3 Steps To Gain & Maintain FedRAMP Compliance
If your organization intends to interact and do business with U.S. federal agencies, each one of your assets needs the right FedRAMP configuration settings. There are three main steps needed to achieve and maintain compliance. Uptycs offers a flexible solution to help with one or all of the below:
Attestation, Visibility and Reporting
Gaining Visibility and Proving your Compliance
When an auditor comes in looking for proof of your compliance, you must be able to show that you have full visibility into all your assets and can clearly define your system boundaries.
Measurable Compliance Posture
Continuously Monitoring Your Compliance Posture
Your systems need to be properly configured to meet FedRAMP requirements, and you need to have instant visibility into your compliance posture across your endpoint fleet.
Requirements & Controls
Implementing Mandatory Security Requirements and Controls
Part of being compliant requires the implementation of specific security measures, such as file integrity monitoring (FIM), behavioral detection (IDS), and other controls.
Attestation, Visibility and Reporting
Gaining Visibility and Proving your Compliance
When an auditor comes in looking for proof of your compliance, you must be able to show that you have full visibility into all your assets and can clearly define your system boundaries.
Measurable Compliance Posture
Continuously Monitoring Your Compliance Posture
Your systems need to be properly configured to meet FedRAMP requirements, and you need to have instant visibility into your compliance posture across your endpoint fleet.
Requirements & Controls
Implementing Mandatory Security Requirements and Controls
Part of being compliant requires the implementation of specific security measures, such as file integrity monitoring (FIM), behavioral detection (IDS), and other controls.

Case Study: FedRAMP Compliance for Linux
This major SaaS-based CRM service provider needed a security and compliance solution to support their FedRAMP certification . Within a three-month window, Uptycs Unified CNAPP and XDR provided the necessary functionality to meet the criteria established by the auditors for FedRAMP certification.
Read This Case StudyHow Uptycs Helps You Exceed FedRAMP Requirements
Ticking a box that you’ve established controls to meet the minimum FedRAMP System Security Plan (SSP) requirements doesn’t mean you’ve met that requirement in the way that is best suited for your organization’s security needs.
Uptycs provides a number of controls and services that can help your organization establish and demonstrate the control outlined in FedRAMP SSPs, and extends value far beyond auditing and compliance objectives.

Attestation, Visibility and Reporting
- Hone in on any given asset’s security posture, provenance, and prevalence
- Gain live and historical access to processes, files, certificates, and other attributes
- Benefit from comprehensive live audit support

Measurable Compliance Posture
Gain detailed compliance posture information to make identifying non-compliant assets much simpler.
-
View customizable dashboard visualizations of compliance posture
-
Identify where you need to target your remediation efforts
-
Drill down into non-compliant assets to get associated evidence and remediation guidance
-
Instantly see the latest failed configuration checks, most non-compliant resources, time to resolve non-compliance, and much more.
-
Integrations with Splunk, ServiceNow and other ticketing & SOAR systems

