Deltek’s Costpoint GCCM Achieves FedRAMP Moderate Ready Status to Support DFARS & CMMC Compliance Requirements

February 21, 2024
Michael Greenman
Michael Greenman
Sr. Product Marketing Manager
FedRAMP Ready Status

Deltek is excited to announce that Costpoint GovCon Cloud Moderate (GCCM) has officially achieved FedRAMP Moderate Ready status by the Federal Risk and Authorization Management Program (FedRAMP®). This major accomplishment demonstrates Deltek's continued commitment and investment in delivering industry-leading, secure solutions. Deltek's achievement of FedRAMP Moderate Ready means that an independent third-party assessment organization (3PAO) has thoroughly evaluated Costpoint GCCM against FedRAMP Moderate controls and has verified that Deltek Costpoint GCCM meets this high standard for data security.

Why does this matter? Department of Defense (DoD) contractors with the DFARS 252.204-7012 clause in their contracts are subject to cybersecurity compliance requirements to ensure their cloud service providers (CSP) implement FedRAMP Moderate controls. Similarly, the recently published proposed Cybersecurity Maturity Model Certification (CMMC) rule requires that cloud solutions meet FedRAMP Moderate requirements. This makes Costpoint GCCM a clear and easy choice for government contractors needing an independently verified, secure enterprise resource planning (ERP) solution to facilitate their cybersecurity compliance requirements. Additionally, Costpoint GCCM allows for secure storage of ITAR-restricted data managed in the United States by US-only support personnel.

So, how is Deltek’s FedRAMP Moderate Ready status different from other ERPs that claim FedRAMP compliance by hosting their software in a FedRAMP-Authorized cloud from Amazon or Microsoft? It’s simple: hosting an application in a GovCloud environment does not automatically provide the application with all of the required DFARS or CMMC compliance controls. The application will only receive or “inherit” a portion of those compliance controls from the GovCloud environment and must otherwise be able to prove how it independently provides the remaining controls.  With FedRAMP Moderate Ready status, Costpoint GCCM now has the proof that its security has been verified. It delivers infrastructure security using AWS GovCloud and goes further with additional controls, verified by a 3PAO, at the Costpoint application layer, such as data encryption, access management and authentication. 


Understanding FedRAMP Compliance Webinar

Gain Valuable Insights from Deltek

Watch On-Demand


What is FedRAMP?

FedRAMP is a rigorous cloud security program created by the U.S. Government that assesses capabilities with a security framework designed to measure and enhance the security of cloud services and the protection of controlled unclassified information in the Defense Industrial Base. The FedRAMP Marketplace is a publicly available website where anyone can verify whether a CSP has achieved FedRAMP certification, including Deltek. 

What Does This Mean for Deltek's Customers and Prospects?

Achieving FedRAMP Moderate Ready status offers several benefits to Deltek's Costpoint GCCM customers operating in the U.S. federal government contracting space. Here are some key advantages:


Security Assurance:

FedRAMP Moderate Ready status demonstrates that an independent third-party auditor has verified that Deltek’s Costpoint GCCM offering meets the U.S. federal government's rigorous security standards. This assurance is crucial for government contractors with contract requirements that require the protection of Controlled Unclassified Information (CUI).


Compliance with Federal Contract Requirements:

The U.S. government has specific compliance and security requirements like the Proposed CMMC Rule and DFARS 252.204-7012 for cloud software systems and services. Achieving FedRAMP Moderate Ready status demonstrates compliance with cybersecurity requirements for a cloud service provider and a commitment to supporting government contractors that need to meet these standards. This makes compliance audits easier and delivers peace of mind to Deltek customers.


Cost and Time Savings:

The cybersecurity compliance audit process can be time-consuming and resource intensive. With FedRAMP Moderate Ready status, anyone can easily access proof of Deltek's cloud security posture, saving time and limited corporate resources during an audit. Expediting cybersecurity compliance audits helps government contractors avoid risking losing contracts due to delays in requesting and providing proof of security and compliance. 


Risk Mitigation:

Government contractors often face strict scrutiny for the security of the technologies they adopt. By choosing Costpoint GCCM, companies can improve their security posture.  


Trust and Reputation:

FedRAMP is a widely recognized and respected standard within the federal government. Achieving FedRAMP Moderate Ready status demonstrates the trustworthiness and reputation of a SaaS provider, like Deltek.  


What Happens Next?

Building on our FedRAMP Moderate Ready status, Deltek will remain engaged with the FedRAMP Program Management Office (PMO) to ensure that our cloud solutions continue to meet all necessary security controls and requirements. Deltek is committed to maintaining this high level of security for our Costpoint GCCM offering, further solidifying our position as a trusted provider of secure cloud solutions for government contractors.

Where Can I Learn More?

Visit our listing on the FedRAMP Marketplace for more information regarding our FedRAMP Moderate Ready status, or visit to learn more about Deltek Costpoint in the cloud and explore the delivery options best suited for your business. Want to speak to some someone directly? Contact [email protected] for more information.