Final Steps to BloodHound Federal — FedRAMP High Compliance
Ever since SpecterOps first launched BloodHound Enterprise (BHE) in July 2021, one of our team’s biggest frustrations involved a lack of FedRAMP qualifications, which prevented us from supporting a large set of desired users; specifically in the federal space. This is why I am both proud and happy to share that BHE is now in the final stages of the Palantir FedStart program and is expected to be FedRAMP High compliant in April 2024. We are ready to engage with FedRAMP required environments now to show you, our users, how we can help shut down Attack Paths.
BHE is a software-as-a-service (SaaS) Attack Path Management (APM) platform for Active Directory (AD) and Azure. From the beginning, we took the security of the data we held extremely seriously and took steps to segment and secure our infrastructure. This includes a single tenant architecture and adherence to major compliance frameworks like ISO 27001, ISO 27017, and SOC 2 Type 1 & 2. Many of us come from a service background in either the Department of Defense (DOD) or similar agencies and have always wanted to bring our capability to organizations with a requirement for FedRAMP compliance.
Our partnership with Palantir’s FedStart program has streamlined our path to FedRAMP compliance; this begins with Palantir’s SaaS infrastructure platform that is secured for federal clients and is FedRAMP compliant. BHE is deployed as an application on top of this platform to comply with and inherit further security controls FedRAMP requires. We’ve also added additional policy, process, and certification refinements on the SpecterOps side. After several months of working with the Palantir team, we’re excited to detail the final stages:
- March 2024: FedRAMP High Audit Execution
- April 2024: FedRAMP High and IL5 Compliant with a High ATO from HHS
This accreditation is through an agency Authority to Operate (ATO) and our progress can be viewed on the FedRAMP Marketplace here.
If you are an agency or an organization that requires FedRAMP compliance and has AD or Azure, we want to talk to you. We have roots in DOD / agency red teams and offensive services and we’re eager to serve again. Request a demo today and let us show you how you can manage your Identity Attack Path risk to remove the adversary’s favorite target.
Final Steps to BloodHound Federal — FedRAMP High Compliance was originally published in Posts By SpecterOps Team Members on Medium, where people are continuing the conversation by highlighting and responding to this story.