Here at Red Hat, we’ve spent over a decade building up the power of Red Hat Insights, making it one of the most valuable pieces of technology included in your Red Hat subscription. We’ve integrated with industry-leading technologies like IBM X-Force, we’ve grown invaluable data sets from our own support cases, and we’ve extended our reach to deliver Insights wherever you work. See What the Insights portfolio can do for you.
One thing that's been a blocker for US government customers and contractors has been FedRAMP. But that's a blocker no more! Through a long process of sponsorship, development, and assessment, Red Hat Insights is an approved service, with or without Red Hat OpenShift Service on AWS (ROSA). Red Hat Insights has received the FedRAMP High Agency authority to operate (ATO), and Red Hat is listed as Ready for the JAB authorization process.
So what does this mean, what does it bring you, and how can US government agencies get onboard?
What is FedRAMP?
FedRAMP is the authorization program for a cloud service provider (CSP) like Red Hat that shows it's approved for use by US government agencies and the contractors that serve them. And Red Hat Insights has been determined to be an environment that meets all the guidelines required for FedRAMP authorization.
A FedRAMP authorization ensures that a CSP is abiding by the government's NIST framework, and other government regulations, for operating secure environments. Its guidelines provide US government agencies safe and reliable options for using cloud-based products. Instead of forcing every agency to individually go through an RFI (request for information) process for each provider it wants to use, FedRAMP assesses companies and grants approval to those that qualify.
Where do I start?
For departments that are looking for more information, a great place to start is the FedRAMP Marketplace. The Marketplace lists all FedRAMP approved companies along with information about their cloud service offerings (CSO). On Red Hat's agency ATO (Authority to Operate) listing, you can download a package request form to be vetted by the FedRAMP Program Management Office (PMO) to gain access to Red Hat’s FedRAMP security package. This package contains documentation about our architecture and processes, as well as our assessment results, showing how we satisfied each FedRAMP requirement. It also contains our Continuous Monitoring documentation to show how we continue to meet those requirements.
Red Hat initially pursued FedRAMP authorization for Red Hat OpenShift on AWS (ROSA). During that process, we added Red Hat Insights into that authorization as a significant change request (SCR). Both are offered together or separately under the same ATO.
What’s next?
Once you feel confident that all internal approvals are met, contact your account team for more details, or simply fill out the application to apply for entry into the FedRAMP environment. Customers must apply for entry so that we can limit access to US government departments and agencies or contractors that have an active US government contract. No other customers are permitted to use this environment.
As a part of this application, we verify a few things:
- You are a US government agency or department, or have an active contract
- Your primary user is living in the US and is a US citizen (or has been granted permanent US residency)
- You have an active Red Hat subscription
Once our stateside support team confirms these three pieces of information, we configure your account.
What should I expect from the FedRAMP environment?
It’s important to note that the FedRAMP instance of Insights is a completely separate environment from our commercial product. You have a handful of different experiences. Here are some of the major ones:
- Stateside support: As a requirement of FedRAMP, you communicate and troubleshoot with Red Hat’s stateside support team when you receive support for Insights. This means you’ll be asked to set up ServiceNow credentials to correspond with the proper team. This team has also been vetted according to government requirements, and consists of US citizens (or those who have been granted permanent US residency)
- Boundary: Insights leverages Amazon Web Services GovCloud infrastructure to run the FedRAMP environment, and all aspects of that infrastructure need to remain "in boundary". This means you’ll use a different login URL, a different authentication tool, and have some limited services to maintain the proper security stance of data flows
- Connection: You can connect your hosts to the FedRAMP Insights environment through your Satellite servers. To allow data flow from your Satellite into the restricted FedRAMP boundary, you need to provide your IP ranges and register your Satellite to send data to the FedRAMP environment. Stateside support walks you through both of these processes. Note that “direct connecting” a host without a satellite is not supported at this time
- Feature Delivery: Due to extra change controls within the FedRAMP environment, changes to the Insights applications slightly lag behind those made in the commercial environment. This doesn't impact any of the monitoring capabilities of Insights, like our Vulnerability service
One major consistency between these two environments is their cost. Insights is included in your Red Hat subscription, at no extra cost, no matter the environment you choose.
Get started
Once the approvals and setup are complete, you’re ready to onboard like normal Insights users. I recommend setting up inventory groups, configuring your RBAC, and digging into the portfolio of features available for you. Not sure where to start? Insights Vulnerability and Content are some of our most popular services.
We’re thrilled to bring the power of Insights to US federal use cases, and we're honored to have been approved for the FedRAMP program. If you want more information on this offer, please reach out to your account team, visit our website, or email me directly at mmeza@redhat.com.
Sobre o autor
Meza is a seasoned product professional with 15 years of experience managing products and teams across a variety of company sizes, industries and regions. As a member of the Red Hat Insights team, she works to build solutions that enable our customers to derive more value from their Red Hat subscriptions and transform their IT operations. Meza has been with Red Hat since July of 2021 and works remotely from Nashville, TN.
Navegue por canal
Automação
Últimas novidades em automação de TI para empresas de tecnologia, equipes e ambientes
Inteligência artificial
Descubra as atualizações nas plataformas que proporcionam aos clientes executar suas cargas de trabalho de IA em qualquer ambiente
Nuvem híbrida aberta
Veja como construímos um futuro mais flexível com a nuvem híbrida
Segurança
Veja as últimas novidades sobre como reduzimos riscos em ambientes e tecnologias
Edge computing
Saiba quais são as atualizações nas plataformas que simplificam as operações na borda
Infraestrutura
Saiba o que há de mais recente na plataforma Linux empresarial líder mundial
Aplicações
Conheça nossas soluções desenvolvidas para ajudar você a superar os desafios mais complexos de aplicações
Programas originais
Veja as histórias divertidas de criadores e líderes em tecnologia empresarial
Produtos
- Red Hat Enterprise Linux
- Red Hat OpenShift
- Red Hat Ansible Automation Platform
- Red Hat Cloud Services
- Veja todos os produtos
Ferramentas
- Treinamento e certificação
- Minha conta
- Suporte ao cliente
- Recursos para desenvolvedores
- Encontre um parceiro
- Red Hat Ecosystem Catalog
- Calculadora de valor Red Hat
- Documentação
Experimente, compre, venda
Comunicação
- Contate o setor de vendas
- Fale com o Atendimento ao Cliente
- Contate o setor de treinamento
- Redes sociais
Sobre a Red Hat
A Red Hat é a líder mundial em soluções empresariais open source como Linux, nuvem, containers e Kubernetes. Fornecemos soluções robustas que facilitam o trabalho em diversas plataformas e ambientes, do datacenter principal até a borda da rede.
Selecione um idioma
Red Hat legal and privacy links
- Sobre a Red Hat
- Oportunidades de emprego
- Eventos
- Escritórios
- Fale com a Red Hat
- Blog da Red Hat
- Diversidade, equidade e inclusão
- Cool Stuff Store
- Red Hat Summit