FISMA & FedRAMP Compliant Hosting

The Federal Information Security Management Act (FISMA) requires federal agencies to implement and support standardized IT security controls. These controls, defined by the National Institute of Standards and Technology (NIST), allow agencies to safely and confidently outsource critical applications to FISMA-compliant clouds, managed hosting environments and SaaS providers.

Designed to Address Strict FISMA Standards
More than half of all federal cabinet-level agencies — including Veterans Affairs, the Department of Justice, Homeland Security and the Small Business Administration — rely on Rackspace for secure cloud and managed hosting services. Rackspace is Oxcyon's strategic partner acting as the physical hosting environment for our dedicated and cloud hosted clients.  

Audit Support
We fully participate in any Federal Government Assessment and Authorization audit.

Security Controls
We implement and deploy the appropriate FISMA, NIST and Federal Information Processing Standard (FIPS) managed security controls.

Ongoing Management
We manage your private cloud or dedicated hosting environment and administer ongoing FISMA compliance monitoring and reporting.

Expertise for Your Clouds
We help identify the required NIST security controls and help you design, architect and productize your security infrastructure.

Cloud Hosting and Managed IT Services to Support the Delivery of Secure Government Services
Lacking the specialized expertise required to host and manage critical apps and highly sensitive data for a federal, state or local government agency? With nearly two decades of industry experience and deep expertise, we’re here to help.

Whether you take advantage of our authorized government cloud platform, a public cloud or a custom hybrid configuration, we’ll deliver an end-to-end solution that provides the peace of mind you need to focus on delivering quality service to the public sector. We understand that there is no “one size fits all” approach to managed services. That’s why we work with you to understand your unique needs and customize a solution to address your requirements. Our government solutions are available to US government entities through a variety of contract vehicles, including:

GSA IT Schedule 70
Library of Congress BPA for AWS & Google®
We back all of our solutions with Fanatical Support® — the deep expertise and dedication to service that’s at the core of everything we do. 


NIST 800-53

NIST 800-171


Secure Sensitive Data
We take security seriously. We implement and administer security controls based on NIST SP 800-171 (“DFARS”), NIST 800-53, FISMA and FedRAMPguidelines, and specialize in deploying high-security and high-performance solutions.We’ll help ensure that your certifications are never out of date, eliminating the need for a third-party assessor.

Access Support 24x7x365

Our certified support engineers will support your government solution 24x7x365. They’ll use monitoring tools — customized for your hardware and operating system — to continuously verify the availability of your critical resources, processes and essential services.We continually develop enhancements that allow us to offer advanced monitoring services across all platforms.Rackspace offers the option of U.S.-based support, provided only by U.S. citizens working in the continental U.S.

Improve Scalability

Combine our authorized platforms and interoperable tool sets to scale your government services. To help reduce your time to market, we can also provide the following:

A System Escalation & Action Plan (SEAP)
A FedRAMP path to ATO for system integrators and ISVs
A way to layer agency controls on top of compliance standards
Rackers Working at Desks

Increase Efficiency
With so many options and countless requirements, you need to ensure that your infrastructure is not only compliant, but also competitive. Our consumption-based pricing model means you can put resources previously allocated to achieving certifications to better use.Benefit from our pre-built SSP and standardized programmatic toolset, which we can customize to meet compliance standards specific to your organization.

FedRAMP Private Cloud Services for the Highest Levels of Performance and Security

Run your mission-critical applications in an environment configured for optimal performance and the highest level of security and compliance — in our data center or yours.Designed specifically for government entities and the providers who support them, our FedRAMP private cloud and managed services environment is a proprietary offering that meets controls for the most stringent government standards, including FISMA, FedRAMP, CJIS, HIPAA, PCI, and ITAR.Our capability to provide FedRAMP private cloud is a managed Platform-as-a-Service (PaaS) offering that blends the cost benefits and scalability of the public cloud with the security and customization of a private cloud.

Why Use Our FedRAMP Private Cloud Solution?

Faster Migration
Migrate applications in weeks, rather than months. Our FedRAMP private cloud solution integrates industry-leading virtualization, networking, compute, storage, security, and management technologies — and is pre-configured, reducing the time required for you to receive your authority to operate.Our private cloud’s modular design makes security the top priority, while providing the cost-savings, flexibility and customization that government agencies, software providers, and systems integrators need to meet their own unique performance and security requirements.