Requirements & Controls
Set your security controls to meet compliance requirements while also making security-forward decisions to level-up your defense arsenal.
-
Leverage telemetry-powered behavioral detection, including IDS, to spot IoCs and IoBs and see them mapped to MITRE ATT&CK
-
Get multi-method malware detection including YARA scanning and integration with third-party file reputation databases
-
Utilize FIM for directories and files, with out-of-the-box sensitive folder and file detection
-
Establish policy baselines and receive comprehensive monitoring, alerting and reporting on anomalous events
-
Harness the power of lateral movement detection to see exactly how a threat attempts propagation within your network
FedRAMP certification can be lengthy and cumbersome — and few organizations have the resources or skillset to take it on by themselves. Moreover, since FedRAMP isn’t a set-it-and-forget it program, your team may still work post-certification to ensure your organization stays compliant.
While we can’t do all the work needed to achieve compliance for you, Uptycs can help you streamline the process and provide the tools you need to get there in just a fraction of the time.
FedRAMP Capabilities of
Uptycs Unified CNAPP and XDR
Explore the full list of capabilities that come together to support your FedRAMP compliance requirements:
Asset Inventory Audit
- Instant visibility into security posture of an asset
- Random asset selection at scale for auditing with comprehensive insight support
- Asset provenance: serial, h/w, configs, users, network, inventory, detections, certificates and compliance
- Asset prevalence: Rare startup, paths, packages, users, access and processes as % of cohort
- Asset prevalence: Comparison of asset vs cohort: users, shell access, compliance failures and more
- Live and historical access to: processes, files, certificates and attributes and artifacts
- Comprehensive Live Audit support
CIS Audit
- OS distribution independent and distro dependent benchmarking and audit
- Over 200 comprehensive checks for rich audit
- Customizations for scoring, exclusion, parameterization of audit benchmark
- Inline CIS definitions and prescriptions
- Evidence capture from each run
- High fidelity and lightweight telemetry-based continuous compliance and monitoring
- Telemetry-based live and continuous audit and compliance support
- High-speed audits to support 24x7 monitoring
- Structured audit and results to find problems and improve security hygiene
Custom Audit & Compliance
- Granular and customizable checks
- Configuration support for scoring, parameterization of checks
- Composable checks that span multiple standards (PCI, SOC, etc.)
- Recomposable checks to create custom audit and compliance standards
- Captured structured evidence
- Established golden baselines
- Integrations with Splunk, ServiceNow and other ticketing and SOAR systems
- Customizable alerts, reports and dashboards
FedRamp Controls Audit
- FedRAMP support: Over 200 controls with CIS-based baseline per FedRAMP recommendations
- FedRAMP-specific controls for Linux workloads
- FedRAMP baseline checks for AC - Audit & Controls
- FedRAMP baseline checks for AU - Audit & Accountability
- FedRAMP baseline checks for CM - Config & Management
- FedRAMP baseline checks for IA - Identification & Authorization
- FedRAMP baseline checks for SC - System & Communication Protection
- FedRAMP baseline checks for SI - System & Information Integrity
- Flexible and re-composable checks
- Scoring, parameterization, evidence collection, prescriptions and other features and attribution per check
- Common checks from other standards such as CIS, SOC 2, PCI and HIPAA
Audit Support Services
- Customer partnership to establish controls
- Proactive, reactive and predictive controls
- Audit preparation by helping customer with their preparatory checklist
- Customer collaboration: Team extension
- Customer collaboration: Surface evidence
- Customer collaboration: Live visibility
- Customer collaboration: Established provenance and efficacy of controls
- Custom alerts, reports and dashboards as necessary
- Full and comprehensive report for customer engagement
Behavioral Detection (IDS)
- Comprehensive system behavior-based detection
- Telemetry-powered Behavioral Detection functionality, including IDS
- Lambda Analytics correlation for event and alerts
- Login, Sessions, Process activity detection
- Commands, Sockets, DNS, Files and more
- Behavioral (Indicators Of Behavior - IOB) detection
- Compromise (Indicators Of Compromise - IOC) detection
- Configuration and customization capabilities
- IOB’s and IOC’s mapped to MITRE ATT&CK
Malware Detection
- Multi-method malware detection
- VirusTotal integration and correlation
- 3 rd party File reputation database integration
- Live YARA scan for 100’s of signatures at process launch
- On-demand YARA scan of File and related carving
- On-demand YARA scan of Process/Memory and related carving
- YARA scan triggered by File Integrity Monitoring
- Process has baselining and correlation
File Integrity Monitoring
- FIM for directories and files
- Out-of-box sensitive folder and files detection
- Read, Write, Exec, Modify
- Multi-method correlation – system based and file system based
- Deep sys-call integration for change attribution and chaining
- Rapid inotify monitoring for micro-VM deployments
- Policy, baseline, monitoring, alerting, reporting
- Regulatory compliance such as PCI, SOC 2, HIPAA, NIST
- Comprehensive exclusion filters and policies to reduce noise
- Auto YARA scan based on FIM triggers
Network Detection
- DNS capture and reputation correlation
- HTTP/HTTPS capture and correlation
- JA3 and JARM hash computation and reputation correlations
- JA3/JARM lookup alerts and baselining
- System socket API telemetry
- Lateral movement detection
- Logon activity and correlation with network
- Syslog capture and detection of network activity
Baseline & Outlier Detection
- Collect and create baselines across multiple dimensions
- Logins, Paths, Hash, Sockets and many more attributes
- Establish baseline based on 30,60,90, 180 days or more of historical telemetry
- Compare real-time activity against baseline
- Event and Alert correlation for process, logins, shell cmd’s, process hash, sockets and more
- Detect potential outliers based on historical baseline deviations
Vulnerability Detection
- Continuous ingestion: Asset inventory and software packages
- Continuous ingestion: Asset configuration and asset audits
- Continuous ingestion: Vendor provided security bulletins
- Continuous ingestion: CVE’s and other known sources of vulnerabilities
- Continuous ingestion: CIS and similar audit benchmarks
- Continuous Analytics: Correlation of software inventory with vendor provided security bulletins to surface software vulnerabilities
- Continuous Analytics: Correlation of asset audit and config checks to surface configuration vulnerabilities
- Standardized measurable outcomes based: CIS, CVE/CVSS/NVDB
- Customized measurable outcomes based on organizational needs
“ We’ve been using Uptycs for security visibility, threat detection, and incident investigation across our Linux and MacOS fleet. Their audit and compliance analytics has been instrumental for our FedRAMP authorization and ISO 27001 certification. ”
Grant Kahn
Director, Security Intelligence Engineering at Lookout