Please think about getting FedRAMP certified so I don't have to use Keeper

andyshinn
andyshinn
Community Member
edited January 2023 in Business and Teams

Hello. We recently had to move off of 1Password due to FedRAMP requirements. Would love to use 1Password instead of Keeper as Keeper is a far inferior product. Thanks!

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser:_ Not Provided

Comments

  • ag_max
    ag_max

    Hi @andyshinn,

    I've just passed on your request to the rest of the team. While I cannot promise anything, this will help us better track interest for the future. And if you have any additional feedback you'd like to share about FedRAMP certification and your organization's requirements, I highly recommend that you contact our Business team via email: business@1password.com

    In the meantime, I'm sorry to hear you weren't able to stick with 1Password. Let us know if we can be of any help going forward. 👍

    ref: IDEA-I-1616

  • bobmah999
    bobmah999
    Community Member

    Hi. This is a message I just sent to your business@1P address:

    I am a huge fan of your product, and I have been a personal user for years.  I have a confidence in your technical expertise and concern about security.

    This is why your lack of guidance on FedRAMP certification is painful to me.

    I work in security at a FedRAMP-Moderate site, and we use 1Password, although with a fragility around compliance that is a hassle for us.  Since 1P is not FedRAMP-certified, we have had to get our sponsoring agency to allow it, which puts us in a position of having to check in on your planning every 30 days, and track this on a spreadsheet we must then upload to OMB, along with a bunch of other security documentation.

    We are about to change sponsoring agencies, and so I don't know if they are going to allow us to continue to use it.  They may just tell us No.

    Every FedRAMP site has this problem.  The first password manager that gets certified is probably going to get most of that business, regardless of their other features.  It's disappointing to see conversations like (this one)

    https://1password.community/discussion/134093/please-think-about-getting-fedramp-certified-so-i-dont-have-to-use-keeper

    because this (and other FedRAMP questions) are responded to as if this was a term 1Password had somehow not encountered before.

    Please made a decision to attempt certification or not, and let the community know.

    Thanks.

  • ScottS1P
    ScottS1P

    Hello @bobmah999,

    Thanks for letting us know you reach out to the business team about FedRamp certification. They will be able to get you the best information over email, so please be on the lookout for that over the next few business days.

    Have a good weekend

  • pgnd
    pgnd
    Community Member

    after LastPass,

    mainstream sec media advising

    https://www.infosecurity-magazine.com/news-features/lastpass-breaches-password/

    Users can no longer assume every password manager on the market will provide the same level of protection. When searching for a secure option, users should prioritize security certifications such as SOC 2, ISO 27001 and FedRAMP,” he advised.

    competition implementing

    https://www.keepersecurity.com/fedramp.html
https://www.keepersecurity.com/blog/2022/12/23/lastpass-breach-what-you-should-know/
https://marketplace.fedramp.gov/#!/product/keeper-security-government-cloud-ksgc

    Keeper has the most security certifications in the industry. Keeper is SOC2 Certified, FedRamp Authorized, StateRamp Authorized and ISO27001 certified.

    and mentions from @ 1Password

    https://1password.community/discussion/129747/fedramp-authorization

    "... not something we currently have plans to pursue. ..."

    & this thread,

    what's 1password's current response to the reasonable request above

    Please made a decision to attempt certification or not, and let the community know.

    ?

  • ag_max
    ag_max

    Hi @pgnd,

    The answer Ben gave in the other community thread is still accurate. We don't currently have any plans to pursue FedRAMP authorization at this time. It's possible we may be able to pursue StateRAMP in the future, however.

    That said, as mentioned earlier in the thread, our team would be happy to discuss any comments and concerns about FedRAMP authorization and other requirements via email at business@1password.com, if you're interested in looking at 1Password for use in your organization.

    To address any security concerns, we can provide our 1Password Security Design white paper, our current SOC 2 Type 2 report and other documentation, so you can determine whether our security and privacy design are sufficient for your organization's needs.

  • pgnd
    pgnd
    Community Member
    edited January 2023

    There's nothing to 'determine'. Some businesses require FedRAMP compliance. Either you're FedRAMP or you're not.

    Sounds like 1Password isn't and has no plans to be.

  • ag_max
    ag_max

    Although there are companies that may explicitly require FedRAMP authorization, many others may be looking at this type of authorization for other reasons, and if that's the situation, we'd want them to contact our business team via email so they can work with them to find answer their specific concerns.

    I again do have to recommend that anyone with questions or concerns contacts our team at business@1password.com to get in contact with those best equipped to have this conversation.

    I appreciate your interest in this. For now, I'm going to close this thread so the other commenters aren't bombarded with email notifications for this thread. You can create a new thread for any other topics that may come up and our team will be happy to assist.

This discussion has been closed.