Avue and FedRAMP

IMAGE-AVUE-FRP-FORTIFIED-FI

When personal computers first hit the consumer market, Avue launched the first automated Federal job classification system in a nascent programming language, called C, and dubbed it ProClass. [1988]

When the Internet was first born, Avue was the first to rewrite its Federal Human Resources client-server product into Java — one of the first five B2B applications to be written in Java. [1995]

When Federal agencies recognized the power and economy of hosted solutions, Avue was the first to offer a fully hosted Federal Human Capital Management platform in the Cloud. [2001]

When OPM, OMB, and GSA launched the certification program for Human Resources Lines of Business, Avue’s Federal Human Capital Management Platform was the first to be certified. [2007]

And now, when OMB released the Cloud First initiative and its FedRAMP compliance requirements, Avue is the first and only certified Federal HRLOB platform to be approved as FedRAMP Compliant. [2015]

To us, being first means taking care of our clients. We want our clients to fearlessly demonstrate they are compliant with all major HCM, acquisition, and IT requirements. FedRAMP, like the HRLOB certification, is one of the most significant initiatives of the past two Administrations, beginning with eGov and now transitioning to Cloud First. OMB required that all currently implemented cloud services, and those currently in the acquisition process, meet all FedRAMP requirements or be working toward FedRAMP compliancy, as a FedRAMP In-Process system, by June 5, 2014.

Avue FedRAMP Compliant HCM PlatformWhat is FedRAMP? FedRAMP stands for the Federal Risk Authorization and Management Program — and all cloud-based and SaaS applications procured by the federal government — whether from an outside vendor or another federal agency — must be approved as FedRAMP compliant in order for agencies to purchase such services. This means that any HCM or payroll or HR software hosted for a federal agency, even by another federal agency, must meet the strict security and IT standards set by the FedRAMP PMO (GSA and OMB) and have demonstrated that through a rigorous and well-documented security assessment process. Independent third parties test and assess the system for compliance and the FedRAMP PMO reviews packages submitted for approval. This helps ensure that all systems you use meet governing security and risk management standards and that your data is safe and protected. 

Read More: Avue meets with FedRAMP officials on a regular basis
Read More: Avue chosen to participate in FedRAMP Continuous Monitoring pilot

Avue’s journey to FedRAMP compliancy began with the initial announcement by the White House, OMB, and GSA in 2011. Avue stayed engaged with the FedRAMP PMO as this emerging program, its processes, and its requirements evolved.  As the compliance requirements and business processes became more clear, Avue and its sponsor, the Department of Justice, Office of Justice Programs, pursued FedRAMP compliance through the Agency FedRAMP Authorization process. Avue submitted its application for entry into FedRAMP and it was accepted in July of 2012. You can learn more about FedRAMP by visiting www.fedramp.gov and see Avue listed under the FedRAMP Compliant Systems at https://www.fedramp.gov/marketplace/compliant-systems/ where you will find Avue when you expand the list under “Cloud Compliant Systems with an Agency FedRAMP Authorization.” 

Our FedRAMP Compliant HCM platform means that all 15 modules within the Avue Platform operate under the most current and rigorous security and risk management standards the Federal government requires. Whether it is Talent Management, Talent Acquisition, Classification, Benefits, Position Management, Performance Management, or Learning Management, every element of the Avue HCM Platform is secure and compliant.  And this isn’t a one-time process either. Avue must continuously meet all requirements, implement new requirements as defined by NIST and/or the FedRAMP PMO, and be assessed and evaluated at regular intervals during the year.

Avue clients access Avue through the Amazon Web Services GovCloud, which has received a Provisional Authority to Operate (P-ATO) from the Joint Authorization Board (JAB) under the FedRAMP High baseline. AWS GovCloud (US) is an isolated AWS region designed to host sensitive data and regulated IT workloads in the cloud, and it is operated by employees who are vetted “U.S. Persons” and root account holders of AWS accounts must confirm they are U.S. Persons before being granted access credentials to the region.

Utilizing AWS’s FedRAMP High authorization, which includes over 400 security controls, gives Avue clients the ability to leverage the AWS Cloud for highly sensitive workloads, including Personal Identifiable Information (PII), sensitive patient records, financial data, law enforcement data, and other Controlled Unclassified Information (CUI).

Avue. A FedRAMP Compliant HCM Platform.

FacebookTwitterLinkedin