FedRAMP Private Cloud


Fully Managed Security
The fully managed private cloud transcends traditional Infrastructure-as-a-Service (IaaS) with its comprehensive compute and virtualization functions, architecture and device support. We have the capability to manage and secure the FedRAMP private cloud all the way through the virtual operating system, delivering a hardened operating system along with network components built to DISA Security Technical Implementation Guide (STIG) standards. Because of the management all physical, network, and host security requirements and controls, your organization can more readily meet FedRAMP, FISMA and agency-specific security requirements. Plus, gain some peace of mind knowing that your infrastructure is backed with 24x7x365 monitoring and support. We can even create a physical “air-gapped” solution to separate your infrastructure from other entities within our FedRAMP enclave. This option includes dedicated hardware and cage space, along with our full suite of managed security tools for monitoring.

Increased Efficiency
Our unique offering leverages standardized processes and best-of-breed tools to generate alerts and reports, to help you meet requirements and gain operational efficiencies. Because our private cloud is FedRAMP JAB authorized — and includes NIST 800-53 controls up through the FISMA high level it can accelerate the audit review process and help you move towards Authorization to Operate (ATO) certification more quickly. Combine this with our consumption-based pricing model, and you can put resources previously allocated to achieving certifications to better use.

Flexibility to Scale
Our FedRAMP private cloud utilizes VMware® ESXi virtualization technology to run virtual machines (VMs) on dedicated physical servers. This increases the flexibility to manage large and small environments. We can also connect your government private cloud to other clouds to create a true hybrid cloud environment, and provide secure SaaS enablement for public sector software providers.

FedRAMP Authorized Platform and Services

The Federal Risk and Authorization Management Program (FedRAMP) provides a standardized approach to facilitate and secure cloud solutions for federal agencies. All executive federal agencies and many others in the public sector are required to use FedRAMP for security validation. The FedRAMP Joint Authorization Board (DoD, DHS, GSA) certified the Rackspace FedRAMP Cloud after a thorough review by the FedRAMP Program Management Office and an accredited third-party advisor (3PAO).

Managing Government Workloads Since 2003

The Rackspace FedRAMP Cloud, combined with our proven Federal Information Security Management Act (FISMA) compliant solutions, provide government agencies, software vendors and systems integrators with the highest levels of security and performance.

Hybrid Connectivity
Our hybrid cloud solution leverages the Federal Community Cloud Platform (FCCP) for highly sensitive information, with the ability to link with public clouds.

Flexibility and Security
Get scalable cloud modules with dedicated hardware, firewalls, virtualization and security management software.

Rackspace Managed Security

SaaS Management
Manage your solution through the virtual operating system, for secure Software-as-a-Service (SaaS) enablement.

Turn-Key Government Public Cloud Solutions
Simplicity without compromise. Rackspace provides seamless, integrated and secure operations for your entire cloud portfolio, across AWS, Azure and Google Cloud Platform, all accessible through a single pane of glass and a single invoice. We are a web-scale Managed Service Provider (MSP), delivering 24x7x365 hybrid-cloud management, operational support and security services as a packaged, on-demand, audited and pay-as-you-go service. You get the same commercial services that power the Fortune 100, in a compliance-ready state, with the additional security controls and governance that make your mission unique.

Why Use Our Government Public Cloud Solution?

In 2017, Gartner positioned us as a Leader in the Magic Quadrant for Public Cloud MSPs based on our ability to successfully deliver high-quality managed services that help our customers maximize the capabilities of the cloud. 

We were the first managed service provider to directly manage Microsoft®Azure® workloads, and we became an Azure Premier Partner in 2014.

We were the first partner to be accepted into the AWS Managed Service Provider Program, have earned AWS Public Sector Partner status and are one of four organizations to manage an AWS Center of Excellence.

Google Cloud Platform
We were the first premier managed services partner for the Google Cloud Platform (GCP) and were the first to provide Customer Reliability Engineering (CRE) support outside of Google’s walls.

Recognized as a leader in Public Cloud Infrastructure Managed Service Providers, Worldwide

We’re a leader in the Gartner Magic Quadrant for Public Cloud Infrastructure Managed Service Providers, Worldwide 2018

As a leader in Managed Services for public cloud infrastructure, here at Rackspace we deliver unbiased guidance on best-fit cloud solutions to organizations around the globe. We go beyond simple migration assistance and infrastructure management with multi-cloud managed services, professional services and managed application services to enable true digital transformation.

Managed Services

Layer our suite of managed services on top of your government cloud or a public cloud solution such as Azure or AWS to help provide reliable uptime and performance for your government services.

Our standard and optional management services are backed by a team of certified professionals with two decades of successful federal experience, and include the following:

System design and implementation
Network and hardware configuration
Performance monitoring and optimization
Operating system maintenance and support
Resource provisioning and load balancing
Data backup, replication and recovery
Customizable security and compliance assistance

Compliant Solutions
To help you meet FedRAMP, FISMA and organization-specific security requirements, we provide end-to-end management and security from the network component layer — built to DISA Security Technical Implementation Guide (STIG) standards — through to the operating system. And with Rackspace managing at least 80% of the controls within your environment, you are better positioned to receive a federal authorization to operate (ATO). Our government public cloud offering supports agency-specific security and FISMA/FedRAMP Moderate/High, CJIS, HIPAA, NIST SP 800-53, NIST SP 800-171 (“DFARS”) requirements.

