BURLINGTON, Mass. — Black Duck has initiated the Federal Risk and Authorization Management Program (FedRAMP) Moderate authorization process for its Polaris® Platform, marking a significant expansion of the company’s U.S. federal cloud services strategy and positioning the AI-powered application security provider for deeper engagement with government agencies.
The move is aimed at enabling federal customers to adopt Polaris within a standardized framework for security assessment, authorization, and continuous monitoring, thereby streamlining procurement and deployment across civilian, defense, and public-sector environments.
To accelerate the authorization process, Black Duck has partnered with stackArmor, a FedRAMP engineering and advisory firm and subsidiary of Tyto Athene. stackArmor has supported more than 60 cloud service providers through compliance and Authorization to Operate (ATO) processes, and will provide engineering support, pre-built security frameworks, and automation to fast-track Polaris’ path to FedRAMP Moderate status.
“We’re not just pursuing FedRAMP approval—we’re redefining how federal agencies secure their applications in the cloud,” said Jason Schmitt, CEO of Black Duck. “Polaris will give government customers the flexibility and confidence they demand, aligning with the federal mandate to modernize IT and reduce reliance on on-premises systems. This is about delivering security at speed, scale, and certainty.”
GP Pal, founder of stackArmor, said the partnership reflects growing demand for enterprise-grade commercial security platforms in the federal market. “By partnering with Black Duck, we’re bringing our in-boundary zero-trust landing zone and continuous monitoring automation to help reduce the time and cost of meeting FedRAMP security standards, which remain the global benchmark for cloud security assurance,” he said.
Black Duck is targeting FedRAMP “In Process” status by June 2026, a key milestone toward listing Polaris in the FedRAMP Marketplace and enabling agencies to procure the platform as an authorized cloud service for application security and risk management.
The initiative reinforces Black Duck’s broader federal strategy to deliver secure, compliant cloud-native application security services aligned with government modernization and zero-trust mandates.