We're leveling up FutureStack registration with swag, only until 4/30. Terms & conditions apply. Register Now

New Relic Advances Data Security and Compliance by Achieving FedRAMP Authority to Operate

4 min read

This post, originally published in March 2020, includes new information.

Many of our customers operate in regulated, federal environments, making it critical that they adopt FedRAMP-certified technologies. That’s why we’ve built the world’s leading observability platform—New Relic One—as FedRAMP-certified at the FIPS 199 “Moderate” impact level. Dozens of United States government agencies trust New Relic with their observability needs.

A secure observability platform

Any agency can use New Relic’s observability platform to instrument its unique digital environment—from traditional monoliths running in on-premises data centers to distributed microservices applications powered by cloud native technologies—and collect billions of telemetry points in real time. New Relic contextualizes and curates this data and presents it in a meaningful, customizable, and easily digestible way that caters to the specific, actionable needs of application owners, IT administrators, developers, security officers, or compliance officers.

The New Relic platform takes deep, real-time monitoring and observability beyond the application level—including applications, containers, Kubernetes pods, databases, AWS Lambda functions, virtual machines, and any other entity within the IT environment. Also, New Relic integrates with other open-standard tools and solutions so agencies can extend their observability across their digital environments.

Minimize the costs and risks of cloud migrations

New Relic mitigates the risk of cloud migrations by providing cloud migration experts within federal agencies the critical information they need about their applications. From identifying application dependencies, to tracking cloud preparedness, to monitoring real-time performance before, during, and after they transition to the cloud, agencies can ensure application performance is reliable and consistent throughout the migration process. New Relic’s comprehensive view also shows migration experts what infrastructure resources and service level agreements are needed to ensure adequate support for their applications. When merged with cost data, New Relic can even recommend ways to optimize cloud usage and costs, through tools like the New Relic One Cloud Optimization app.

Improve the user experience; improve user loyalty

New Relic provides stakeholders across any federal agency a single, shared view of their citizens across multiple interactions, channels, and products. Through real user monitoring—via web browsers, synthetic tests, and mobile apps—New Relic enables federal agencies to monitor how their citizens interact with their software. In fact, agencies can monitor features and performance by geography, by browser, or by device type. With such tools in place, agencies are better equipped to improve customer satisfaction and loyalty, make better software decisions, foster collaboration across the organization, and drive positive business outcomes.

Key security controls in place

FedRAMP authority to operate brings an additional benefit to all of our customers—not just those in the federal government: Like our current SOC 2 Type 2 certification, it provides additional oversight and third-party validation that New Relic’s security controls are in place and operating efficiently.

For example, FedRAMP requires:

  • Certification by an official Third Party Assessment Organization (3PAO) that all 325 “Moderate Impact” level security controls outlined in NIST 800-53 are implemented and functioning correctly
  • Recertification of one-third of those controls annually
  • Monthly reporting to federal clients to ensure that security controls are properly maintained
  • Regular security scans by a third party—a practice that is already in place at New Relic

Accelerating government IT modernization

Why is this so important? New Relic’s FedRAMP authority to operate enables government IT leaders to get the same level of real-time insights that commercial operations and development teams have come to rely on. And it still ensures compliance with established security standards, such as:

  • Role-based access controls for employees that are reviewed on a regular basis
  • Annual security awareness training for all employees, along with specific training for developers on secure coding practices
  • Continuous vulnerability scanning and regular third-party security assessments
  • Regularly reviewed and tested disaster recovery plans
  • A strong vulnerability management program (including the use of bug bounties) that identifies, prioritizes, and assigns SLAs to vulnerabilities
  • A vendor security program that includes security reviews and contractual requirements

New Relic supports several public sector organizations and contractors, including the Centers for Medicare and Medicaid Services (CMS), Healthcare.gov, Unisys Federal, and Oteemo. The New Relic platform is available through Carahsoft Technology Corp.’s General Services Administration (GSA) Schedule No. GS-35F-0119Y, which is used by federal, state, and local government agencies to streamline procurement of New Relic’s products.

New Relic supports government agencies and contractors looking to accelerate their IT modernization projects and deliver on new software initiatives. Many government IT teams want to pursue modern software practices, implement cloud technologies, and deliver enhanced user experiences. And with FedRAMP authorization to operate for New Relic, these teams can now do so faster and more easily, while still maintaining the levels of security and compliance required by the United States government.

Contact us to learn more about New Relic for Government IT.