ID.me‘s Identity Gateway has received Moderate Authority to Operate (“ATO”) in the FedRAMP program.
FedRAMP – or the “Federal Risk and Authorization Management Program” – is a federal standards program for cybersecurity. As the Office of Management and Budget explained in a memo when it first launched FedRAMP a decade ago, the program is meant “to provide a cost-effective, risk-based approach for the adoption and use of cloud services to Executive departments and agencies.”
ATO status means that ID.me’s Identity Gateway solution has met FedRAMP’s rigorous security requirements, and can be offered through the FedRAMP Marketplace for use by federal agencies.
The Identity Gateway is ID.me’s remote onboarding and authentication solution. It’s based on the increasingly popular ‘selfie biometrics’ approach, asking end users to submit a selfie photo together with pictures of their official ID, and using facial recognition to confirm that they are a match. The solution also uses mobile SIM verification, and supports other multi-factor authentication options.
The FedRAMP Moderate ATO is the latest achievement in a longstanding effort to serve the federal government on ID.me’s part. The company won an identity proofing and MFA contract with Veterans Affairs back in 2016, and attained FedRAMP Ready status in October of the following year.
“This FedRAMP Moderate authorization is a major milestone for ID.me as we continue to build a secure identity layer for federal agencies,” explained ID.me CEO Blake Hall. “In addition to VA, we support the Social Security Administration (SSA) and other federal agencies, as well as 26 states and over 400 leading brands.”
Other identity solutions vendors that are active at the federal level include Acuant, which received FedRAMP Moderate Provisional Authority to Operate last October; and RSA, which reached FedRAMP “In-Process” status in November of last year.
June 21, 2021 – by Alex Perala