Since our initial announcement, Slack has received FedRAMP Moderate authorization. You can view Slack’s authorization here.
For 12 million people around the world, work happens in Slack. And as the nature of work evolves, so do the security standards required to keep your information safe. That’s why we strove to achieve a FedRAMP Tailored authorization within a six-month turnaround in October 2018—so folks in the public sector could continue working in Slack. And, thanks to sponsorship from the U.S. Department of Veterans Affairs (VA), we’re now on track to be authorized at FedRAMP Moderate. Below we cover how we got there and what it means for your work.
All you need to know about Slack and FedRAMP
What is FedRAMP?
The Federal Risk and Authorization Management Program, or FedRAMP, is a government-wide program that provides a standardized approach to security in the cloud. FedRAMP is mandatory for all federal agency cloud deployments and service models.
What was the process of becoming FedRAMP Tailored?
We had our first meeting with the FedRAMP Program Management Office (PMO) in April 2018. We set the ambitious goal of achieving a FedRAMP Tailored authorization by the end of 2018 but ended up being authorized in just six months after our first discovery meeting.
Achieving our goal with three months to spare wouldn’t have been possible without our agency partner, the U.S. General Services Administration (GSA), and the third-party assessment organization Schellman and Company.
Part of the process also involved navigating the National Institute of Standards and Technology (NIST) controls. This process was made much more intuitive thanks to the FedRAMP-specific implementation guidance released by the FedRAMP PMO. You can find more context here.
How do you know which collaboration platform is best for your business? Learn how to ask the right questions to help guide your decision.Download free e-book
What does this mean for my organization?
People working in the public sector, great news! You can use Slack in a FedRAMP-compliant manner. This authorization applies to all paid plans and all the features outlined in those services.
How about third-party integrations?
Your organization should continue to validate the application provider for any app installed in your workspace. All integrations typically leverage the APIs from the service providers of that integration. If the APIs connect to a FedRAMP Authorized service offering, then you will remain in compliance when using those third-party integrations.
What’s on the horizon?
“The GSA was a terrific sponsor for our Tailored authorization, making the process as efficient and painless as possible,” says Larkin Ryder, the interim chief security officer at Slack. “We look forward to raising the bar and expanding Slack’s availability for more public-sector employees as we pursue FedRAMP Moderate with the support of the Veterans Administration.”
Slack has received sponsorship from Veterans Affairs and is in the process of being authorized at FedRAMP Moderate. We’ll keep you posted when that happens.
Let us know what you think
At Slack, we’re privileged to help people from a wide spectrum of industries do their work more simply and productively. Protecting your information and complying with industry-specific security standards are—and will always be—key priorities. If you have any questions about our security features or certifications, please don’t hesitate to reach out to your account executive or get in touch with us.
Whatever work you do, you can do it in Slack. Get the power and alignment you need to do your best work.Learn more