Blog | Jul 15, 2019

Bringing Digital Workers and FedRAMP Compliance Together

Bp banner fedramp 1200x628

Over the past decade, the White House has established multiple policies to help ensure that federal agencies use technology to serve their needs, and those of their constituents and employees, in smart, fiscally responsible, and safe ways.

For example, the Cloud First initiative – updated and now called Cloud Smart – provides agencies with guidelines on how to leverage the cloud to gain its savings, security, and faster delivery benefits. The Federal Risk and Authorization Management Program, referred to as FedRAMP, ensures a standardized, government-wide approach to security assessment, authorization, and continuous monitoring for apps and services that operate in the cloud.

And the 21st century workforce component of the March 2018 President’s Management Agenda emphasizes using robotic process automation (RPA) – or what we call a digital workforce – to do more, with less staff, for less money, and let human employees spend their time on work that requires emotional intelligence, reasoning, judgment, and direct constituent interaction.

Individually, each of these policies can deliver on their intended value. Collectively, they can transform how government agencies operate and the experience they provide to their employees and citizens.

The double-edged sword is that it’s extraordinarily challenging to meet the host of stringent security controls required for FedRAMP compliance, but agencies can’t utilize a cloud-based digital workforce unless they can verify that all FedRAMP controls are in place.

To accelerate federal agencies’ digital workforce uptake, speed-to-value, and scalability, Blue Prism recently partnered with Project Hosts, a FedRAMP authorized cloud service provider (CSP), enabling it to deliver its RPA solution as a cloud service on Microsoft Azure. Because Project Hosts’ Federal Private Cloud (FPC) FedRAMP-authorized Platform-as-a-Service (PaaS) covers 87 percent of the security controls required for FedRAMP compliance, federal agencies’ systems integration partners only need to handle the remaining 13 percent for Blue Prism software to be quickly authorized and deployed.

This approach supports FedRAMP’s overarching charter to “facilitate the shift from insecure, tethered, tedious IT to secure, mobile, nimble, and quick IT.”

It also addresses the portion of the May 21, 2019 memorandum from the Executive Office of the President, Office of Management and Budget, that states: “Agencies shall manage the digital identity lifecycle of devices, non-person entities (NPEs), and automated technologies such as Robotic Process Automation (RPA) tools and Artificial Intelligence (AI), ensuring the digital identity is distinguishable, auditable, and consistently managed across the agency.” Every Blue Prism digital worker is assigned its own unique and encrypted ID, and the IDs are locked away in a secure repository that can only be accessed by one or two IT or business professionals. And because every digital workers’ activities are logged under their own IDs, a full, immutable audit trail is available.

Please click here to learn more about the Blue Prism/Project Hosts solution.