Latest news with #FIPS140-2
Business Wire
06-05-2025
- Business
- Business Wire
Rancher Government Solutions and Kasm Technologies Announce Strategic Partnership to Modernize Government Virtual and Containerized Desktop Infrastructure
WASHINGTON--(BUSINESS WIRE)-- Rancher Government Solutions (RGS), the leader in secure Kubernetes management for the U.S. Government, today announced a strategic partnership with Kasm Technologies, a pioneer in modern virtual and containerized desktop infrastructure (VDI/CDI). Together, RGS and Kasm are delivering a cloud-native, Kubernetes-powered workspace solution purpose-built to meet the mission-critical demands of government and defense organizations. The RGS-Kasm solution redefines VDI/CDI for government use-cases, empowering agencies to securely deliver virtual desktops and applications across on-premises, hybrid, cloud, and air-gapped environments — without endpoint agents or proprietary hardware. This partnership brings together RGS's industry-leading open-source Kubernetes stack with Kasm Workspaces' web-native VDI/CDI platform — offering a scalable, secure, and cost-effective alternative to legacy hypervisor-based solutions like VMware and Citrix. 'Government agencies can no longer afford to rely on legacy VDI platforms that are costly, complex, and vulnerable,' said Ryan Lewis, CEO of Rancher Government Solutions. 'Our partnership with Kasm Technologies provides a modern, cloud-native solution that delivers operational simplicity, zero-trust security, and true multi-cloud flexibility.' The RGS-Kasm solution redefines VDI/CDI for government use-cases, empowering agencies to securely deliver virtual desktops and applications across on-premises, hybrid, cloud, and air-gapped environments — without endpoint agents or proprietary hardware requirements. 'Together, we are transforming workspace delivery for federal agencies,' said Justin Travis, CEO of Kasm Technologies. 'By combining our web-native VDI platform with Rancher's secure Kubernetes stack, we are enabling government organizations to operate with greater agility, security, and cost efficiency — wherever their mission takes them.' This joint solution is already gaining traction with U.S. government customers seeking alternatives to costly legacy VDI platforms, especially in the wake of rising zero-trust mandates, modernization initiatives and increasing concerns about vendor lock-in. With out-of-the-box compliance for FIPS 140-2, NIST 800 controls, and DISA STIG guidelines, the RGS-Kasm solution enables agencies to meet federal security mandates while delivering modern workspace experiences to mission users anywhere in the world. Key solution benefits include: Ironclad Security: Zero-trust architecture with workload isolation and defense-grade controls. No Vendor Lock-In: Freedom from proprietary hypervisor licensing models. Scalable Anywhere: Operate in disconnected, low-bandwidth, or classified environments. Lower Total Cost of Ownership: Leverage existing hardware, reduce licensing fees, and simplify operations. Unified Management: Centralized control of Kubernetes clusters, virtual machines, and VDI/CDI environments through the RGS Manager. About Rancher Government Solutions Rancher Government Solutions (RGS) is dedicated to delivering secure, enterprise open source Linux, Kubernetes and container solutions purpose-built for U.S. government missions. RGS supports programs across the Department of Defense, the Intelligence Community, and civilian agencies. Learn more at About Kasm Technologies
Yahoo
09-04-2025
- Business
- Yahoo
Beyond Identity Accelerates Path to FedRAMP Certification with RapidFort, Slashing Time and Costs
Partnership fast-tracks access to government markets and simplifies compliance SAN FRANCISCO, April 09, 2025--(BUSINESS WIRE)--RapidFort, the fastest growing cybersecurity company securing the global software supply chain, has partnered with Beyond Identity, a leading provider of identity and access management solutions, to reduce the time and costs of FedRAMP certification. By working together with RapidFort, Beyond Identity shortened the certification process by three months and cut associated costs by 50%, outperforming alternative approaches and cementing its credibility in the government sector. "RapidFort was an excellent and comprehensive partner during our FedRAMP journey," says Borislav Ivanov, Engineering Manager, Site Reliability Engineering at Beyond Identity. "They cut the cost of image hardening and SSDLC efforts by 50%, shaved three months off our overall compliance timeline, and delivered outstanding support every step of the way." Achieving FedRAMP certification is a crucial and complex process for any organization looking to provide solutions to the federal government, demanding extensive documentation, security testing, and ongoing compliance efforts. Beyond Identity wanted to streamline this process and reduce overall certification costs, all without