Doorway on steps in the clouds

Appian Cloud app gets FISMA moderate security cert

The General Services Administration has granted moderate-level security certification to a business process management application built on Appian Cloud that the agency is using for acquisition planning, making it easier for other federal agencies to use Appian cloud-based software.

Appian Cloud, which runs on the Amazon Web Services cloud platform, has received Federal Information Security Management Act (FISMA) Moderate Authorization and Accreditation.

In 2010, Appian Cloud was accredited with FISMA low-level security by the Education Department. However, the GSA awarded the moderate designation based on an set of stricter controls covering the application’s security assessment report, system security plan, together with the contingency plan, and contingency test report.

As the agency responsible for federal procurement, GSA needed to improve its own adherence to Federal Acquisition Regulations and roll out a system that would help all agencies do the same. To that end, GSA deployed Appian in the cloud for acquisition planning, making a complicated, time-consuming process run more efficiently. 

Using Appian, GSA procurement officers can see all system and human events related to a given procurement contract. They are also able to collaborate and drill down into procurement-related data hosted in other systems to improve data accuracy and support regulatory compliance, Appian officials said.

Appian Cloud, which uses AWS’s Amazon Elastic Compute Cloud, is a complete BPM suite available in the cloud as an on-demand software-as-a-service offering via a subscription model.

Amazon has invested heavily in making sure its cloud services meet federal security and compliance standards, a key reason Appian has partnered with the company, said Myles Weber, Appian’s vice president for cloud and community services.

About the Author

Rutrell Yasin is is a freelance technology writer for GCN.


  • Russia prying into state, local networks

    A Russian state-sponsored advanced persistent threat actor targeting state, local, territorial and tribal government networks exfiltrated data from at least two victims.

  • Marines on patrol (US Marines)

    Using AVs to tell friend from foe

    The Defense Advanced Research Projects Agency is looking for ways autonomous vehicles can make it easier for commanders to detect and track threats among civilians in complex urban environments without escalating tensions.

Stay Connected