Rapid7 Achieves FedRAMP Authorization for InsightGovCloud Platform
Rhea-AI Summary
Rapid7 (NASDAQ: RPD) has achieved Federal Risk and Authorization Management Program (FedRAMP) Authorization for its InsightGovCloud Platform, marking a significant milestone for serving U.S. federal agencies. The authorization at Moderate Impact Level 2 validates the platform's security capabilities for government deployment.
The platform offers comprehensive security solutions including vulnerability management, CNAPP, and SOAR capabilities. Key features include dynamic asset discovery, threat-aware vulnerability prioritization, closed-loop exploitability validation, real-time cloud security assessment, and streamlined remediation operations.
This authorization enhances Rapid7's existing certifications portfolio, which includes SOC2 Type 2, ISO 27001, TX-RAMP, IRAP, and others, positioning the company to better serve public sector cybersecurity needs.
Positive
- Achievement of FedRAMP Authorization enables access to federal agency market
- Platform directly addresses CISA's Binding Operational Directive 22-01 compliance requirements
- Comprehensive security features including vulnerability management, CNAPP, and SOAR solutions
- Integration with Metasploit, the world's most widely adopted open-source penetration testing framework
Negative
- None.
News Market Reaction – RPD
On the day this news was published, RPD declined 0.26%, reflecting a mild negative market reaction.
Data tracked by StockTitan Argus on the day of publication.
BOSTON, July 28, 2025 (GLOBE NEWSWIRE) -- Rapid7, Inc., (NASDAQ: RPD), a leader in extended risk and threat detection, today announced that its InsightGovCloud Platform has achieved Federal Risk and Authorization Management Program (FedRAMP®) Authorization, solidifying its position as a trusted Cloud Service Offering (CSO) for U.S. federal agencies. This milestone underscores Rapid7’s commitment to enabling secure cloud adoption for public sector organizations.
The FedRAMP Authorization Moderate Impact Level 2 validates the security of Rapid7’s cloud-based platform and affirms its readiness to support federal agencies in managing their evolving cybersecurity needs. With this achievement, Rapid7’s approved solutions can now be deployed across a wide range of government environments to deliver proactive threat exposure management and automated response capabilities at scale across hybrid cloud and on-premises environments.
“For federal agencies navigating increasingly complex and constantly-evolving security environments, working with a security platform that meets the highest standards of security, reliability, and compliance is critical,” said Pete Rubio, senior vice president, platform and engineering at Rapid7. “Rapid7 is well positioned to meet this need, delivering unique capabilities in automation, visibility, and context that help federal agencies reduce risk and accelerate remediation across their environments.”
“Achieving this authorization marks a meaningful commitment to the federal agencies we support. We look forward to building deeper partnerships with security teams across the sector, delivering a comprehensive security platform that protects assets from endpoint to cloud,” said Damon Cabanillas, public sector vice president of sales at Rapid7. “This authorization comes as federal agencies face increased pressure to leverage a continuous threat exposure management platform in support of CISA’s Binding Operational Directive 22-01, which mandates that agencies identify and remediate these vulnerabilities within specific timeframes. Rapid7’s solutions directly address this mandate, providing native automated vulnerability assessment, prioritizing remediation projects and validating patching efficacy within specific timelines complimenting Rapid7’s own Metasploit, the world’s most widely adopted open-source penetration testing framework.”
The Rapid7 Platform includes a suite of vulnerability management, CNAPP, and SOAR solutions within the FedRAMP authorization boundary. These tools empower federal agencies to assess their attack surface, detect and prioritize exposures, and automate response workflow, all from a centralized interface that delivers clarity and control. With Rapid7’s newly approved solution, federal agencies can benefit from:
- Dynamic Asset Discovery and Attack Surface Visibility: Identify and close critical vulnerabilities across the entire IT ecosystem with a single agent and agentless scanning options supported by a unified vulnerability database ensuring nothing is missed or overlooked.
- Threat-Aware Hybrid Vulnerability Prioritization at Scale: Focus on what matters most with Rapid7’s threat-enriched risk scoring model, integrating real-world threat context, blast radius, attractiveness and attacker behavior to surface the most actionable risks from endpoint to cloud.
- Closed-Loop Exploitability Validation: Allows for integrated automated vulnerability scans that leverage Rapid7’s Metasploit, the world’s most widely adopted open-source penetration testing framework, to create a closed-loop workflow that simulates real-world attacks across the entire kill chain, enabling risk prioritization based on actual exploitability and potential impact.
- Real-time cloud security and posture assessment: Gain continuous real-time visibility across all cloud workloads and enforce security posture at scale, reducing misconfigurations and audit prep time across cloud platforms and Kubernetes.
- Streamlined Collaboration and Accelerated Remediation Operations: Bridge the gap between security and IT teams with hundreds of built-in integrations, automated remediation workflows and project tracking to accelerate risk reduction with actionable guidance delivered directly to preferred ITOps tools.
Rapid7’s existing certifications include SOC2 Type 2, ISO 27001, TX-RAMP, IRAP, EU-U.S. Data Privacy Framework, and CE+. The company’s FedRAMP Authorized status adds to this robust portfolio and strengthens its ability to serve public sector customers with confidence.
To learn more about Rapid7’s Command Platform, visit https://www.rapid7.com/solutions/industry/government/.
To view the FedRAMP In Process Marketplace listing for InsightGovCloud, visit https://marketplace.fedramp.gov/products/FR2422240916.
To learn more about how Federal Agencies can benefit from working with Rapid7, visit http://www.rapid7.com/blog/post/rapid7-is-now-fedramp-authorized-what-it-means-for-federal-agencies.
About Rapid7
Rapid7, Inc. (NASDAQ: RPD) is on a mission to create a safer digital world by making cybersecurity simpler and more accessible. We empower security professionals to manage a modern attack surface through our best-in-class technology, leading-edge research, and broad, strategic expertise. Rapid7’s comprehensive security solutions help more than 11,000 global customers unite cloud risk management with threat detection and response to reduce attack surfaces and eliminate threats with speed and precision. For more information, visit our website, check out our blog, or follow us on LinkedIn or X.
About FedRAMP
FedRAMP is a government-wide program that promotes the adoption of secure cloud services across the federal government by providing a standardized approach to security and risk assessment for cloud technologies and federal agencies.
Rapid7 Media Relations
Alice Randall
Director, Global Corporate Communications
press@rapid7.com
(857) 216-7804
Rapid7 Investor Contact
Elizabeth Chwalk
Vice President, Investor Relations
investors@rapid7.com
(617) 865-4277
FAQ
What does Rapid7's FedRAMP Authorization mean for federal agencies?
What key features does Rapid7's InsightGovCloud Platform offer?
How does Rapid7's platform help with CISA's Binding Operational Directive 22-01?
What certifications does Rapid7 (NASDAQ: RPD) currently hold?
What security capabilities are included in Rapid7's FedRAMP authorization boundary?
