Press Release

Acquia Expands FedRAMP Authority to Operate, Strengthening Position as the Only Drupal Company to Meet U.S. Government Security Standards

BOSTON—May 10, 2022—Acquia, the digital experience company, today announced that it has expanded its Authority to Operate (ATO) under the Federal Risk and Authorization Management Program (FedRAMP) managed by the U.S. General Services Administration. The expansion boosts Acquia’s status as the only commercial provider of cloud services for creating and deploying digital experiences based on Drupal to meet the U.S. government’s requirements for security and protection of federal information.

Since 2016, FedRAMP certification has applied to federal customers using Acquia Cloud Platform for hosting and managing Drupal applications and Site Factory for multi-site management. The company has now added Acquia Site Studio, along with the latest versions of Acquia Search with Solr 7 and Acquia Platform Email capabilities to the FedRAMP boundary. Acquia has also secured a positive recommendation from a FedRAMP third-party assessment organization. 

FedRAMP is a U.S. government-wide program that takes a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. It provides assurance to agencies that the appropriate security and risk management practices are in place for their cloud properties. 

The FedRAMP framework adheres to the requirements of federal, state, and local government as well as highly regulated industries such as financial services and life sciences that demand strict security protocols for their IT properties. Acquia's continuous monitoring ensures a uniform approach to risk management and offers significant cost savings, improved efficiency, and a faster time to market for digital experience delivery.

“Acquia is proud to be the only non-governmental offering for Drupal to meet the stringent requirements of the FedRAMP program,” said Robert Former, Chief Information Security Officer at Acquia. “We have long been committed to delivering unmatched assurances around security, scalability, and performance to our federal customers. We do this by approaching infosecurity as a process of continuous evaluation and improvement—a stance that benefits all of our customers in the public and private sectors.”

Acquia’s information security program helps to ensure customers operate in a cloud environment that complies with a wide array of industry standards and regulations, including ISO 27001, HIPAA, SSAE16/SOC 1/ISAE-3402, SOC 2, and PCI-DSS. In Australia, Acquia has been assessed under Infosec Registered Assessors Program (IRAP) for the Official: Sensitive level. 

The company’s “security by design” includes out-of-the-box features such as multiple layers of firewall, multi-factor authentication, vulnerability management, security incident response, backups, and disaster recovery capabilities. Acquia offers powerful solutions to meet a wide range of compliance and security needs.

To learn more, visit or visit to view Acquia's listing among agency authorized Cloud Service Providers (CSPs).

About Acquia

Acquia empowers the world’s most ambitious brands to create digital customer experiences that matter. With open source Drupal at its core, the Acquia Digital Experience Platform (DXP) enables marketers, developers and IT operations teams at thousands of global organizations to rapidly compose and deploy digital products and services that engage customers, enhance conversions, and help businesses stand out. Learn more at

- ### -

All logos, company and product names are trademarks or registered trademarks of their respective owners.