Please Try a Different Browser

You are using an outdated browser that is not compatible with our website content. For an optimal viewing experience, please upgrade to Microsoft Edge or view our site on a different browser.

If you choose to continue using this browser, content and functionality will be limited.

FedRAMP for Tungsten Automation Cloud Services

Speed, efficiency, and oversight—delivered on a secure, scalable platform purpose-built for federal requirements.

Request ATO Guidance Visit Trust Center
Overview

Tungsten Solutions and FedRAMP

Tungsten’s security, compliance, and privacy controls are designed for regulated environments—backed by third-party audits, live transparency, and continuous monitoring. Our FedRAMP High programs underscore our commitment to efficiency, security, and U.S. federal cloud standards.

Solutions in our FedRAMP boundary

  • Boundary: Tungsten TotalAgility® Cloud
  • Impact level: High
  • Current status: FedRAMP High — In Process (Active)
  • Data residency: United States
  • Last updated: Month XX, 2025
  • Marketplace Listing: URL TBD

As additional Tungsten cloud services enter the FedRAMP boundary, they will be listed here with their individual status.

FedRAMP Basics

Get to know FedRAMP

FedRAMP standardizes how U.S. federal agencies assess, authorize, and continuously monitor cloud services.

Impact levels

Low (for public or low-risk data), Moderate (where a breach would have a serious adverse effect), and High (where a breach would have a catastrophic adverse effect; requires the most stringent baseline).

Assessment & authorization

An accredited third-party assessment organization (3PAO) assesses security; upon FedRAMP authorization, services enter continuous monitoring (ConMon).

Reuse & inheritance

Agencies can reuse/inherit approved controls after Authorization (shared responsibility model).

While a solution is In Process

Agencies can map responsibilities (agency vs. vendor), review documentation under NDA, and prepare authorization to operate (ATO) artifacts (boundary diagram, data flows, logging plan). Control inheritance begins after Authorization.

When a solution is Authorized (ATO granted)

Agencies can inherit approved controls within the product boundary, reuse standardized assessment artifacts, and onboard to our continuous monitoring cadence.
Why Tungsten

Why federal agencies choose Tungsten Automation

  • One cloud platform, fewer tools.

    The Tungsten Automation Platform unifies intelligent document processing (IDP), workflow automation, knowledge discovery, low-/no-code orchestration, and AI. One unified cloud solution simplifies IT operations by reducing vendors, contracts, and integrations. Our platform is built to align with the federal government’s Cloud Smart strategy and the DoD Cloud Strategy/SRG.

  • Legacy-friendly integration.

    We use an API-first approach to connect records, case, and ERP systems to our solutions—so you can keep what works and remove the manual steps. Modernize at your own pace, without rip-and-replace.

  • Internal ownership, always current.

    Low-/no-code tools and pre-built models let your teams build and update in-house—while the cloud service delivers continuous features, security patches, and compliance updates (within the FedRAMP boundary), so improvements land without new projects or added consulting fees.

  • Trusted in government.

    Tungsten solutions are used by 14 out of 15 Federal Departments, 350+ U.S. government agencies, and backed by 40+ years serving the public sector (including decades under the Kofax brand).

  • Responsible AI.

    Our proactive approach guarantees that our AI systems are not only safe and reliable but also fully compliant with all relevant regulations. Human-in-the-loop controls, testing/validation, monitoring, and privacy safeguards.

Analyst recognition

Tungsten is recognized as a Leader by top industry analysts

Tungsten is a recognized leader in AI-powered workflow automation. We are setting standards in intelligent automation, intelligent document processing (IDP), and process orchestration.

Resources

FAQs

FedRAMP High FAQs for agencies

+ Expand All - Collapse All

If you’re a U.S. federal executive branch agency using cloud services that store or process federal information, yes—OMB policy directs agencies to use FedRAMP when conducting risk assessments, security authorizations, and granting ATOs for cloud services.

For the Department of Defense (DoD), FedRAMP is typically the baseline, and DoD adds its own requirements via the Cloud Computing Security Requirements Guide (SRG). DoD can leverage an existing FedRAMP authorization or sponsor its own assessment to issue a DoD Provisional Authorization.

For state and local governments, FedRAMP isn’t required by federal policy, but many jurisdictions look to StateRAMP (modeled on FedRAMP) or accept FedRAMP authorizations as part of their due diligence.

“In Process” means we are undergoing assessment at the High impact level. “Authorized” means a granted Authority to Operate under FedRAMP. Control reuse/inheritance starts after Authorization.

FedRAMP is the federal program for securing cloud services used by U.S. federal agencies; StateRAMP applies similar NIST-based standards for state, local, and education (SLED) buyers. Once TotalAgility® Cloud achieves FedRAMP High Authorization, we’re committed to pursuing StateRAMP authorization so SLED customers can rely on a comparable, reusable security baseline.

Yes, the FedRAMP Marketplace is the official source for status and impact level. Please visit Tungsten’s listing at URL TBD.

Yes, Tungsten Automation maintains a comprehensive set of compliance certifications that demonstrate our commitment to protecting customer data and following regulatory and industry standards. Visit the Trust Center for current attestations.

We are pursuing the Agency path. We will provide details under NDA when appropriate.

Yes, we integrate with your Identity Provider (IdP) to enforce SSO/MFA and RBAC, centralize SIEM-ready logs, segment roles and permissions, and provide exportable evidence for audits/IG.

Yes, you can seamlessly connect and sync your diverse systems, from legacy platforms to modern apps, to extract and interpret unstructured data from any source with AI-powered intelligent document processing. Our API-first integration supports no rip-and-replace.

Yes, Tungsten low-/no-code capabilities enable internal ownership for changes and extensions, minimizing reliance on consulting support and fees. Teams can also accelerate mission speed with our Document Library of pre-trained document extraction models, ready for immediate deployment.

Contact our public sector team (NDA required).