HackerOne

FedRAMP Authorization Streamlines HackerOne’s Ability to Provide Crowdsourced Security Solutions to U.S. Public Sector

SAN FRANCISCO, CA — May 18, 2020 — HackerOne, the leading hacker-powered security platform, today announced that it became the first and only hacker-powered security platform to achieve Federal Risk and Authorization Management Program (FedRAMP) Tailored Low Impact-Software as a Service (LI-SaaS) Authorization for its full suite of hacker-powered security solutions. Sponsored by the General Service Administration (GSA), this final authorization step means that HackerOne’s hacker-powered security offering is now available on the FedRAMP Marketplace — a menu of authorized solutions for government organizations. 

FedRAMP is a U.S. federal government program that provides a standardized approach to security assessment, authorization and continuous monitoring of cloud products and services to ensure that the proper level of security is in place when government agencies seek to access them. The program offers a “do once, use many times” authorization model, speeding up the government’s adoption of cloud services so that the agencies do not have to individually evaluate the same offerings.

“Achieving FedRAMP Tailored LI-SaaS authorization is a testament to HackerOne’s long-standing commitment to ensuring a secure environment for our U.S. government clients,” stated Lynn Chia, Director of Federal at HackerOne. “This authorization underscores the momentum that HackerOne has achieved in the federal government and demonstrates our ability to help make our public sector customers’ digital transformations into security transformations.”

HackerOne has worked with the U.S. federal government since 2016, starting with the first crowdsourced security initiative “Hack the Pentagon.” With the success of the initiative, HackerOne has operated several bug bounty challenges for the Department of Defense (DoD), including Hack the Army, Hack the Army 2.0, Hack the Air Force, Hack the Air Force 2.0, Hack the Air Force 3.0, Hack the Defense Travel System, and Hack the Marine Corps. The DoD also runs an ongoing Vulnerability Disclosure Program (VDP) with HackerOne, providing a legal avenue for security researchers to disclose vulnerabilities in any DoD public-facing system. More than 12,000 valid vulnerabilities have been reported as a result, significantly reducing cyber risk across the DoD’s digital assets. 

GSA was the first U.S. federal civilian agency to deploy hacker-powered security solutions. In 2018, following the successful execution of a 2017 bug bounty and VDP with HackerOne, the GSA’s Technology Transformation Service (TTS) awarded HackerOne a multi-year bug bounty contract. GSA continues to run its bug bounty program with HackerOne today. HackerOne has worked with government agencies across the globe, including programs with the Singapore’s Ministry of Defense (MINDEF), Singapore’s Government Technology Agency (GovTech), the European Commission and the U.K. National Cyber Security Centre (NCSC).

For more information on how HackerOne works with government agencies, visit the following resources: 

HackerOne has achieved other certifications and audits including ISO 27001, SOC 2 Type II, U.K. Cyber Essentials, among others. For a full list of HackerOne’s security, privacy, and compliance initiatives, please visit HackerOne’s trust page