Onspring’s GRC Software Achieves FedRAMP In Process Designation

The Federal Risk and Authorization Management Program has given the in process designation to Onspring GovCloud, a no-code, cloud-based governance, risk and compliance software offering for federal agencies.

The software allows users to manage any governance framework such as the Cybersecurity Maturity Model Certification; automate lifecycle workflows and compliance testing; assess, tier and track vendors; and gauge performance with live dashboards of key metrics, risk scores and audit activity status.

With the designation, agencies in need of FedRAMP-authorized GRC software to support their digital modernization effort can now begin solicitations with Onspring. Tennessee Valley Authority is sponsoring the software to get the product authorized under FedRAMP, Onspring said.

According to David Abdalla, senior program manager at Tennessee Valley Authority, the organization chose to sponsor Onspring GovCloud because it can map and report on controls with real-time compliance tracking of North American Electric Reliability Corporation Critical Infrastructure Protection standards in a FedRAMP Authorized environment.

Onspring believes the GRC software will attract government customers since similar products that achieved the FedRAMP Authorized designation are not too many.

Nichole Windholz, Onspring’s director of cybersecurity, said the company is now ready to help federal agencies automate their GRC programs in the cloud, citing Onspring’s over 10 years of experience serving commercial sector customers.