Managed PaaS
In support of the FedRAMP / FISMA System Security Plan, we provide the following:

Documentation and Audit Support
Host-Based IDS
Log Consolidation and Analysis
Session Recording
STIG and CIS Hardening (Firewalls / Switches / Servers)
OS Licensing
Real-Time Performance Monitoring
OS Patching
Multi-Factor Authentication
Vulnerability Scanning and Remediation
OS Administration
File Integrity Monitoring
Managed Backups
Managed IaaS

Infrastructure Monitoring
Managed Connectivity
Network Intrusion Detection
Network and Infrastructure Patching

Compute and Storage
Hardware Provisioning Administration
Public Cloud Image

Managed Security Services for Government Clouds
With nearly 20 years of experience helping federal agencies, a team of certified professionals specializes in designing high-security solutions to help address your compliance requirements for mission-critical government projects. Leverage our expertise and experience so you can focus on providing quality service to the public sector.To support the delivery of secure government services, Rackspace Security Services for government clouds can be combined with our FedRAMP authorized cloud, our government public cloud offering or a custom configuration.We back all of our managed services with Fanatical Support® — the deep expertise and dedication to 24x7x365 service that’s at the core of everything we do. All members of the Rackspace Security Services for Government Clouds team are U.S. citizens based in continental U.S. locations.

Security Controls
We take security as seriously as you do. We implement and administer security controls that meet or exceed industry standards, including:

Vulnerability scanning
Continuous monitoring
Network intrusion detection
File integrity monitoring
Event log collection
Privileged user session recording
To meet FIPS 140-2 encryption standards, we provide FIPS 140-2 compliant hard disk encryption technology for data in transit and at rest.

Rackspace Managed Security

Monitoring & Reporting
Gain the visibility you need to verify that tools and procedures identified in audit processes are being followed with centralized monitoring and reporting, including:

Software patching sign-offs
Log reviews and summary reports
Encrypted system and network logs
IT incident and risk management reports can also be customized for different stakeholders to help address your security and compliance needs.

Security Racker

Operational Support
Our security experts can manage your environment to help maintain its overall security posture by:
Applying patches to address the latest security threats
Running regular benchmark and vulnerability scans
Establishing action plans to remediate any new findings
We’ll also evaluate the security impacts of any changes and whether they need to be explicitly reviewed as part of the change control process.

Security & Data at Rackspace

Gain Peace of Mind with Our Governance, Risk and Compliance Assistance
Keeping your data and systems secure is a big enough challenge. But demonstrating to auditors that you comply with industry requirements can bring you to the breaking point. And the cost of non-compliance can ruin your business.

The compliance validation phase of an audit involves collecting information about your business activities. This provides assurances that your implemented controls are designed and operating effectively, and aligned with the policies set by the security organization.

That’s why we offer comprehensive security and compliance services. Our security experts use leading technologies and best practices to support your efforts to comply with regulatory mandates — often at a lower TCO than internally-developed solutions.

Rackspace Compliance Certifications and Security Standards
Compliance Certifications

ISO/ IEC 27001 
ISO 14001 
ISO 18001 
ISO 9001 
SOC 1 (SSAE 18) 
SOC 2 
SOC 3 
PCI DSS Level 1

NIST 800-53 
NIST 800-171 (“DFARS”) 
FIPS 140-2 

Global Regulations and Privacy
Privacy Act
Swiss-US Safe Harbor 
Content Delivery & Security Association (CDSA) 
Tech UK Member

Rackspace Government Public Cloud Features

FedRAMP & FISMA Compliant
Our government cloud platform meets or exceeds federal requirements, and the operating system running on top of our infrastructure inherits this compliance.

Monitoring & Reporting
We use both automated and standardized processes to provide monitoring, artifact creation and archiving. We also provide monthly reports.

Guaranteed Availability

We offer industry-leading guarantees related to network uptime, service availability and response times per mission-owner-negotiated SLAs.

We leverage AWS and Azure controls to provide annual audit support and audit-ready authorization at the operating system level of your virtual machines.

24x7x365 Support
We’ll maintain and support your virtual machines, plus provide advanced monitoring, managed security and governance for your government cloud solution.

Hybrid Cloud Connectivity

We can connect your government cloud to other clouds and create a true hybrid cloud environment using Amazon Direct Connect™ or Azure ExpressRoute®.

