Skip to main content
Skyhigh Security

FAQS– FedRAMP Initiative for Skyhigh SWG for Cloud

What is being announced?  

Skyhigh has decided to stop the FedRAMP Moderate/High initiative for our Secure Web Gateway Cloud product line. However, the CASB product line for Federal business will continue to be offered.

Is Skyhigh departing Federal Business?

No, Skyhigh has decided to stop only theSecure Web Gateway Cloud product line from the Federal Business. Skyhigh will continue to offer CASB and SWG for On-Prem appliances for the Federal market.

How is the FedRAMP community notified of this decision?

Skyhigh documentation and FedRAMP marketplace

Why was the decision taken for Secure Web Gateway Cloud?

A conscious decision based on various aspects like business opportunities versus cost to run the business, it was decided to stop the  FedRAMP Moderate/High initiative for Secure Web Gateway Cloud product line. We believe that this is the right decision given the focus and other business considerations.

What happens to Secure Web Gateway Cloud SKUs that were quoted before?

All FedRAMP SWG for Cloud SKUs will be invalid. These SKUs will be removed from Q4 2023 price book.

What CASB SKUs are still going to be available for FedRAMP?

All SKUs related to CASB Shadow IT, SaaS, Office 365, Collaboration Apps, Business Apps, Custom Apps, CNAPP will continue to be available.

Are advanced DLP capabilities and OCR for CASB available?

No, OCR and advanced DLP SKU will not be available in FedRAMP environment.

What is our current FED certification for Skyhigh Products?

Skyhigh Cloud Access Security Broker (CASB) received FedRAMP High Authorization in 2020. The FedRAMP authorizations will allow these organizations to implement Skyhigh CASB, part of the Skyhigh Security Service Edge portfolio, to provide continuous, secure access for users anywhere, protect vital government information, and protect against today’s advanced threats.

How much focus do you put into your compliance credentials?

Our dedicated Information Security and Privacy teams are responsible for maintaining Skyhigh Security's compliance to a variety of laws, standards, and frameworks, including DoD Impact Level (IL2 and IL4) i.e. Cloud computing security requirements for the US Department of Defense for Impact Level 2, Impact Level 4, and Impact Level 5. FedRAMP is a U.S. government program providing a standard approach to security, authorization, and monitoring. GDPR (General Data Protection Regulation) is a European Union (EU) regulation designed to provide individuals more control over their personal data. IRAP (Information Security Registered Assessors Program) is an Australian Signals Directorate (ASD) to ensure entities can access high-quality security assessment services. SOC 2 Type II report is an attestation for the management of Skyhigh Security organization's assertion that certain controls are in place to meet the AICPA's SOC 2 Trust Services Criteria (TSC). It sets out the specifications for an information security management system (ISMS). ISO 27001's best-practice approach helps organizations manage their information security by addressing people, processes, and technology. Skyhigh Security was the first Cloud Access Security Broker to attain ISO 27001 Certification. The certification also reflects the maturity of controls and practices that Skyhigh Security has in place.

  • Was this article helpful?