Horizon3.ai, the global leader in offensive security, today announced it has gained Federal Risk and Authorization Management Program (FedRAMP®) High Authorization, unlocking the ability to support even the most security-sensitive federal missions. This milestone fulfills Horizon3.ai's previously announced commitment to bring proof-based security to government agencies operating at the highest levels of compliance and risk exposure.
Horizon3.ai's newly authorized platform, NodeZero Federal™, is now available to federal agencies under the FedRAMP High baseline. Built upon the proven commercial version of the NodeZero® Offensive Security Platform, NodeZero Federal™ is designed specifically to meet the heightened security and compliance demands of government environments. With this authorization in place, Horizon3.ai becomes the first and only cybersecurity vendor authorized to deliver continuous, autonomous pentesting within this strict regulatory framework.
"We built NodeZero to help defenders find and fix vulnerabilities before attackers exploit them-and with the FedRAMP High authorization, we're now able to proactively secure critical federal systems," said Snehal Antani, CEO and Co-founder of Horizon3.ai. "Our roots are in National Security, and with cyber warfare evolving at an unprecedented pace, we're committed to improving the cyber resilience of the nation's digital infrastructure, with support for Secret and Top Secret systems as our next major focus areas."
This authorization builds on Horizon3.ai's success with Federal partners, such as the NSA Cybersecurity Collaboration Center (CCC) program. As part of CCC, Horizon3.ai powers the NSA's Continuous Autonomous Penetration Testing (CAPT) program, where Defense Industrial Base (DIB) suppliers use NodeZero to act as nation-state-level adversaries, identify and prioritize real attack paths, and continuously validate their defenses.
"With our FedRAMP High authorization, critical suppliers and federal agencies can verify and improve their cybersecurity posture, ensuring that limited resources are focused on fixing problems that truly matter," said Matt Hartley, CRO at Horizon3.ai. "These agencies can find, fix, and verify the remediation of CISA Known Exploitable Vulnerabilities (KEV) at scale, ensure their security operations center is effectively detecting and stifling attacks, and that security tools are tuned correctly. Offense drives defense, and no one knows this better than our US Federal customers."
NodeZero Federal helps agencies streamline compliance with key cybersecurity mandates, including NIST SP 800-53-the foundational control framework behind FedRAMP-as well as evolving OMB policies and Executive Orders that require Zero Trust architecture, Cybersecurity Maturity Model Certification (CMMC) 2.0 for supply chain assurance, and participation in Continuous Diagnostics and Mitigation (CDM) programs.
