You are here

The US federal government is undertaking major initiatives to modernize their approach to IT and its ability to deliver better services to citizens and organizations more efficiently.  This includes FITARA (Federal Information Technology Acquisition Reform Act) as well as the MGT (Modernizing Government Technology) Act.  Cloud-based SaaS applications are an integral component of agency modernization and FedRAMP has been designed to standardize the certification approach of these applications and services for use across agencies.  As the leading vendor for TBM (Technology Business Management) solutions, Apptio is proud to be one of the few SaaS providers to have obtained JAB P-ATO (Provisional Authority to Operate).

What is FedRAMP?

The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services.  FedRAMP created and manages a core set of processes to ensure effective, repeatable cloud security for the government. FedRAMP established a mature marketplace to increase utilization and familiarity with cloud services while facilitating collaboration across government through open exchanges of lessons learned, use cases, and tactical solutions.


Why is it important?

FedRAMP provides a unified and consistent approach to cloud products and services across federal agencies to streamline the process for both agencies as well as cloud vendors.  FedRAMP enables Agencies to rapidly adapt from old, insecure legacy IT to mission-enabling, secure, and cost effective cloud-based IT. 


What are the different types of FedRAMP authorizations?

• Provisional Authority to Operate (P-ATO) from the Joint Authorization Board (JAB) – The JAB (consisting of DOD, DHS, and GSA) works to create a marketplace of approved providers.  Based on limited resources, the JAB prioritizes six vendors twice a year to work towards authorization.  The authorization is obtained after passing a full security assessment led by the JAB and supported by a 3PAO (Third Party Assessment Organization) and the CSP (Cloud Solution Provider)

• Agency Authority to Operate (ATO) – This authorization comes from an individual agency and is provided following a full security review by that agency.


Is Apptio FedRAMP compliant?

Yes, Apptio has met the FedRAMP security requirements defined by the Joint Authorization Board (JAB) ATO.


What is IL-2 certification?

IL-2 (or Impact Level-2) certification is provided by DISA for cloud application vendors who meet the Department of Defense compliance requirements. Apptio was able to obtain this certification by leveraging our existing FedRAMP Joint Operational Board (JAB) Provisional Authorization to Operate (P-ATO). The authorization allows DoD entities to evaluate Apptio for their TBM solution needs.


In what data center cloud environment do these products run?

Apptio’s SaaS solutions leverage the AWS GovCloud data centers for their infrastructure needs.


Do you have US federal government customers today?

Yes, numerous civilian and defense agencies currently leverage Apptio products to run IT like a business and meet the 2019 OMB TBM requirements.  Learn more about current Apptio customers here.


Which Apptio products fall under the certification?

The following products are FedRAMP certified: Cost Transparency, IT Financial Management Foundation, Bill of IT, Vendor Insights, Business Insights, Agile Insights, IT Benchmarking and IT Planning and Project Financial Planning.