HP Granted FedRAMP Authorization for Government Agencies to Use HP Fortify on Demand
March 11, 2015 • Press Release
HP Fortify on Demand First Security Software-as-a-Service (SaaS) Offering to Achieve Approval
WASHINGTON, DC--(Marketwired - Mar 11, 2015) - HP (NYSE: HPQ) today announced the authorization of HP Fortify on Demand by the Joint Authorization Board (JAB) of the Federal Risk and Authorization Management Program (FedRAMP), a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. As the first Security Software-as-a-Service (SaaS) offering to achieve a FedRAMP authorization, HP Fortify on Demand allows government agencies to perform security assessments of application code and web site/web services testing without requiring any additional software to install or manage.
More than 70 percent of agency breaches are due to software vulnerabilities.(1) When vulnerabilities are found in software, hackers and other malicious actors have the ability to infiltrate an agency's network and access sensitive information regardless of where it resides. HP Fortify on Demand addresses this by enabling agencies to continuously monitor deployed software to mitigate risk and identify critical vulnerabilities undermining their security posture.
"As the soft underbelly of an agency's network, software can impose serious threats to an agency's security if vulnerabilities are not proactively identified and addressed," said Rob Roy, chief technology officer, U.S. Public Sector, Enterprise Security Products, HP. "Organizations can no longer afford to simply respond to breaches as they arise, and as the only solution of its kind available with FedRAMP certification, HP Fortify on Demand quickly addresses the root cause of vulnerabilities by securing software from conception through the entire development lifecycle."
HP Fortify on Demand is now provisionally authorized for government agency use to perform security assessments of application code and web site/web services testing, and end-to-end mobile application security testing. Static code scanning such as Java, .NET, and other major programming languages for security defects is performed in the system at the code layer followed by an audit review by an HP static auditor.Dynamic web site and web services testing combines HP WebInspect software with manual penetration testing, followed by a review from an HP dynamic tester. In total, HP Fortify on Demand offers accurate and affordable security assessments of more than 600 vulnerability categories and services, regardless of where the application resides and without any software to install or manage.
By deploying HP Fortify on Demand on top of HP's FedRAMP authorized Infrastructure-as-a-Service (IaaS), HP Helion Managed Virtual Private Cloud for Public Sector (US), agencies are able to leverage on-demand security assessments of application code in a fast and accurate method that saves both time and money. More information on this certification is available at www.FedRAMP.gov.
About HP Enterprise Security
HP enables organizations to take a proactive approach to security, disrupting the life cycle of an attack through prevention and real-time threat detection. With market-leading products, services and innovative research, HP Enterprise Security enables organizations to integrate information correlation, application analysis and network-level defense. Additional information about HP Enterprise Security can be found at www.hp.com/go/esp.
HP creates new possibilities for technology to have a meaningful impact on people, businesses, governments and society.With the broadest technology portfolio spanning printing, personal systems, software, services and IT infrastructure, HP delivers solutions for customers' most complex challenges in every region of the world.More information about HP is available at http://www.hp.com.
This press release contains forward-looking statements that involve risks, uncertainties and assumptions. If such risks or uncertainties materialize or such assumptions prove incorrect, the results of HP and its consolidated subsidiaries could differ materially from those expressed or implied by such forward-looking statements and assumptions. All statements other than statements of historical fact are statements that could be deemed forward-looking statements, including but not limited to statements of the plans, strategies and objectives of HP for future operations, including the separation transaction; the future performance of Hewlett-Packard Enterprise and HP Inc. if the separation is completed; any statements concerning expected development, performance, market share or competitive performance relating to products and services; any statements regarding anticipated operational and financial results; any statements of expectation or belief; and any statements of assumptions underlying any of the foregoing. Risks, uncertainties and assumptions include the need to address the many challenges facing HP's businesses; the competitive pressures faced by HP's businesses; risks associated with executing HP's strategy, including the planned separation transaction, and plans for future operations and investments; the impact of macroeconomic and geopolitical trends and events; the need to manage third-party suppliers and the distribution of HP's products and services effectively; the protection of HP's intellectual property assets, including intellectual property licensed from third parties; risks associated with HP's international operations; the development and transition of new products and services and the enhancement of existing products and services to meet customer needs and respond to emerging technological trends; the execution and performance of contracts by HP and its suppliers, customers, clients and partners; the hiring and retention of key employees; integration and other risks associated with business combination and investment transactions; the execution, timing and results of restructuring plans, including estimates and assumptions related to the cost and the anticipated benefits of implementing those plans; the execution, timing and results of the separation transaction or restructuring plans, including estimates and assumptions related to the cost (including any possible disruption of HP's business) and the anticipated benefits of implementing the separation transaction and restructuring plans; the resolution of pending investigations, claims and disputes; and other risks that are described in HP's Annual Report on Form 10-K for the fiscal year ended October 31, 2015, and HP's other filings with the Securities and Exchange Commission. HP assumes no obligation and does not intend to update these forward-looking statements.
©2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.