The cloud-based phishing simulation platform of ZibaSec, a cybersecurity startup, has been granted a moderate authority to operate under the Federal Risk and Authorization Management Program.
ZibaSec said Friday its flagship product PhishTACO received the FedRAMP moderate ATO, which was sponsored by the Department of Justice, on May 24, marking a major milestone for the one-year-old startup.
The backend of the simulation platform is built with a serverless architecture resulting in a smaller attack surface compared to traditional virtualized or containerized systems. Amazon Web Service’s web application firewall and shield also protect PhishTACO’s perimeter against injection and denial-of-service attacks.
“PhishTACO has enabled some of the world’s most secure organizations to improve the resiliency of their employees against social engineering attacks,” said Julie Davila, CEO and cofounder of ZibaSec.
Coalfire security experts assessed ZibaSec’s product. The authorization, which was based on the findings of the third-party assessment organization and the validation from the FedRAMP Program Management Office, certifies PhishTACO’s compliance with more than 300 individual security controls.
The company said it intends to relay to federal partners and eligible customers its services that acquired engineering improvements, enhanced security and organizational development from the FedRAMP process.