Cofense Granted FedRAMP Moderate Authorization

Share Now


Leesburg, Va. – February 18, 2021 – Cofense®, the leading provider of phishing detection and response (PDR) solutions, today announced that Cofense PhishMe® has achieved a Federal Risk and Authorization Management Program (FedRAMP) Moderate Authorization to Operate (ATO). Cofense’s FedRAMP authorization was sponsored by the U.S. Department of Health and Human Services (HHS) and was also reviewed by the FedRAMP Program Management Office (PMO). The Cofense PhishMe FedRAMP environment is architected on Amazon Web Services (AWS) GovCloud, and is the first FedRAMP Moderate authorized phishing simulation solution.

FedRAMP was created to assess the security of Cloud Service Providers (CSPs), saving time and money for U.S. government agencies that would otherwise conduct their own assessments. A Moderate-Impact Authorization requires significantly stricter security controls compared to Low-Impact Authorization, including stringent operational requirements to protect personally identifiable information, and the safeguarding of information related to phishing simulations and suspicious messages reported by employees. Cofense’s Moderate-Impact Authorization required an independent evaluation of the following:

  • Cofense’s implementation of the 325 FedRAMP Moderate NIST SP 800-53 Controls to protect the confidentiality, integrity and availability of customer data
  • Cofense’s vulnerability management practices by conducting independent vulnerability scans
  • Cofense’s web application security practices by performing independent penetration testing

Spear phishing continues to be one of the most significant concerns among federal agencies, which are challenged today by the need to protect mission critical information while supporting a growing remote workforce,” said Sylvain Lacroix, Cofense Director, Federal & Defense Contractors Sales. “Cofense PhishMe allows federal agencies to securely and proactively defend against cybersecurity threats spread via email, which is the leading cause of data breaches. Cofense is excited to continue serving the needs of highly regulated industries such as the U.S. Federal Government with our Cofense FedRAMP Moderate offering.”

Cofense solutions deliver protection from malware threats, ransomware campaigns and scams that evade Secure Email Gateways (SEGs) every day and provide federal teams the visibility and tools to stop phishing threats in minutes, not hours. With Cofense PhishMe, federal agencies can transform employees into the last line of active defense through education, ongoing simulations and an easy to use reporting tool so organizations can swiftly detect, respond to and stop phishing attacks in their tracks.

Andrew Ledford, FedRAMP Program Manager, added, “Cofense prioritizes providing the highest level of protection to our customers, which is why we made the commitment to pursue a FedRAMP moderate impact level authorization – anything lower was just not sufficient to meet the needs of our customers. Our network of 25 million users combined with advanced automation is what makes Cofense the strongest phishing detection and response solution on the market today, and we are extremely proud of this milestone. We look forward to maintaining our status as a trusted provider of phishing defense for U.S. government agencies.”

View the authorized Cofense PhishMe listing on FedRamp Marketplace. To learn more about how Cofense and its phishing defense solutions, including Cofense PhishMe, can help secure federal networks, please visit  

About Cofense
Cofense® is the leading provider of phishing detection and response solutions. Designed for enterprise organizations, the Cofense Phishing Detection and Response (PDR) platform leverages a global network of over 25 million people actively reporting suspected phish, combined with advanced automation to stop phishing attacks faster and stay ahead of breaches. When deploying the full suite of Cofense solutions, organizations can educate employees on how to identify and report phish, detect phish in their environment and respond quickly to remediate threats. With seamless integration into most major TIPs, SIEMs, and SOARs, Cofense solutions easily align with existing security ecosystems. Across a broad set of Global 1000 enterprise customers, including defense, energy, financial services, healthcare and manufacturing sectors, Cofense understands how to improve security, aid incident response and reduce the risk of compromise. For additional information, please visit or connect with us on Twitter and LinkedIn.

Media Contact

[email protected]

Read More Related Phishing Blog Posts


We use our own and third-party cookies to enhance your experience by showing you relevant content, personalizing our communications with you, and remembering your preferences when you visit our website. We also use them to improve the overall performance of our site. You can learn more about the cookies and similar technology we use by viewing our privacy policy. By clicking ‘Accept,’ you acknowledge and consent to our use of all cookies on our website.

This site is registered on as a development site.