overburdening its engineering team. RapidFort played a critical role in helping Beyond Identity earn its certification, while achieving its budgetary and process goals in 3 key ways: Simplified the compliance process with pre-hardened, near-zero CVE Curated Images aligned with NIST 800-70, FIPS 140-2, and 140-3 standards, establishing a secure foundation, and cutting through a significant portion of the initial compliance work. Streamlined the benchmarking process with their automated scanning tools, ensuring Security Technical Implementation Guide (STIG) hardened applications. Automatically generated the necessary compliance documentation, including Plan of Action and Milestones (POAM) and Software Bill of Materials (SBOM), further reducing labor-intensive work. "Our customers are developing cutting-edge security solutions for both the private and public sectors, so it's imperative that their offerings are approved for government use as quickly as possible," said Mehran Farimani, CEO of RapidFort. "We're proud to be setting the industry standard for FedRAMP certification support, streamlining a traditionally formidable process, and strengthening the infrastructure that helps secure our nation." RapidFort, already available through Platform One, Tradewind Marketplace, AWS Marketplace, Microsoft Azure Marketplace, Google Cloud Marketplace, and Carahsoft, provides a reliable and efficient pathway for organizations looking to enter the federal marketplace and drive growth in the government sector. For more information about the RapidFort platform, please visit: About RapidFort RapidFort offers a cybersecurity platform that streamlines and secures modern infrastructure. Their innovative approach allows organizations to continuously monitor and minimize their software attack surface, ultimately improving their security posture and operational efficiency. RapidFort empowers development and security teams with a free tier and free community images, making it easy to get started with secure software development. Learn more about RapidFort at View source version on Contacts Cole ChristyLaunchTech Communications619-972-9836cole@
Yahoo
13-02-2025
- Business
- Yahoo
I Tried To Fix Government Tech for Years. I'm Fed Up.
When I helped create the United States Digital Service (USDS), it was not on my bingo board that it would become the U.S. DOGE Service a mere decade later. As a lifelong libertarian, the years I spent trying to make government more efficient at the Department of Veterans Affairs (V.A.) and USDS required a lot of patience. Now I'm fresh out. We have been making tiny, barely perceptible "improvements," paid for with years of compromise and hand-holding in endless pointless meetings, and then celebrating this as success. I can't get Alana Newhouse's description out of my head: "Half the time our institutions feel like molasses, and the other half like concrete." I'm fed up with a government that can't implement its way out of a paper bag. Apparently most of America is fed up, too. I care deeply about trans people, immigrants, and others who are targets of so much hate right now. I do not support the harmful actions being taken against them. At the same time, I could not possibly care less that someone plugged in a server to create a new email list without a Privacy Impact Assessment. If no one ever adheres to FIPS 140-2 again—great, it's about time we took that "kick me" sign written in Mandarin off our back. Much of the current system hurts everyone and needs to go. When I was chief technology officer of the V.A., a highlight of my career was persuading our inspectors general (I.G.) to allow cloud computing. At the time, most of our websites had business hours, and/or ran on servers that sat in mop closets under a fire sprinkler without backups. I wish I was exaggerating. Cloud would allow us to offer modern online services to America's 20 million veterans. I spent countless meetings, demos, and lunch-and-learns overcoming I.G. arguments. One objection became a favorite interview question for new hires: "But how do you put the cloud in an evidence bag?" I cheekily baked cloud-shaped sugar cookies and distributed them—in evidence bags—around the office. More than two years later, the I.G. issued a memo approving the use of the cloud. But you know what? I shouldn't have had to waste two and a half years of my life on this, while millions of veterans went without health care and other benefits they had earned. People in charge of regulating computers should know how computers work. They should even be good at computers. As we got closer to launching a modern website, I was thwarted in a new and creative way. The Department of Labor bought the domain one we intended to use—and said they would only give it to us if they got to approve every page of our website. Not going to happen. Beyond the delays this would add, the labor department sucks at websites. Their "My Next Move for Veterans," a