Here at Red Hat, we’ve spent over a decade building up the power of Red Hat Insights, making it one of the most valuable pieces of technology included in your Red Hat subscription. We’ve integrated with industry-leading technologies like IBM X-Force, we’ve grown invaluable data sets from our own support cases, and we’ve extended our reach to deliver Insights wherever you work. See What the Insights portfolio can do for you.
One thing that's been a blocker for US government customers and contractors has been FedRAMP. But that's a blocker no more! Through a long process of sponsorship, development, and assessment, Red Hat Insights is an approved service, with or without Red Hat OpenShift Service on AWS (ROSA). Red Hat Insights has received the FedRAMP High Agency authority to operate (ATO), and Red Hat is listed as Ready for the JAB authorization process.
So what does this mean, what does it bring you, and how can US government agencies get onboard?
What is FedRAMP?
FedRAMP is the authorization program for a cloud service provider (CSP) like Red Hat that shows it's approved for use by US government agencies and the contractors that serve them. And Red Hat Insights has been determined to be an environment that meets all the guidelines required for FedRAMP authorization.
A FedRAMP authorization ensures that a CSP is abiding by the government's NIST framework, and other government regulations, for operating secure environments. Its guidelines provide US government agencies safe and reliable options for using cloud-based products. Instead of forcing every agency to individually go through an RFI (request for information) process for each provider it wants to use, FedRAMP assesses companies and grants approval to those that qualify.
Where do I start?
For departments that are looking for more information, a great place to start is the FedRAMP Marketplace. The Marketplace lists all FedRAMP approved companies along with information about their cloud service offerings (CSO). On Red Hat's agency ATO (Authority to Operate) listing, you can download a package request form to be vetted by the FedRAMP Program Management Office (PMO) to gain access to Red Hat’s FedRAMP security package. This package contains documentation about our architecture and processes, as well as our assessment results, showing how we satisfied each FedRAMP requirement. It also contains our Continuous Monitoring documentation to show how we continue to meet those requirements.
Red Hat initially pursued FedRAMP authorization for Red Hat OpenShift on AWS (ROSA). During that process, we added Red Hat Insights into that authorization as a significant change request (SCR). Both are offered together or separately under the same ATO.
What’s next?
Once you feel confident that all internal approvals are met, contact your account team for more details, or simply fill out the application to apply for entry into the FedRAMP environment. Customers must apply for entry so that we can limit access to US government departments and agencies or contractors that have an active US government contract. No other customers are permitted to use this environment.
As a part of this application, we verify a few things:
- You are a US government agency or department, or have an active contract
- Your primary user is living in the US and is a US citizen (or has been granted permanent US residency)
- You have an active Red Hat subscription
Once our stateside support team confirms these three pieces of information, we configure your account.
What should I expect from the FedRAMP environment?
It’s important to note that the FedRAMP instance of Insights is a completely separate environment from our commercial product. You have a handful of different experiences. Here are some of the major ones:
- Stateside support: As a requirement of FedRAMP, you communicate and troubleshoot with Red Hat’s stateside support team when you receive support for Insights. This means you’ll be asked to set up ServiceNow credentials to correspond with the proper team. This team has also been vetted according to government requirements, and consists of US citizens (or those who have been granted permanent US residency)
- Boundary: Insights leverages Amazon Web Services GovCloud infrastructure to run the FedRAMP environment, and all aspects of that infrastructure need to remain "in boundary". This means you’ll use a different login URL, a different authentication tool, and have some limited services to maintain the proper security stance of data flows
- Connection: You can connect your hosts to the FedRAMP Insights environment through your Satellite servers. To allow data flow from your Satellite into the restricted FedRAMP boundary, you need to provide your IP ranges and register your Satellite to send data to the FedRAMP environment. Stateside support walks you through both of these processes. Note that “direct connecting” a host without a satellite is not supported at this time
- Feature Delivery: Due to extra change controls within the FedRAMP environment, changes to the Insights applications slightly lag behind those made in the commercial environment. This doesn't impact any of the monitoring capabilities of Insights, like our Vulnerability service
One major consistency between these two environments is their cost. Insights is included in your Red Hat subscription, at no extra cost, no matter the environment you choose.
Get started
Once the approvals and setup are complete, you’re ready to onboard like normal Insights users. I recommend setting up inventory groups, configuring your RBAC, and digging into the portfolio of features available for you. Not sure where to start? Insights Vulnerability and Content are some of our most popular services.
We’re thrilled to bring the power of Insights to US federal use cases, and we're honored to have been approved for the FedRAMP program. If you want more information on this offer, please reach out to your account team, visit our website, or email me directly at mmeza@redhat.com.
저자 소개
Meza is a seasoned product professional with 15 years of experience managing products and teams across a variety of company sizes, industries and regions. As a member of the Red Hat Insights team, she works to build solutions that enable our customers to derive more value from their Red Hat subscriptions and transform their IT operations. Meza has been with Red Hat since July of 2021 and works remotely from Nashville, TN.
유사한 검색 결과
채널별 검색
오토메이션
기술, 팀, 인프라를 위한 IT 자동화 최신 동향
인공지능
고객이 어디서나 AI 워크로드를 실행할 수 있도록 지원하는 플랫폼 업데이트
오픈 하이브리드 클라우드
하이브리드 클라우드로 더욱 유연한 미래를 구축하는 방법을 알아보세요
보안
환경과 기술 전반에 걸쳐 리스크를 감소하는 방법에 대한 최신 정보
엣지 컴퓨팅
엣지에서의 운영을 단순화하는 플랫폼 업데이트
인프라
세계적으로 인정받은 기업용 Linux 플랫폼에 대한 최신 정보
애플리케이션
복잡한 애플리케이션에 대한 솔루션 더 보기
오리지널 쇼
엔터프라이즈 기술 분야의 제작자와 리더가 전하는 흥미로운 스토리
제품
- Red Hat Enterprise Linux
- Red Hat OpenShift Enterprise
- Red Hat Ansible Automation Platform
- 클라우드 서비스
- 모든 제품 보기
툴
체험, 구매 & 영업
커뮤니케이션
Red Hat 소개
Red Hat은 Linux, 클라우드, 컨테이너, 쿠버네티스 등을 포함한 글로벌 엔터프라이즈 오픈소스 솔루션 공급업체입니다. Red Hat은 코어 데이터센터에서 네트워크 엣지에 이르기까지 다양한 플랫폼과 환경에서 기업의 업무 편의성을 높여 주는 강화된 기능의 솔루션을 제공합니다.