Managed IT Services to Support the Delivery of Secure Government Services

To get the most value out of your IT investment, you need to continually optimize it. Yet most IT teams spend the bulk of their time managing vendors and daily operations. We’re here to bridge that gap. With nearly two decades of experience helping federal agencies, our team of certified professionals will perform all the essential tasks that your team can’t. They’ll focus on providing reliable uptime, so you can focus on delivering quality service to the public sector. Layer our managed services on top of our authorized private cloud platform, a public cloud solution such as AWS or Microsoft® Azure®, or a custom hybrid configuration. We back all of our managed services with Fanatical Support® — the deep expertise and dedication to service that’s at the core of everything we do, available 24x7x365.

Flexible Choices
We understand that there is no “one size fits all” approach to the cloud. We’ll work with you to understand your unique needs and customize a solution to meet your requirements for delivering quality service to government agencies.

Secure Solutions
We take security seriously. We implement and administer security controls based on NIST SP 800-53, NIST 800-171 (“DFARS”), FISMA and FedRAMP guidelines, and specialize in deploying high-security and high-performance solutions.

24x7x365 Support
Receive expert guidance at every stage, with the option of receiving U.S.-based support, from U.S. citizens performing work in the continental U.S. We have the experts on hand to help you be successful.

Augment Your Plan with Rackspace® Resiliency Solutions
Disaster recovery (DR) is a holistic strategy including people, processes, policies, and technologies. It focuses on restoring the IT systems critical to supporting business functions. If you don’t have a DR strategy yet, we can help you create your own plan for the systems you host on Rackspace infrastructure. Our disaster recovery specialists can review your environment and propose a mix of resiliency tools that can help you achieve your recovery targets—all within your budget.

Add Automation to Your Disaster Recovery & High Availability Plan(s)

Simplify and automate parts of your DR plan. The Rackspace Replication Manager service uses VMware® Site Recovery Manager™ (SRM) and works in concert with Rackspace Array-based Replication to deliver fast, reliable recovery of the apps your business relies on for its operations. Resiliency solutions often require you to manually recover your data, making for an unreliable, time-consuming, and complex recovery process. Replication Manager helps ensure fast, reliable recovery thanks to automated processes. It automates the failover of your Rackspace-hosted VMs to your secondary site and also enables non-disruptive failover testing.

                                       Oxcyon supports FISMA FedRAMP Cloud Hosting

Low Tolerance
Quick Recovery
Rackspace Replication Manager
DNS Failover (Neustar®)
Array-based Replication
Database Replication (transactional)
Database Replication (mirroring)

Medium Tolerance
DNS Failover (Neustar®)
Database Replication (log shipping)
VM Replication
Long Recovery
Managed Backup

Rackspace Makes it Easy to Migrate to New or Multi-Cloud Environments
When you’re considering a move to the cloud, let our specialists help you build your strategy, assess your application portfolio, review your cost structure and identify the best-fit platform for your needs. Whether you’re migrating to AWS®, Microsoft™, Google™, VMware® and OpenStack® , we have the certified specialists who can help make it a success.

We have the expertise to support your migration, across all leading public and private clouds.

We serve customers in over 150 countries from startups to more than half of the FORTUNE 100.


Our experts will guide you through every stage of your migration, from planning to optimization.

We’ll help you to select the best-fit cloud platform and then help you successfully migrate.

Multi-Cloud Adoption Accelerator:
Streamline Your Move to the Cloud 
Cloud Readiness Assessment that evaluates your applications, infrastructure and data readiness for the cloud.
Application and Infrastructure Portfolio Analysis that leverages documentation of your existing applications and infrastructure.
Platform Capabilities Mapping and ROI Analysis that determines which cloud platform(s) and services from the Rackspace comprehensive cloud portfolio fit your overall cloud adoption strategy. 
Solution and Deployment Strategy that will include a comprehensive IaaS solution based on the recommended cloud platforms and all applications.

Migration Services:
Expert Guidance for Planning and Managing Your Server and Data Migrations
Our Cloud Engineers Assess and Evaluate your current workloads, physical and virtual server configurations, network topology, security and compliance requirements to help you mitigate the risk that comes with any migration effort and limit your impact to product.  
We Design an appropriate migration Strategy based on your applications, databases, storage, physical and virtual servers.
Next, a comprehensive project and migration Plan is set, based on your migration strategy and destination environment.
Finally, we execute and Migrate against the plan.

Load Testing:
We Can Help You Benchmark Your Performance Parameters 
Detect the exact moment when a site will have latency issues or break by pushing the limits of site performance with simultaneous users
Identify how much load a server can take without changing response time 
Expose application bottlenecks and pinpoint problem areas
Optimize cloud and hybrid-cloud deployments by selectively scaling component services
Test complex user scenario sequences, including pages, dynamic content, transactions, logins and more