Aug 9, 2018
Valimail press release
Valimail Achieves FedRAMP Tailored Authorization
Automated Cloud Service Protects Federal Agencies From Email Spoofing and Impersonation Attacks
San Francisco, August 9, 2018 — Valimail announced today that its Valimail Enforce service is FedRAMP Authorized and available for federal agencies to use to deploy, configure, and maintain the Domain-based Message Authentication, Reporting & Conformance (DMARC) standard to protect their government domains from phishing and fraudulent use. This capability can aid agencies in enforcing the Department of Homeland Security Binding Operational Directive (BOD) 18-01.
The Department of Homeland Security’s BOD 18-01 mandates that federal agencies deploy DMARC at enforcement by October 16, 2018. An enforcement policy directs receiving mail servers to reject all non-authorized emails using those domains, eliminating phishers’ ability to impersonate those agencies by using their domains in fraudulent email messages.
Currently, although over 70 percent of all federal domains have started the process, less than half are protected by DMARC through setting a policy of enforcement.
“We are incredibly proud to have completed this milestone so rapidly and to be recognized for the security and stability of our product, which provides protection against same-domain email impersonation without using any personally identifiable information (PII),” said Valimail co-founder and CEO Alexander García-Tobar. “This is a timely announcement, since Valimail Enforce can now help agencies achieve compliance with BOD 18-01, greatly increasing the cybersecurity posture of the federal government as well as the security of the American public.”
Originally offered for public comment in February 2017 and released for use on September 28, 2017, FedRAMP Tailored was developed to support industry solutions that are low risk and low cost for agencies to deploy and use. GSA’s streamlined FedRAMP Tailored process enables commercial SaaS solutions, like Valimail Enforce, a fully automated cloud solution that does not use Personally Identifiable Information (PII), to rapidly achieve FedRAMP Authorization in partnership with the Department of Commerce.
FedRAMP is a government-wide program by which the U.S. federal government determines whether cloud products and services are secure enough to be used by federal agencies.. FedRAMP has standardized the process for federal agencies to demonstrate compliance withNIST Special Publication 800-53—a rigorous set of controls to safeguard federal information systems.