Understanding FedRAMP, Salesforce, & E-Signature

Rahim Kaba, September 29, 2016

Across the government, agencies are looking to the cloud to achieve cost savings and to reap the benefits of scalability. But while confidence in the cloud continues to rise, security remains a key concern and a stumbling block to federal agencies adopting the cloud.

Cloud Adoption in Government

In the past, each individual agency was responsible for conducting its own cloud security assessments, which meant costly and redundant work for the government and its vendors. Enter FedRAMP in 2012. The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide initiative intended to provide a streamlined way for agencies to adopt cloud services that meet or exceed the NIST security controls. Today, FedRAMP is regarded as one of the most rigorous cloud security assessments available in the world. Together with the government’s Cloud First policy, the program has helped accelerate the adoption of cloud solutions by increasing confidence in cloud security.


This is G2 Crowd's 12th, and most detailed, e-signature rankings report. It confirms OneSpan Sign as the leader in customer satisfaction with the highest NPS (83) score for the twelfth consecutive time.


FedRAMP is also starting to have a trickledown effect in state and local governments, who are increasingly relying on FedRAMP compliant cloud services for all types of applications – from consumer services (e.g., Twitter, LinkedIn, Facebook, Evernote, etc.) to enterprise services (e.g., Salesforce, Box, Office 365, etc.). Because FedRAMP sets the bar high for how data is protected in the cloud, state and local governments are seeing value in leveraging this security standard for comparable needs at the local level.

Salesforce Apps & FedRAMP

As the use of digital technologies continues to disrupt manual, paper-intensive processes, citizens and government employees alike are demanding more modern, personalized interactions from governments at all levels. Salesforce supports public sector innovation with modern and secure tools like the Salesforce Government Cloud – a portion of Salesforce’s multitenant public cloud that is specifically partitioned for federal, state and local governments, including the U.S. Department of Defense and the community of government contractors.

But if you’re a government organization that’s using Salesforce, are you sure that your third party apps are also FedRAMP-compliant? Fortunately, the desire for government to move quickly to the cloud has started to provide Salesforce customers with more options. The eSignLive for Salesforce app for example, is the only e-signature app on the AppExchange that is available in a FedRAMP compliant cloud. This means that any agency that wants to put cloud-based e-signatures into the hands of any government employee across the country can now do so – while meeting the stringent security standards required by the federal government.

eSignLive has been supporting government organizations in their digitization efforts for over 20 years. In fact, government was one of the first industries that led the digital charge and adopted e-signatures at a time when the technology was still unfamiliar. Today, e-signature adoption has skyrocketed with the rise of the cloud and mobile offerings. We continue to support government as their needs and demands have evolved over the years – including signing with government-issued CAC and PIV smart cards, mobile signing capabilities for mobile government workers, and now FedRAMP compliance.

Not all e-signature solutions are created equal. When evaluating e-signatures apps (whether standalone, or integrated with Salesforce or another core system), make sure the vendor can demonstrate that they meet FedRAMP’s standards. If they are committed to government (ANY government for that matter – federal, state or local), their solution should be available in a FedRAMP-compliant cloud.

Party with eSignLive at Dreamforce

We’re co-sponsoring the Phase One Dreamforce Government Kick-off Party. Come join us on Tuesday, October 4th at 8pm. Enjoy hors d’oeuvres, DJ and live band! This is THE party for the public sector – don’t miss it!

Drop by booth #401 or #2112 and make sure you register for our session, "Making the Case for E-Signatures in Salesforce & Force.com", which will be taking place on Thursday, October 6th at 11am at Moscone South, Partner Theater 1.