagle has successfully achieved FedRAMP Moderate Equivalency through our registered 3PAO, Ignyte Platform, and is now under continuous monitoring. Here's what your team needs to know about FedRAMP Moderate Equivalency:
The DoD recently released a Q & A that classifies any cloud service that modifies the basic cloud service as a cloud service provider (CSP). More specifically, GovEagle would be considered a cloud service offering (CSO) as it manipulates and serves it's offering on top of a CSP (AWS, Azure, etc.).
At this stage, FedRAMP Moderate requires an agency sponsorship. Because GovEagle does not sell to any government agency, FedRAMP Moderate Equivalency is the standard we need to achieve.
Achieving FedRAMP Moderate Equivalency requires the following:
100% compliance with the latest FedRAMP Moderate security control baseline (i.e. no POA&Ms)
Compliance assessed by a FedRAMP-recognized Third-Party Assessment Organization (3PAO)
Presenting the body of evidence (BoE) to the contractor (i.e. member of the DIB)
For more information please refer to this deeper dive: link.
Highlighted Controls
For additional control information, please refer to the reference documents at the end of this document.
Infrastructure Security
Hosted exclusively in FedRAMP High authorized data centers
Redundant infrastructure across multiple availability zones
Siloed database structure for different customer tenants
Continuous security monitoring and threat detection
End-to-end encryption for data in transit and at rest
Access Control
Role-based access control (RBAC) implementation
Mandatory multi-factor authentication (MFA)
Comprehensive audit logging
Security Assessments and Monitoring
Completed FedRAMP Moderate Equivalency assessment
Continuous monitoring program with quarterly 3PAO assessments
Regular third-party security assessments
Continuous penetration testing
Vulnerability management program
Incident response procedures
AI Training
GovEagle will not train any models on your data
Zero-retention policy with AI processing services (OpenAI, Anthropic)
All AI processing services are running in FedRAMP High authorized data centers
Ongoing Compliance and Monitoring
With FedRAMP Moderate Equivalency achieved, GovEagle maintains the highest security standards through continuous monitoring and ongoing compliance efforts.
Continuous Monitoring Program
Real-time security control monitoring and assessment
Regular vulnerability scanning and remediation
Ongoing compliance validation with FedRAMP Moderate controls
Quarterly security control assessments by our 3PAO
Future Compliance Initiatives
GovEagle is pursuing a FedRAMP Ready Assessment that will allow us to be on the FedRAMP Marketplace in a "ready" state. Note: This will still not be considered FedRAMP authorized as that is a certification for CSOs selling to government agencies.
Frequently Asked Questions
What if I'm not comfortable with a full SharePoint integration?
Your team is encouraged to use GovEagle's document management workflow in which administrators can scope and upload a limited amount of pre-approved content. All of GovEagle's above controls will still apply in this case.
Where is my data stored?
All data is stored exclusively in FedRAMP High authorized data centers within the United States, with redundancy across multiple availability zones. Customer data is siloed across databases to prevent slippage and ensure protection.
Can GovEagle handle CUI?
Yes, GovEagle is fully compliant with NIST 800-171 requirements and is suitable for storing and processing Controlled Unclassified Information. GovEagle has achieved FedRAMP Moderate Equivalency, which is the required compliance status to handle, store, and process CUI under CMMC.
What authentication methods are supported?
GovEagle requires multi-factor authentication (MFA) for all users and supports integration with various identity providers.
How often are security assessments performed?
We conduct regular third-party security assessments and continuous security monitoring. Penetration testing is performed periodically to ensure system security.
What happens if there's a security incident?
We maintain comprehensive incident response procedures and will notify affected customers according to our security incident response plan and applicable regulations.
Does GovEagle offer an on-prem solution?
Yes - GovEagle can deploy our system to your hardware or cloud environment. Please reach out if you'd like to discuss these options in further detail.
Will using GovEagle impact my CMMC audit?
No, GovEagle has achieved FedRAMP Moderate Equivalency and can provide our body of evidence (BoE) which will enable you to seamlessly pass your CMMC audit.
I'm still worried about CUI, what are my options?
We totally understand that processing CUI through GovEagle can be intimidating. Teams are more than welcome to refrain from uploading CUI into the platform until they've built full confidence.
The FedRAMP Moderate Equivalency memo says my team is responsible for "validating the BoE provided by the 3PAO meets the Moderate Equivalent standards outlined in this memo". What does that mean for me?
This means that your organization is responsible for ensuring that GovEagle has performed the audit through a credentialed and government approved FedRAMP Authorized Third Party Assessment Organization (3PAO). You also should validate the status of the 3PAO, ensuring that you have a 3PAO signed attestation letter describing the work performed during the audit.
GovEagle is happy to connect you with our 3PAO, Ignyte Platform, to discuss the completed audit in further detail. We have completed our FedRAMP Moderate Equivalency assessment and can provide you with a copy of the BoE for your records.
How can I get more information?
Please reach out to security@goveagle.com for additional questions.