Today we are announcing that Adobe Creative Cloud for enterprise, Adobe Document Cloud PDF Services, and Adobe Sign have received Agency Authorization to Operate (ATO) under the FedRAMP Tailored Baseline program for Cloud Service Providers (CSPs) with Low-Impact Software-as-a-Service (LI-SaaS) Systems.
FedRAMP Tailored policy and requirements provide a more efficient path for solution providers to achieve a FedRAMP Agency Authorization to Operate (ATO). It was developed as an alternative to full FedRAMP authorization to enable government agencies to get qualifying solutions that do not handle sensitive information into their environments more quickly. Adobe has been partnering with key Federal government agencies since the launch of FedRAMP Tailored to help achieve authorization for several of our cloud solutions.
Over the past several years, we have been developing and implementing the open source Adobe Common Controls Framework (CCF), enabling our cloud products, services, platforms and operations to achieve compliance with various security certifications, standards, and regulations such as SOC2, ISO, PCI, HIPAA, and others. CCF is a cornerstone of our company-wide security strategy. It also provides the flexibility to quickly adapt to and tackle new compliance and certification requirements as needed for our business and solutions. The power of CCF has most recently helped enable today’s announcement and will continue to help Adobe adapt to constantly changing requirements.
Our government customers can now purchase these qualified solutions through the General Services Administration (GSA). This blog post from the Adobe Government team provides more information about the benefits of this authorization for our solutions to U.S. government agencies. You can also download the open source CCF to understand how this robust framework provides the agility needed to adapt to changing compliance requirements.