Deltek Costpoint GCCM has ahieved FedRAMP Moderate Ready status. The software now has a listing on the FedRAMP marketplace alongside the Deltek Replicon time tracking platform. The achievement is significant and opens up a wider government market for the solution.
This is, however, just the first phase of the authorization process, which Replicon has already achieved. Deltek achieved the status after a FedRAMP-recognized third-party assessment organization (3PAO) validated that Deltek Costpoint GCCM meets the security standards outlined by FedRAMP Moderate requirements. The marketplace listing means that it has also been accepted by the FedRAMP PMO. A-LIGN Compliance and Security, Inc. conducted the assessment. The software was then accepted by the FedRAMP PMO and became listed.
FedRAMP is a rigorous cloud security program. This was created by the US Government that brings assurance that software and cloud vendors, such as AWS, meet the requirements for government agencies that need the highest level of security. There are still only 334 services listed on the FedRAMP marketplace.
Deltek’s Costpoint GovCon Cloud Moderate (CP GCCM) provides government contractors with project management, accounting, labour and material management and business intelligence functionalities.
Warren Linscott, Chief Product Officer at Deltek, said, “Achieving FedRAMP Moderate Ready status is a key milestone for Deltek and our customers. We understand the unique challenges and responsibilities of government contractors when it comes to cyber security, and this demonstrates our unwavering commitment to delivering secure and compliant solutions. Our Costpoint GCCM customers can easily verify that our solution meets the FedRAMP Moderate standard, providing peace of mind and verification that Deltek’s Costpoint SaaS solution is secure.”
Why is this important?
As cybersecurity threats grow, the Federal government is increasing security measures for its agencies and for its contractors. Under DFARS 252.204-7012, which covers the safeguarding of defense information and cyber incident report for procurement, there are stringent requirements that must be met.
For example, Cloud computing services are subject to the security requirements specified in clause 252.239-7010. Contractors must ensure that the cloud service provider meets security requirements. These requirements must be equivalent to those established by the Government for the Federal Risk and Authorization Management Program (FedRAMP) Moderate baseline. Achieving FedRAMP status is the simplest way of achieving this.
There are other requirements listed within the DFARS document. These apply to contractors and the data processing, software systems and cloud services they use. Many of these are based on the NIST 800 set of standards related to computer security.
Another more recent change was the proposed rule by the Department of Defence. This rule ensures defense contractors and subcontractors have, as part of the Cybersecurity Maturity Model Certification (CMMC) Program, implemented required security measures to expand the application of existing security requirements for Federal Contract Information (FCI). And add new Controlled Unclassified Information (CUI) security requirements for certain priority programs.
These existing, new and upcoming compliance requirements mean that it is critical that contractors and their cloud service providers can demonstrate they have achieved the required security standards.
To bid for new contracts means that they must be more careful in the solutions they choose to use internally. They must check their existing and prospective cloud and software providers are able to meet the DFARs requirements. In achieving FedRAMP-ready status Deltek Costpoint has done this.
Enterprise Times: What does this mean?
To sell into the government sector, it is becoming increasingly important to become FedRAMP authorized. It is not a quick process and can take as long as 2 years. However, Deltek has now started on that journey with Costpoint. The lessons learned through the process should help other solutions acquire the same status.
It is an important differentiation for Deltek in the government sector. A few larger ERP vendors such as Oracle and Workday have achieved FedRAMP status for their solutions. Deltek appears to be the only solution specific to project-based government contractors. Has the firm managed to steal a march on competitors? Will others now seek, what can be an expensive accreditation?
