We’re pleased to announce that the Red Hat FedRAMP offering, which includes Red Hat OpenShift Service on AWS (ROSA), has obtained the “Ready” designation from the FedRAMP Joint Authorization Board (JAB). This means that Red Hat is now listed on the FedRAMP Marketplace as actively pursuing JAB authorization, with additional updates showing our progress and achievements across the two paths for authorization: The existing Agency Authority to Operate (ATO) listing and a separate listing for the JAB path. This is the next major milestone from our August 2023 update, where Red Hat was prioritized for an authorization from the JAB following our Readiness Assessment Report being accepted by the JAB.
But why are there two paths and two listings? There are two types of authorization granted as part of the FedRAMP certification process. Red Hat currently has an Agency authorization through the National Oceanic and Atmospheric Administration (NOAA) but Red Hat is now adding to its authorizations by working with the JAB to obtain a Provisional Authorization to Operate (P-ATO). By going through the JAB process, Red Hat’s ATO with NOAA is still valid and customers are still able to fully use and deploy Red Hat product offerings, which include ROSA and the approved Red Hat Insights for RHEL service, with full confidence.
Understanding JAB and a Look Forward
The JAB Authorization process has multiple stages designed around the “fail fast” principle, which aims to more quickly identify and remediate potential problems. As mentioned above, there are two paths to FedRAMP authorization- agency and JAB. One of the main differences between the JAB and Agency authorizations is that the JAB does not accept residual risk on behalf of potential future customers (e.g. agencies), leading the board to offer a “provisional” ATO. That means cloud service providers (CSPs), like Red Hat, are held to a higher standard than what an agency process can entail. Agencies can then review this authorization knowing that the strictest of standards were maintained.
Red Hat is currently in the middle of testing with a Third-Party Assessment Official (3PAO) for our FedRAMP JAB Security Assessment, which will bring us closer to our next goal of a Provisional Authority to Operate (P-ATO).
As Red Hat completes the JAB Security Assessment, where artifacts like the System Security Plan (SSP), authorization boundary diagrams, Plan of Actions and Milestones (POA&M), and various processes and procedures are reviewed, a Security Assessment Report (SAR) is issued to the JAB. Once the JAB determines that ROSA is successfully meeting government requirements, it will issue the P-ATO.
With a JAB authorization, Red Hat will be able to streamline its continuous monitoring practices to increase internal efficiency while delivering a highly scrutinized, leading managed platform. In the meantime, customers can continue to leverage Red Hat’s current FedRAMP Agency-authorized product.
About the author
Josh Blaher is the FedRAMP Product Manager at Red Hat. He has spent more than a decade in the Federal IT space, supporting and leading a variety of transformative cloud solutions. He is an award-winning wildlife photographer who resides in Washington, DC with his partner and their cat.
Browse by channel
Automation
The latest on IT automation for tech, teams, and environments
Artificial intelligence
Updates on the platforms that free customers to run AI workloads anywhere
Open hybrid cloud
Explore how we build a more flexible future with hybrid cloud
Security
The latest on how we reduce risks across environments and technologies
Edge computing
Updates on the platforms that simplify operations at the edge
Infrastructure
The latest on the world’s leading enterprise Linux platform
Applications
Inside our solutions to the toughest application challenges
Original shows
Entertaining stories from the makers and leaders in enterprise tech
Products
- Red Hat Enterprise Linux
- Red Hat OpenShift
- Red Hat Ansible Automation Platform
- Cloud services
- See all products
Tools
- Training and certification
- My account
- Customer support
- Developer resources
- Find a partner
- Red Hat Ecosystem Catalog
- Red Hat value calculator
- Documentation
Try, buy, & sell
Communicate
About Red Hat
We’re the world’s leading provider of enterprise open source solutions—including Linux, cloud, container, and Kubernetes. We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.
Select a language
Red Hat legal and privacy links
- About Red Hat
- Jobs
- Events
- Locations
- Contact Red Hat
- Red Hat Blog
- Diversity, equity, and inclusion
- Cool Stuff Store
- Red Hat Summit