SecurityBrief US - Technology news for CISOs & cybersecurity decision-makers
United States

Guides

#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware

Search

Secure cloud above us government buildings encrypted data symbols locks
#
UC
#
Data Protection
#
Encryption

AppOmni secures FedRAMP Moderate ATO for SaaS security platform

Thu, 10th Jul 2025
Author image
By Catherine Knowles, News Editor

AppOmni has announced that its SaaS Security Platform has earned the Federal Risk and Authorization Management Program (FedRAMP) Moderate Authority to Operate (ATO) designation.

With this recognition, AppOmni becomes the only company focused solely on SaaS security to achieve FedRAMP Moderate ATO, enabling its platform to be adopted by federal agencies for protection of critical data in the cloud.

FedRAMP framework

FedRAMP, implemented in 2011, was designed to foster secure cloud adoption across U.S. government agencies. The programme provides a common security standard, so once a solution is authorised, any federal agency can utilise it, helping to streamline procurement and bolster baseline data protection protocols.

The Moderate ATO requires that applicants satisfy 325 distinct security controls. FedRAMP authorisation is widely considered to be amongst the most stringent security certifications for the public sector, validating that the provider meets extensive requirements for data protection and risk management.

Significance for federal agencies

SaaS applications have become fundamental tools for federal agencies managing mission-critical data, handling information such as Controlled Unclassified Information (CUI), Personally Identifiable Information (PII), and Protected Health Information (PHI). Although such data are unclassified, they are strictly regulated, with mishandling potentially resulting in legal penalties and a loss of public trust.

AppOmni's Moderate ATO demonstrates that its platform meets federal standards for encryption, key management, and compliance with the Federal Information Processing Standard (FIPS), safeguarding data-at-rest and data-in-transit according to regulatory requirements.

Platform features and compliance alignment

In addition to exceeding FedRAMP's baseline, AppOmni's platform provides continuous monitoring and threat detection. The solution is designed to integrate with compliance frameworks such as the Federal Information Security Management Act (FISMA) and the National Institute of Standards and Technology (NIST) SP 800-53. Its approach addresses risks linked to misconfigurations, data access, and potential gaps in compliance across SaaS platforms.

No other pure play SaaS Security Posture Management (SSPM) solutions currently hold a FedRAMP Moderate ATO in the market, according to the company.

Addressing current cyber risks

The cyber threat landscape for government agencies continues to evolve, as attackers focus increasingly on SaaS platforms. AppOmni research points to SaaS as one of the most actively targeted - and least proactively defended - layers of the enterprise technology stack.

Cyber criminal organisations such as Salt Typhoon have recently exploited government Microsoft 365 applications via stolen OAuth2 tokens. These tokens act as digital credentials, enabling third-party application access without requiring user passwords. Such incidents highlight the growing threat posed by supply chain attacks and underscore calls from security leaders to address systemic SaaS risks.

"Achieving FedRAMP Moderate ATO is a landmark accomplishment, not just for AppOmni, but for the federal government's SaaS security posture," said Cory Michal, CISO at AppOmni. "Federal agencies are prime targets for sophisticated cyberattacks, and they require an in-depth level of SaaS security that legacy systems can't provide. AppOmni enables unparalleled visibility and continuous monitoring across the entire SaaS ecosystem, protecting the very fabric of government operations. This authorization underscores our philosophy that secure cloud adoption should empower government agencies and enterprise organizations, not burden them with risk. AppOmni is dedicated to helping agencies protect their most critical data and applications from evolving threats and simplifying the procurement process."

The platform's authorisation comes as federal agencies implement requirements from the Cybersecurity and Infrastructure Security Agency's (CISA) Binding Operational Directive (BOD) 25-01 for Secure Cloud Business Applications (SCuBA). Federal agencies were required to meet SCuBA compliance by June 2025, making SaaS security platforms like AppOmni's relevant for compliance and monitoring.

AppOmni provides federal customers compliance checks for more than 50 directives relevant to Microsoft's identity and productivity suite, including Microsoft Azure Active Directory (now Entra ID), SharePoint, Exchange Online, and Teams. Agencies are able to access a complimentary SCuBA compliance assessment, which delivers instant visibility into SaaS security risks, ensures configurations are aligned with secure baselines, and helps maintain ongoing compliance with new directives.

The company states its platform enables agencies to monitor and control sensitive data, align with security frameworks, and maintain compliance reporting while minimising operational disruption.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
2026: Resilience, the new foundation of cybersecurity
AI’s 2026 security fallout: identity chaos & deepfake fear
ADLINK gains IEC 62443-4-1 nod for secure edge R&D
Agentic AI double agents expose dangerous security gaps
Ping Identity names Adnan Chaudhry Chief Revenue Officer

Top stories

Instagram denies breach after 17m user records leak
Target locks down Git after major source code leak
Concentric AI adds AWS GovCloud support for data security
Forrester: AI to drive modest job losses, not apocalypse
Black Hat to debut cyber war room documentary in Vegas