January 25, 2023

VMware Workspace ONE SaaS and VMware Government Services IaaS are now Authorized for StateRAMP

Andrew Osborn discusses today's exciting announcement: VMware Workspace ONE Software-as-a-Service (SaaS) Suite and VMware Government Services (VGS)Infrastructure-as-a-Service (IaaS) are now included in the Approved Product List (APL) within the StateRAMP verification process!

Helping Public Sector State, Local & Education Customers to Provide Secure, Modern Endpoint Management

image-20230125171421-1

Workspace ONE SaaS and VMware Gov't Services IaaS Authorizations for StateRAMP

We are excited to announce that both VMware’s Workspace ONE Software-as-a-Service (SaaS) Suite and our Infrastructure-as-a-Service (IaaS) – VMware Government Services (VGS) are now included in the Approved Product List (APL) within the StateRAMP verification process! 

VMware Workspace ONE is a FedRAMP Moderate Authorized solution, providing a digital workspace platform that combines endpoint device deployment and management with secure Zero Trust Access for agencies & branches.

VMware Government Services (VGS) is a FedRAMP High Authorized set of cloud service offerings designed to allow US government agencies and customers supporting the US government to migrate, manage, and operate more sensitive workloads in the cloud.

The StateRAMP compliance verification is modeled in part after FedRAMP and leverages an independent audit conducted by a third-party assessment organization delivered to the StateRAMP Program Management Office (PMO) for review. The APL includes products with verified security statuses ranging from Ready-to-Authorized, as well as in-Progress statuses for providers who are in the process of working toward an authorization. To ensure ongoing security compliance and risk mitigation, providers must comply with continuous monitoring requirements to maintain a verified security status.

The continuous monitoring (ConMon) function of StateRAMP can be a real difference maker for SLED govts seeking to trust-but-verify that their providers have security controls and processes in place to ensure the data we are placing with them is protected. The configurations in place significantly reduce the time it takes to set up and configure e.g., Windows or macOS devices and allow an agency’s sysadmins a way to manage the thousands of group policy objects for those systems, while providing enhanced Integrated Insights for complete visibility into an agency’s digital workspace. Admins can gain deep insights into device, user, and app posture, enabling data-driven decisions across an agency or branch’s entire environment with StateRAMP Workspace ONE.

Ensuring Security, Modern Management, and Compliance Enforcement for your Endpoints and Workloads with Workspace ONE

Consistently ranked as a leader by industry analysts, Workspace ONE delivers consumer-simple, single sign-on (SSO) access to cloud, web, and Windows apps in one unified catalog that engages employees. Agencies can enable employees while enhancing their user experience with a broad range of devices including iOS, Android, Mac, Windows, and rugged devices to meet the needs or preferences of a user or their mission while enforcing fine-grained, conditional access policies that also take into account device compliance information delivered by unified endpoint management (UEM) technology.

The Workspace ONE environment includes Workspace ONE Access, which provides multi-factor (MFA) and derived credentials authentication (PIV-D), conditional access and single sign-on (SSO) to SaaS and web apps, and Workspace ONE Intelligent Hub, which offers a unified catalog, actionable notifications of potential interest to employees, and a people directory for a full digital workspace experience, as well as asset management and provisioning solutions as represented in Figure 1:

Diagram</p> <p>Description automatically generated

Figure 1: VMware’s Workspace ONE StateRAMP-hosted Cloud Service Integration with Customer

The VGS authorization boundary provides Software-as-a-Service (SaaS) and Infrastructure-as-a-Service (IaaS) capabilities to deliver modern applications at the speed the US government demands and operate across the data center, the edge, and the cloud. VGS provides the following FedRAMP-authorized services at the High baseline: VMware Cloud on AWS GovCloud (US) (VMC), Hybrid Cloud Extension (HCX), Carbon Black Cloud (CBC), Software Defined WAN (SD-WAN) and lastly, the Horizon Cloud Service (HCS) when combined with the Workspace ONE suite, can provide a full-fledged End-User Computing (EUC) secure and authorized cloud-based solution.

Regarding HCS, agencies and institutions will have the flexibility of deploying virtual desktops and apps in the cloud with an option to also run Horizon 8 on-premises or in the cloud, while leveraging the lower costs and scale benefits of Horizon. With a hybrid-cloud approach, agency IT depts can further broaden the scope of use cases their Virtual Desktop Interfaces (VDI) and Desktop-as-a-Service (DaaS) environments can cover, including High Availability / Disaster Recovery (HA/DR) and cloud bursting and represented in Figure 2:

image-20230125171753-2

Figure 2: VMware’s Horizon Cloud Service for StateRAMP-hosted for SLED Customers

Workspace ONE Suite Integration

Workspace ONE is built on VMware's Workspace ONE UEM technology that provides for the standard aspects of Mobile Device Management (MDM) and Mobile App Management (MAM), including a Unified Application Catalog. Workspace ONE integrates with virtual desktop application delivery via VMware Horizon on a common identity framework with Workspace ONE Assist to complete a full End-User Computing (EUC) suite.

Diagram</p> <p>Description automatically generated

      StateRAMP Workspace ONE  =  UEM   +  Hub Services  +   Intelligence  +  Access  +  Assist   >   Horizon

Figure 3: VMware EUC Portfolio Logical View with Product Links

Additionally, each of the Workspace ONE components brings an integrated and secure Zero Trust Architecture solution that is partnered under a CRADA with the National Cybersecurity Center of Excellence (NCCoE ). Together within VMware Anywhere Workspace, this solution builds trust to empower the government’s anywhere workforce with secure and frictionless experiences by:

  • Delivering unique integrations enabling tailored experiences and higher productivity for frontline, hybrid, and remote users, across heterogeneous environments including physical and virtual devices and multiple OS’s.
  • Enabling Zero Trust Network Access (ZTNA) with remote support for any device (BYO, 3rd party or VMware-managed) in a true hybrid workforce and providing a Security Operations Center (SOC) / Information & Technology support team the tools and telemetry for Indicator of Compromise (IoC) on mobile.
  • Facilitating flexible deployment options to obtain immediate value for prioritized use cases, so you can scale at your own pace to harness the full potential of an integrated platform.
  • Optimizing security and experience through an integrated approach that combines market-leading technologies essential for hybrid work. This integrated approach provides connected visibility and context, ensuring broader security coverage.

Industry Accolades

For more in-depth details regarding VMware’s most recent industry accolades and reviews, see the following blogs & external links:

Additional Resources

Filter Tags

Workspace ONE Carbon Black Cloud Horizon Cloud Service Workspace ONE Access Workspace ONE Intelligence Workspace ONE UEM Blog Announcement Intermediate Zero Trust Public Sector

Andrew Osborn

Read More from the Author

Staff Technical Marketing Architect, Federal, End User Computing, VMware by Broadcom. Andrew Osborn is a Staff Technical Marketing Architect with VMware by Broadcom, where he is serving in a role as a dedicated for all things End-User Computing (EUC) compliance / regulatory and security. He's got over 20 years’ experience in the IT Industry, including the last 10 years within Public Sector, with roles spanning Cybersecurity, Networking, Enterprise Ops, Mobility & Telco solutions, encompassing numerous technologies and architectures. Andrew received an MIS degree from Univ. of Oklahoma with certs from ISC2 CISSP & GIAC GSLC and is based out of San Antonio, TX. He contributes to VMware’s Tech Zone to provide more tailored messaging for Federal, State, Local & Education (SLED) solutions for EUC.