New Relic has long understood that the connection between user experience, business operations, and applications is of the utmost importance to our customers. We’re also aware that many of our customers operate in regulated, federal environments. With regulatory compliance standards in place, New Relic is the only programmable observability platform that can instrument, measure, and improve federal applications and hybrid infrastructures to help agencies create better-performing software that delivers best-in-class digital user experiences.
Today, we are happy to announce that the New Relic platform has passed another major milestone, as we’ve received Federal Risk and Authorization Management Program (FedRAMP) Authority to Operate (ATO) with the U.S. Office of Management and Budget (OMB). The FedRAMP ATO enables New Relic to operate as a Cloud Service Provider (CSP) for systems operating at the FIPS 199 “Moderate” impact level. Government organizations looking to modernize IT systems with cloud technologies and improve their citizens’ experiences can now employ New Relic to achieve better visibility across their solution stack. And they can use New Relic with the assurance that our security processes and technology meet federal standards.
A secure and programmable observability platform
Any agency can use New Relic’s observability platform to instrument its unique digital environment—from traditional monoliths running in on-premises data centers to distributed microservices applications powered by cloud native technologies—and collect billions of telemetry points in real time. New Relic contextualizes and curates this data and presents it in a meaningful, customizable, and easily digestible way that caters to the specific, actionable needs of application owners, IT administrators, developers, security officers, or compliance officers.
The New Relic platform takes deep, real-time monitoring and observability beyond the application level—including applications, containers, Kubernetes pods, databases, AWS Lambda functions, virtual machines, and any other entity within the IT environment. Also, New Relic integrates with other open-standard tools and solutions so agencies can extend their observability across their digital environments.
Finally, New Relic gives customers something our competition cannot give them: the industry’s only fully programmable observability platform. We give users the tools to build custom applications that connect your observability data, gathered from myriad sources—including third-party open source data—all in one place. And this capability enables customers to better understand how their digital operations affect their service-delivery and business outcomes.
Minimize the costs and risks of cloud migrations
New Relic mitigates the risk of cloud migrations by providing cloud migration experts within federal agencies the critical information they need about their applications. From identifying application dependencies, to tracking cloud preparedness, to monitoring real-time performance before, during, and after they transition to the cloud, agencies can ensure application performance is reliable and consistent throughout the migration process. New Relic’s comprehensive view also shows migration experts what infrastructure resources and service level agreements are needed to ensure adequate support for their applications. When merged with cost data, New Relic can even recommend ways to optimize cloud usage and costs, through tools like the New Relic One Cloud Optimization app.
Improve the user experience; improve user loyalty
New Relic provides stakeholders across any federal agency a single, shared view of their citizens across multiple interactions, channels, and products. Through real user monitoring—via web browsers, synthetic tests, and mobile apps—New Relic enables federal agencies to monitor how their citizens interact with their software. In fact, agencies can monitor features and performance by geography, by browser, or by device type. With such tools in place, agencies are better equipped to improve customer satisfaction and loyalty, make better software decisions, foster collaboration across the organization, and drive positive business outcomes.
Key security controls in place
FedRAMP authority to operate brings an additional benefit to all of our customers—not just those in the federal government: Like our current SOC 2 Type 2 certification, it provides additional oversight and third-party validation that New Relic’s security controls are in place and operating efficiently.
For example, FedRAMP requires:
- Certification by an official Third Party Assessment Organization (3PAO) that all 325 “Moderate Impact” level security controls outlined in NIST 800-53 are implemented and functioning correctly
- Recertification of one-third of those controls annually
- Monthly reporting to federal clients to ensure that security controls are properly maintained
- Regular security scans by a third party—a practice that is already in place at New Relic
Accelerating government IT modernization
Why is this so important? By achieving FedRAMP authority to operate, New Relic enables government IT leaders to get the same level of real-time insights that commercial operations and development teams have come to rely on, while still ensuring compliance with established security standards, such as:
- Role-based access controls for employees that are reviewed on a regular basis
- Annual security awareness training for all employees, along with specific training for developers on secure coding practices
- Continuous vulnerability scanning and regular third-party security assessments
- Regularly reviewed and tested disaster recovery plans
- A strong vulnerability management program (including the use of bug bounties) that identifies, prioritizes, and assigns SLAs to vulnerabilities
- A vendor security program that includes security reviews and contractual requirements
New Relic supports a number of public sector organizations and contractors, including the Centers for Medicare and Medicaid Services (CMS), Healthcare.gov, Unisys Federal, and Oteemo. The New Relic platform is available through Carahsoft Technology Corp.’s General Services Administration (GSA) Schedule No. GS-35F-0119Y, which is used by federal, state, and local government agencies to streamline procurement of New Relic’s products.
As the only observability platform in the market acknowledged to meet FedRAMP security requirements, New Relic can better support government agencies and contractors looking to accelerate their IT modernization projects and deliver on new software initiatives. Many government IT teams want to pursue modern software practices, implement cloud technologies, and deliver enhanced user experiences. And with FedRAMP authorization to operate for New Relic, these teams can now do so faster and more easily, while still maintaining the levels of security and compliance required by the U.S. government.