FedRAMP Compliance

FedRAMP Compliance

D-Gutierrez
Explorer Explorer
25,376 Views
79 Replies
Message 1 of 80

FedRAMP Compliance

D-Gutierrez
Explorer
Explorer

When will the BIM 360 Platform acquire the FedRAMP Compliance? We work heavily on government projects and would love to use the BIM 360 platform on all our projects but we are very limited without FedRAMP complaince.

 

Thanks,

David

25,377 Views
79 Replies
Replies (79)
Message 2 of 80

henke_p
Explorer
Explorer

I would also like to know how this is progressing. 

Message 3 of 80

srikanth.ramaraj
Alumni
Alumni

Hello David

We do not have FedRAMP Compliance. Our efforts at the moment are towards industry standard SSAE-16 AT 101 SOC 2 attestation and ISO 27001ISO 27017 and ISO 27018 certifications to validate our security posture.  For more information on our accreditations please refer to our Trust Center.

In regards FedRamp, internally we have been discussing about this requirement from our customers. Timing on attaining FedRamp compliance is yet to be determined

 

Thanks,

Srikanth Ramaraj

Chief of Staff - BIM 360

Autodesk Construction Solutions 

Message 4 of 80

Anonymous
Not applicable

What about DFARS compliance?

Message 5 of 80

J___M___
Enthusiast
Enthusiast

@srikanth.ramaraj wrote:

Hello David

We do not have FedRAMP Compliance. Our efforts at the moment are towards industry standard SSAE-16 AT 101 SOC 2 attestation and ISO 27001ISO 27017 and ISO 27018 certifications to validate our security posture.  For more information on our accreditations please refer to our Trust Center.

In regards FedRamp, internally we have been discussing about this requirement from our customers. Timing on attaining FedRamp compliance is yet to be determined

 

Thanks,

Srikanth Ramaraj

Chief of Staff - BIM 360

Autodesk Construction Solutions 



This is a reply and not a solution. When it complies then it should be marked as a solution.

Message 6 of 80

D-Gutierrez
Explorer
Explorer

Great point! I changed the status.

 

@srikanth.ramaraj  Any update to this?

 

This is vital to many in the industry! I would be more than happy to be involved in any discussion or help out with making any progress.

 

Thanks,

David

 

0 Likes
Message 7 of 80

dtpeter2901
Collaborator
Collaborator

Any update?

We have a potential project we'd like to use BIM 360 on, but the client is looking for this Compliance.

I see Autodesk started this process in 2015.

https://investors.autodesk.com/news-releases/news-release-details/autodesk-cloud-offerings-achieve-m...

But I can't seem to find anything that says Autodesk BIM360 has actually achieved it.

Any additional information would be helpful.

Also wondering if it's possible to have an Autodesk Security rep speak with our Client about specifics.

Thanks in Advance.  

Message 8 of 80

asantman7A9KD
Contributor
Contributor

Any update on this - Auotdesk has been "pending" since 2015. IS there any time-table for meting FedRAMP compliance?

Thanks

Message 9 of 80

spear_kevin_pe
Advisor
Advisor
BUMP... Now that many places including USACE are working remotely, the BIM360 platform is essential to design and construction!
Thanks
Kevin

Kevin Spear, PE
Message 10 of 80

Kenton_Grant
Explorer
Explorer

Kevin, just curious as I've worked on USACE in the past (many years now) but back then I recall SOC 2 and a couple of the ISO's were good for digital storage/transfer of information. Did they update their standards for this to FedRamp?

 

I could also be mixing this up with any of the other numerous govt. related authorities too. At any rate, I think it's def something to be looked into. I'm also curious to know how projects are collaborating if they can't use BIM360?

 

 

Message 11 of 80

Mark_Mates_x3593
Participant
Participant

I know you asked Kevin, but I can confirm 2 USACE districts have recently told us we cannot use BIM 360 on their USACE projects because it is not FedRAMP certified or approved.  This makes all of our BIM360 licenses useless as we already couldn’t use it on our Department if State work... pandemic or not. 

Message 12 of 80

Kenton_Grant
Explorer
Explorer

Wow! 

 

Mark, would it be safe to assume you guys are just coordinating the old way: Upload/download everything to/from the server and replacing consultant files? Or maybe even an AWS or other VM setup?

Message 13 of 80

Mark_Mates_x3593
Participant
Participant

Yes. Old school upload/download via ProjNet. Luckily, a good chunk of our work is all in house as we are a multidiscipline AE firm.  For our main offices, we use Panzura servers which are great. However, they are pricing themselves out of our company soon. 

Message 14 of 80

spear_kevin_pe
Advisor
Advisor

@srikanth.ramaraj , I am a bit confused. Do those certifications qualify for Fedramp certification? If not, then there is nothing that any federal government agency can use as it relates to any Autodesk cloud service, including BIM360. Can you clarify your statement? What countries/agencies require the ISO standards you mention? 

 

 

Thanks
Kevin

Kevin Spear, PE
Message 15 of 80

Anonymous
Not applicable

BUMP... same question

Message 16 of 80

Mark_Mates_x3593
Participant
Participant

On 8/24/2020, I received an update from our Autodesk regional sales manager about progress with FedRAMP.  Autodesk is (or will be) sponsored by GSA for FedRAMP Moderate.  They will start with Docs, Design, Forge, and Plangrid.  This should help us with our USACE and GSA contracts, but not Department of State.  DOS requires FedRAMP High.  If we get Moderate.  There are more details around low/medium impact, but I thought this would be good news to share.

Message 17 of 80

tnieves
Participant
Participant

Same, except my company is not multi-discipline. It makes coordination much harder. Not only with back and forth coordination, but there are some great tools built into the platform for marking up, reviewing and even clashing if you have that. Not to mention seeing changes between versions!

Message 18 of 80

Anonymous
Not applicable

I have pursued Autodesk since last year, 2020, regarding FEDRAMP, NIST 800-171, and CMMC compliance and received the silent treatment.  I find their response to any cybersecurity question is a link to the useless "Trust Center".  There is NO information relevant to compliance with any US Government cybersecurity requirements.  At best it is Marketing and lip service to companies that use Autodesk products. We have used BIM 360 since it was BIM 360 Teams and a Revit Server before that.  We made a commitment to BIM 360, integrated our customers and our sub-contractors and now have over 400 active projects in BIM 360 DOCs and 80+ members.  With a deadline to become CMMC Level 3 certified within the next 12-18 months and Autodesk being radio silent on any plan(s) to comply with any US cybersecurity requirements, I am forced to look for alternative platforms to host our CUI.

If you are experiencing this same issue please comment.  If you have an alternative to BIM 360, please let me know.

The level of frustration caused by this situation is uncalled for.

Autodesk, if you have no intention of meeting the cybersecurity requirements to do business with the US Government, tell us now.  If you are planning to comply, please share that information.

BTW, update your "Trust Center" with your actual cybersecurity status and plans.

Message 19 of 80

Kenton_Grant
Explorer
Explorer

Bump, any status update on this?

Message 20 of 80

Anonymous
Not applicable

This is an update to my previous post. 

Thank you to Carla, at Autodesk support, who has stuck with me and tried to escalate this issue at Autodesk!

 

It is unfortunate that the cybersecurity side of Autodesk is not taking my request, which represents the concerns of ALL Department of Defense contractors, seeking clarification of Autodesk’s current cybersecurity posture, compliance with FEDRAMP, NIST 800-171 and CMMC.

Additionally, are there POAMs, Plan of Actions & Milestones, to comply with any of these requirements?

 

Without Autodesk’s compliance with these regulations, we and ALL other DoD contractors WILL BE FORCED to abandon any cloud-based storage with all Autodesk products.

 

Not knowing is worse than knowing that Autodesk does not intend to comply.  At least then we can plan accordingly.