Commvault Awarded GovRAMP Authorization for Commvault Cloud

TINTON FALLS, NJ – APRIL 28, 2025 – Commvault, a leading provider of cyber resilience and data protection solutions for the hybrid cloud, today announced that Commvault Cloud has achieved GovRAMP Authorized status for its cyber resilience SaaS solutions. This authorization is crucial for state and local government agencies, as well as educational institutions (SLED), enabling them to securely handle critical and sensitive data while supporting rigorous security verification standards. 

GovRAMP (formerly StateRAMP) offers a standardized approach for assessing the security posture of cloud products and services utilized by state and local governments and educational institutions. GovRAMP recognizes three verified statuses: Ready, Provisionally Authorized, and Authorized—each representing a milestone in the verification process based on NIST 800-53 Rev. 5 controls and requiring a government sponsor for the latter two. 

Achieving GovRAMP Authorized status at a High impact level signifies that Commvault Cloud meets the most rigorous security and risk management standards, demonstrating Commvault’s unwavering commitment to cyber resilience and building trust within the public sector. Commvault Cloud underwent a comprehensive third-party assessment and review by the GovRAMP Program Management Office to earn this status. 

This achievement distinguishes Commvault as the only cyber resilience vendor to hold GovRAMP Authorized at a High impact level, FedRAMP High Authorized, and FIPS 140-3 validated status for its SaaS cyber resilience solutions. This unique combination furthers Commvault’s position as a premier cyber resilience and data protection provider for federal, state, local, and educational entities across the United States.  

“We’re proud to achieve GovRAMP Authorization, especially when nearly all ransomware attacks (99%) on SLED organizations target backups,¹ underscoring the critical need for cyber resilience,” said Michael Carroll, Area Vice President, Commvault. “Being the only vendor to secure GovRAMP Authorized at a High impact level, FedRAMP High, and FIPS 140-3 authorizations demonstrates our unique ability to support the most rigorous security demands of public sector organizations as they accelerate cloud transformations and bolster cyber resilience.” 

Achieving GovRAMP Authorization delivers significant benefits for SLED organizations using Commvault Cloud, including: 

• Enhanced Security: Protects data against breaches and unauthorized access according to the highest security standards.
• Verification Assurance: Supports federal and state regulatory requirements, reducing the risk associated with non-compliance.
• Organizational Trust and Credibility: Builds confidence among government agencies by adhering to recognized, rigorous security frameworks.
• Seamless Adoption: Simplifies the procurement and implementation process for agencies requiring GovRAMP Authorized solutions.
• Innovation and Flexibility: Enables SLED organizations to leverage advanced, secure cloud solutions for cyber resilience.

The value of Commvault’s focus on security and resilience is echoed by customers like Phillip Winder, Chief of Information Technology at State of Delaware Department of Corrections. 

“Commvault’s cutting-edge solutions have bolstered our cyber resilience capabilities and set a new standard for innovation. Advanced threat detection and rapid response capabilities help ensure that our critical operations remain uninterrupted, even in the face of sophisticated cyberattacks,” said Winder.  

“With Commvault, we’ve been able to fortify our cyber defenses and streamline our incident response processes. The continuous monitoring and advanced data security features have been instrumental in preventing disruptions to our operations, allowing us to focus on our core mission,” Winder added.  

Commvault Cloud’s GovRAMP Authorized status is available immediately for U.S.-based SLED customers. For more information about Commvault Cloud and Commvault’s commitment to the public sector, please visit the Commvault Government page or read today’s blog. 

Learn More about Commvault’s Cyber Resilience Offerings at RSA Public Sector Day  

Commvault is an exhibiting sponsor at Carahsoft’s annual RSA Public Sector Day on April 28 during RSAC™ Conference. Register now to meet with Commvault at the Hilton San Francisco Union Square between 11:00 am – 3:00 pm PT. 

About GovRAMP
StateRAMP dba GovRAMP is the leading authority on cloud security standards for state and local governments, providing a standardized approach to assessing and authorizing cloud services. GovRAMP empowers government agencies and their vendors to navigate the complexities of cloud security with confidence. Learn more at GovRAMP.org.

About Commvault 
Commvault (NASDAQ: CVLT) is the gold standard in cyber resilience, helping more than 100,000 organizations keep data safe and businesses resilient and moving forward. Today, Commvault offers the only cyber resilience platform that combines the best data security and rapid recovery at enterprise scale across any workload, anywhere—at the lowest TCO. 

¹ Mahendru, P. (2024, August 14). The State of Ransomware in State and Local Government 2024. Sophos. https://news.sophos.com/en-us/2024/08/14/the-state-of-ransomware-in-state-and-local-government-2024/