multi-million-dollar website that every individual separating from the military is required to use, is one of the worst you could ever see. It tells veterans their primary skills are that they can "communicate by speaking" and "use [their] arms and/or legs together while sitting, standing, or lying down." Thanks for your service. If you don't believe me, look for yourself. The White House got involved, requiring months of in-person mediation meetings. I was never able to get the domain back. (To this day, the labor department owns How exactly are we qualified to intervene in foreign wars if our processes can't even stop one agency from squatting on another's domain name? Getting a government position description for a technologist approved—for what later became USDS—was even worse. On my first attempt, I posted a senior role for a graphic designer on USAJOBS. Human resources selected a candidate with multiple PhDs from the University of Phoenix with zero graphic design experience. I still lay awake at night and wonder: What would they have done if I approved that hire? How many other serious jobs are held by people with zero qualifications? It took years of back and forth, questioning and fixing virtually every step of the hiring process with the Office of Personnel Management (OPM) before we hired our first qualified technologist. I recently learned, in Bureaucracy by James Q Wilson, about the "China Lake OPM Demonstration Project." Facing a dearth of technical talent, China Lake sought to streamline the process for hiring technologists into government—in 1979. How many generations should it take to update a position description? I hope DOGE will obliterate the Paperwork Reduction Act (PRA) from space. This law, which was written in 1980—before computers were common in homes—requires that every government form, and every change to every government form, must go through the Office of Information and Regulatory Affairs (OIRA). This office has no expertise in user research or form design. It has no ability to check whether a form is asking for information that the agency has already asked for 100 times or whether multiple agency forms ask for the same information in different ways (making it harder to reuse or cross-reference). Agencies self-report how many "burden hours" it takes to fill out their forms, and OIRA has no way to check this either. Some of the most talented people I've ever worked with have spent years of their own getting OIRA to agree to, and write down, such novel concepts as "legal things are legal." I'm not kidding—OIRA issued guidance last year that agencies are allowed to get feedback from the public, something which has always been legal, yet threats of going to "PRA jail" for doing exactly this persist today. As part of the aforementioned new website, I wanted to have one form "wizard" that would allow a veteran to enter their information once, and automatically apply for all the benefits for which they were eligible. OIRA told me that to do this, I would first have to submit every possible permutation of this wizard for approval—a request I would have found delicious to comply with, were there enough trucks on the planet to deliver that amount of paper. The PRA creates dramatically more paperwork and makes agencies ask for the same information more times, and in more confusing ways. It also kills people. It took OIRA over a year to approve the addition of a single checkbox to a disability application form. This checkbox would enroll veterans with serious conditions like PTSD in health care for their disability. Instead, these veterans sat in a backlog of unprocessed paper health care applications. The I.G. of the V.A. may not know how to computer, but if you believe they know how to math, 307,000 veterans died in that backlog, waiting to enroll in the agency's health care that surely would have saved some of their lives. The death toll continues: Transplant surgeons identified and approved life-critical form updates to the organ donation matching process in 2022, which OIRA is still sitting on today. OIRA has no medical expertise of any kind. We were told this labyrinth of rules and regulations was required for democracy, fairness, and delivering services to a user base that couldn't exclude anyone. So we worked within the system. We respected it. We followed every rule or dutifully changed the rule before we moved forward. The system blocked us from helping people at every turn. Yet today, it's totally rolling over in the face of actually harming our most vulnerable while people cheer on its collapse. The system is not coming to save you or anyone—because the system is not currently designed to do much of anything at all. Let's fight for an America where you are free to live as yourself without fear—but let's not waste any time fighting to keep the status quo of molasses and concrete. The post I Tried To Fix Government Tech for Years. I'm Fed Up. appeared first on
