I am proud to announce that Cisco Umbrella for Government has achieved agency ATO (authorization to operate) status under FedRAMP and is at the FedRAMP PMO. This is a key milestone in the process towards full FedRAMP ATO and reflects our commitment to provide comprehensive, reliable cloud native cybersecurity solutions to enable Secure Access Services Edge (SSE/SASE). In hyper-decentralized, hybrid work environments, Umbrella for Government is a crucial milestone in a long-term strategy to evolve to Cisco’s new full SSE solution, Cisco Secure Access. Cisco has a full SSE product family to address the challenging security reality of managing connectivity from anything to anywhere while simultaneously protecting against sophisticated, motivated threat actors.
Cisco partnered with the Federal Communications Commission (FCC) as our sponsor to enable a holistic cloud-centric security infrastructure for government agencies that leverages Umbrella for Government as a foundational step to securely accelerate their IT (Information Technology) modernization and cloud adoption. State and local governments moving to the cloud can also gain greater efficiency and security by deploying this solution and other Cisco FedRAMP solutions.
Cisco Umbrella for Government will deliver advanced, cloud-native cybersecurity, ensuring protection and compliance for federal, state, and local government agencies to support their mission. It will significantly uplevel government cybersecurity, offering comprehensive protection that meets the unique needs and compliance requirements of government organizations and others that depend upon FedRAMP.
Umbrella for Government includes both Umbrella DNS-layer security and Secure Internet Gateway (SIG) capabilities comprised of a secure web gateway, cloud-delivered firewall, cloud access security broker (CASB), and data loss prevention (DLP) – the same capabilities available today in our widely deployed commercial Umbrella offer.
Meeting the federal government’s rigorous standards for authorization and cybersecurity requirements of government organizations, Cisco Umbrella for Government will provide numerous benefits:
Cisco Umbrella is a mature, proven, and extensively validated solution, delivering advanced, cloud-native cybersecurity to 30,000 customers. This feature-rich, well-established commercial solution is now optimized to cater specifically to the security and compliance needs of government organizations, including federal, state, local governments, and others that depend upon FedRAMP authorization, supporting key capabilities like PIV-CAC and CISA (Cybersecurity and Infrastructure Security Agency) Protective DNS (Domain Name System).
Umbrella SIG unifies multiple security functions into a single solution and management console that protects roaming users, secures branch offices, and controls the usage of cloud-based applications.
Umbrella meets the Cybersecurity Infrastructure Security Agency (CISA) program and mandate for Protective DNS, and extends DNS-layer security with a differentiated recursive DNS-powered intelligence that quickly blocks threats over any port and protocol, protecting users and devices, no matter where they are located, in the office or remote. With over 30,000 customers already choosing Cisco Umbrella as their trusted partner in DNS security, organizations can be confident their users will be better protected through their ongoing hybrid work and cloud transformation.
Building on DNS-layer security, the SIG capabilities of secure web gateway, cloud-delivered firewall, cloud access security broker (CASB), and data loss prevention (DLP) provide comprehensive protection against cyber threats.
- Secure web gateway protects, logs, and inspects web traffic for visibility and provides URL/application-level controls for advanced threat protection.
- Cloud-delivered firewall provides visibility and control for all traffic across all ports and protocols including mobile apps, peer-to-peer file sharing, collaboration applications, and any non-web or non-DNS traffic. It logs activity and blocks unwanted traffic using IP, port, and protocol rules (layer 3/4 firewall), application rules (layer 7 firewall), and Snort 3 intrusion prevention system (IPS) rules.
- CASB detects and reports on cloud applications in use across your environment, exposing shadow IT quicker and more efficiently.
- DLP analyzes sensitive data for visibility and control and blocks the transfer of that sensitive data before it leaves your organization.
Umbrella for Government was designed to meet the stringent FedRAMP requirements, ensuring compliance with enhanced government cybersecurity mandates. As an example – Umbrella provides advanced threat protections and secure communications that align with TIC (Trusted Internet Connections) 3.0 Policy Enforcement Points for User, Traditional, Branch office and Cloud Use cases; Executive Order 14028 on Improving the Nation’s Cybersecurity and Moving the US Government toward Zero Trust OMB Memo M-22-09. US based customer support enables rapid response times for critical issues.
It also helps state and local governments to meet their enhanced security mandates such as CONUS (Continental US Data Residency), FIPs 140 level encryption, and full implementation of NIST (National Institute of Standards and Technology) controls. Details on additional cybersecurity mandates such as the NIST Cybersecurity Framework and how Cisco complies with them are available here.
Umbrella for Government’s robust and flexible infrastructure is designed to address specific regulatory and compliance requirements of US government agencies at the federal, state, and local level. It can support organizations of any size, enabling seamless expansion as needed with the reliability and performance to support mission critical workloads.
Umbrella for Government can be deployed with other Cisco FedRAMP Moderate authorized offers, such as Duo and Cisco SD-WAN (software defined wide area network), (software defined wide area network), providing a complete zero-trust cybersecurity ecosystem tailored to government needs. The Cisco SD-WAN and Umbrella integration enables you to integrate Umbrella’s effective cloud-delivered security throughout your SD-WAN fabric. This is the core of Cisco’s secure access service edge (SASE) architecture, consolidating networking and security functions in the cloud for seamless, secure access to applications, anywhere users work.
Both Duo and Umbrella offer cloud-delivered security to protect roaming users. Umbrella provides the first line of defense against threats on the internet, delivering visibility into all cloud services in use across your environment, with the ability to block risky applications. Duo’s multi-factor authentication (MFA) lets you verify the identity of all users — before granting access to business applications.
Ease of Deployment and Use
Umbrella cloud-delivered security means there is no hardware to install or maintain. Multiple security technologies are available in a single solution, managed by a single browser interface for rapid configuration and easy day-to-day management. Customers tell us that setting up DNS security is a simple process; in a few hours they were able to enhance branch office protection and protect their users globally. Umbrella’s ease of deployment can show near-immediate value in defending against modern threats.
Customers with existing Cisco Secure Client (formerly AnyConnect) deployments can enable DNS security without the installation of additional client software, providing Protective DNS integration for roaming users.
Umbrella for Government’s open, integrated architecture enables other third-party integrations which have achieved FedRAMP Moderate status to be integrated to extend, enhance, and amplify the power of your existing security investment.
Achieving FedRAMP authorization is an important milestone in Cisco’s commitment to securely connect users, branches, and cloud instances securely to provide an optimal end-user experience. Achieving FedRAMP certification is a high bar, and we can apply the lessons we learned to similar certification and compliance programs for Cisco Secure Access. For now, I thank the teams involved for their hard work and successes.
For additional information, please visit the following resources:
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels