HP Fortify on Demand (FoD) (JAB Provisional Authorization)

HP Helion for Public Sector (Helion)(JAB Provisional Authorization)


Service Name: HP Fortify on Demand (FoD) (JAB Provisional Authorization)

Description: The HP Fortify on Demand (FoD) for US Public Sector performs security assessments of application code and web site/web services testing without any software to install or manage. Static Code Scanning of code such as Java, .NET, and other major programming languages for security defects are performed in the FoD System at the code layer followed by an audit review by an HP Static auditor.  Dynamic Web Site and Web Services testing use HP’s WebInspect software as the scan engine, followed by a review from an HP Dynamic tester. 

Service Model: Software as a Service (SaaS)

Deployment Model: Government Community

Impact Level: Moderate

Authorization Date: February 4, 2015 (JAB Provisional Authorization)

Pack​a​ge ID: (unique identifier) F1301101857

3PAO: Lunarline, Inc

Contact Information: Eric Adams eric.adams@hp.com


Service Name: HP Helion for Public Sector (Helion)(JAB Provisional Authorization)

Description: HP’s Helion for Public Sector infrastructure-as-a-service (IaaS) offering is a highly secure, enterprise-class, managed cloud computing environment for all types of government regulated requirements; particularly mission-critical Federal Agency workloads. Helion allows agencies at all levels of government, agency contractors, and non-government organizations operating under Federal regulations such as educational institutions, healthcare covered entities, and critical infrastructure industries to operate in the cloud with greater security and a “pay-as-you-use” business model. Unlike other IaaS offerings, client workload deployed in the Helion Cloud solution can be managed by HP through a shared security model, reducing the management burden on customer IT departments.  Helion can mitigate the risk of over-investing in infrastructure while deploying new managed services securely and quickly within a FedRAMP and DISA ECSB authorized environment.

Government agencies can benefit from HP’s service excellence and over 50 years of public sector experience, with a solution that has been built from the ground up with security and best practices in mind. Helion complies with the following regulatory standards:

  • FedRAMP Moderate JAB pATO
  • FIPS 140-2 encryption (Federal Information Processing Standards 140-2 encryption)
  • CIS Level 1configuration benchmarks (Center for Internet Security Level 1)
  • HIPAA/HITECH Security and Privacy (Health Insurance Portability and Accountability Act/
  • Health Information Technology for Economic and Clinical Health)
  • ITAR (International Traffic in Arms Regulations)
  • FERPA (Family Educational Rights and Privacy Act)
  • PCI-DSS (Payment Card Industry Data Security Standard)
  • CJIS (Criminal Justice Information System)
  • FISMA (Federal Information Security Management Act)
  • DIACAP/DIARMF (DoD Information Assurance Certification and Accreditation
  • Process/Defense Information Assurance Risk Management Framework)
  • DoD Cloud Security Model (CSM) level 2 (authorized 10/27/14)

Service Model: Infrastructure as a Service (IaaS)

Deployment Model: Government Community

Impact Level: Moderate

Authorization Date: June 5, 2013 (JAB Provisional Authorization)

Authorizing Agencies:

  • Department of Homeland Security (DHS)
  • Department of the Interior (DOI)

Package ID: F1206131373

3PAO: Coalfire (FedRAMP accredited)

Contact Information: Marilyn Hays (Marilyn.Hays@HP.com)