CloudZibaSec’s PhishTACO Platform achieves FedRAMP Moderate Authorization

ZibaSec, a DC area tech startup and an emerging leader in federal government IT security training, announced today that PhishTACO, their flagship product, and cloud-based phishing simulation platform has achieved a Federal Risk and Authorization Management Program (FedRAMP) Moderate Authority to Operate (ATO). ZibaSec’s PhishTACO FedRAMP authorization was sponsored by the Department of Justice. The FedRAMP assessment was conducted by independent security experts from Coalfire (as the 3PAO) and the results were reviewed and validated by the FedRAMP Program Management Office (PMO).

ZibaSec’s PhishTACO platform was formally given FedRAMP Moderate ATO by the FedRAMP board on May 24th, 2021 through sponsorship from the Department of Justice. The PhishTACO platform is architected on Amazon Web Services (AWS) US East/West and is the first CSP with a 100% serverless architecture to be authorized under FedRAMP.

This major milestone is a rare accomplishment for a one-year-old cybersecurity startup and demonstrates ZibaSec’s speed of innovation and commitment to the security of all of its customers. All of the engineering efficiencies, improved security, and organizational innovation that came as a result of ZibaSec’s FedRAMP journey will be used for all customers (where permitted), not just ZibaSec’s federal partners.

ZibaSec’s FedRAMP Moderate authorization means it has been found in compliance with well over 300 individual security controls as defined in NIST 800-53 (FedRAMP adds several security enhancements on top of the NIST baseline); a standard which is continuously monitored and independently audited on an annual basis.

“Humans will continue to be the weakest link in all organizations for massive Federal agencies to the smallest of SMBs, and everyone in between. This is exacerbated by all the various communication channels in which employees engage with the outside world such as SMS, social media, and mobile apps, not just email,” said Julie Davila, ZibaSec’s CEO and cofounder. “PhishTACO has enabled some of the world’s most secure organizations to improve the resiliency of their employees against social engineering attacks, and we’re excited to able to expand our capabilities beyond email and across multiple attack vectors in the months to come.”

ZibaSec looks forward to continuing its close partnership with the Department of Justice, all of its components, and other federal agencies for years to come.

View ZibaSec’s PhishTACO listing on the official FedRAMP Marketplace. To learn more about ZibaSec and PhishTACO schedule a time chat with ZibaSec’s founders or simply visit

Who is ZibaSec?

ZibaSec, cofounded in January 2020 by military veterans Julie Davila and Daniel Shepherd, is a nimble DC area cybersecurity startup with a focus on helping organizations improve the resilience of their workforce against social engineering threats. ZibaSec put itself on the map by helping the DoJ excel in its phishing initiatives and plans to continue the trajectory of innovation not just for employee education, but for defensive tooling as well, and in a manner that remains accessible to small business, state and local governments, and educational institutions who don’t typically have the big budgets of the enterprise.


Leave a Reply

Your email address will not be published. Required fields are marked *