Services in scope
The following list includes the Omnissa cloud services that are FedRAMP authorized.
- Workspace ONE UEM
- Omnissa Access and Hub Services
- Omnissa Intelligence
Description of certifications
FedRAMP
The Federal Risk and Authorization Management Program (FedRAMP®) provides a standardized, reuseable approach to security assessment and authorization for cloud service offerings.
Federal law requires that federal agencies utilize only those cloud services that are FedRAMP authorized, but customers in other regulated industries such as banking, healthcare, and defense may consider utilizing a FedRAMP authorized solution. Given the broad applicability of the NIST 800-53 controls to other compliance frameworks, FedRAMP authorization lends confidence to customers who can readily interpret and verify the security baseline against which a service is continuously monitored.
For the Omnissa FedRAMP Marketplace listing, click here: Omnissa Government Services | FedRAMP Marketplace
For additional information about the FedRAMP program visit: FedRAMP | FedRAMP.gov
DOD IL5 non-NSS
The U.S. DOD has unique mission requirements and therefore maintains a separate cloud authorization process that builds upon existing FedRAMP authorizations. That process is outlined in the Cloud Computing Security Resource Guide (CC SRG). The CC SRG explains how DOD leverages the FedRAMP authorization process and then layers on additional security requirements based on the sensitivity of mission workloads. Omnissa is working closely with the Defense Information Security Agency (DISA) to finalize an Impact Level 4 (IL4) authorization. The IL4 authorization enables Mission Owners to use Workspace ONE connected to DOD NIPRnet (Non-classified Internet Protocol Router Network) connected services handling controlled unclassified information (CUI) data in systems up to a HHx categorization level.
DOD maintains an Authorized Products List (APL) at: https://public.cyber.mil/approved_product_list/
For a copy of the latest SRG visit: https://public.cyber.mil/dccs/
GovRAMP
GovRAMP is a uniquely tailored compliance program based on NIST 800-53 requirements and structured to support the unique requirements of state, local, and education (SLED) users. It further aims to expand the market of available services by enabling smaller service providers to compete alongside larger providers for government and education contracts. GovRAMP provides SLED users with managed review of authorized products including initial/annual assessment packages and monthly Continuous Monitoring (ConMon) reporting.
GovRAMP reciprocally recognizes the FedRAMP authorization process, and so Omnissa is able to support both FedRAMP and GovRAMP authorizations through a single environment and Continuous Monitoring (ConMon) process.
For more information about GovRAMP visit: Home - GovRAMP
You can find Omnissa’s listing on the GovRAMP Approved Products List at: Authorized Product List - GovRAMP
CMMC
The DOD recognizes FedRAMP Moderate and above authorized systems as meeting CMMC requirements. As a FedRAMP High authorized system, Workspace ONE is suitable for commercial contractors who need a CMMC compliant Mobile Device Management (MDM) solution. For CMMC use cases, we will supplement the FedRAMP High authorization package with a certified letter of attestation from our CMMC third-party assessment organization (C3PAO) affirming the system’s complete compliance with CMMC requirements as well as a Customer Responsibilities Matrix (CRM) tailored to the NIST 800-171 rev 2 control baseline.
Further, should a customer relationship require the transmission of CUI data to Omnissa outside of the Workspace ONE customer tenant environment, Omnissa is certified to handle and store such data using solutions integrated into the administrative control plane of the Omnissa FedRAMP environment FedRAMP environment. Interested customers will find our C3PAO certification for CMMC Level 2 listed on DOD’s Supplier Performance Risk System (SPRS) website and can obtain a copy of the CMMC L2 SSP and CRM upon request.
Certification status
| Authorization | Status | Renewal date |
| FedRAMP High |  | October 2026 (Annual assessment) |
| DOD IL2 | | Reciprocal with FedRAMP High per DOD CC SRG |
| DOD IL5 (non-NSS) | In progress with DISA | |
| GovRAMP | In progress with GovRAMP | Leverages FedRAMP |
| CMMC Level 1 | | L1 - Mar. 2026 |
| CMMC Level 2 | L2 - Assessment scheduled Nov. 2025 | L2 - Nov. 2028 |
Frequently asked questions
The FedRAMP offering is certified to meet the security requirements defined in a variety of baselines such as FedRAMP High (NIST 800-53 rev 5), DOD’s CC SRGn at IL4, and DOD’s CMMC. A summary of these differences is captured the Advanced security controls in Omnissa FedRAMP High cloud addendum to the Workspace ONE cloud security whitepaper.
FedRAMP or Impact Level authorizations are required for U.S. federal and U.S. DOD customers as well as for commercial contractors handling government data. However, many other customers in regulated industries are increasingly looking for solutions hardened to well defined and verified standards. Our FedRAMP authorization boundary is defined as a “hybrid community cloud” meaning that it is positioned to support a full range of customers use cases from U.S. federal and U.S. DOD users to commercial organizations operating with sensitive data in regulated industries.
Prospective customers should contact a federal sales representative with the request. After completing a corporate Non-Disclosure Agreement, the Omnissa Government Services (OGS) team will provide access to the SSP. Following onboarding of a production tenant, the customer will be included in distribution of monthly ConMon reports and will be invited to the ConMon Collaboration Group meeting that OGS hosts monthly.