DTEX Achieves FedRAMP Authorization for UAM Compliance

DTEX has achieved a major milestone: full FedRAMP Authority to Operate (ATO) for its DTEX Platform, sponsored by the U.S. Federal Trade Commission (FTC). This makes DTEX the first and only User Activity Monitoring (UAM) solution accredited on the FedRAMP Marketplace, and the first capable of meeting the UAM requirements of the Committee on National Security Systems Directive 504 (CNSSD 504) in a secure, government-authorized cloud environment. 

A new standard for federal insider risk management

With FedRAMP ATO, the DTEX Platform is certified to meet the stringent security controls required for Federal Cloud Services under NIST 800-53 Rev 5. 

The authorization allows agencies to deploy the DTEX Platform as a fully hosted service, without the cost infrastructure burden, or security risk associated with maintaining on-premises monitoring solutions.

Importantly, they will be able to leverage the behavioral telemetry from the DTEX Platform, employing data science and AI to detect early warning indicators and deter insider risks before data loss occurs. They will also be able to meet strict UAM and behavioral monitoring mandates under CNSSD 504.

Why CNSSD 504 matters and how DTEX meets the standard

The National Insider Threat Task Force (NITTF), established under Executive Order 13587, sets the baseline for federal insider threat programs. CNSSD 504, issued in 2014, mandates UAM across all Executive Branch departments and agencies accessing U.S. Government information. 

The directive outlines five essential UAM capabilities: 

1. Keystroke monitoring 

2. Full application content capture, including email and chat 

3. Screen capture 

4. File shadowing 

5. Attribution of collected data to specific users 

CNSSD 504 also recommends that agencies apply behavioral analysis to correlate events such as authentication anomalies, excessive activity, exfiltration attempts, network anomalies, privilege violations, and other indicators described in Table 1 of the directive. 

DTEX meets and often exceeds CNSSD 504 requirements through a unified platform that integrates DLP, UEBA, and UAM. This enables agencies to identify indicators of intent along the Insider Threat Kill Chain rather than relying on isolated events. 

How DTEX fulfills CNSSD 504 requirements

Full application content capture 

DTEX’s DMAP+ Technology™ provides continuous, privacy-preserving telemetry, recording session activity, process events, file interactions, and window activity on or off the network. This ensures complete capture of application-level content required to identify anomalies. 

Screen and keystroke monitoring 

For users elevated to focused observation, DTEX supports video and screen capture, keystroke monitoring, and detailed content monitoring. Capture can be triggered by user, device, application, or rules, and exported for investigation. 

File shadowing and lineage 

DTEX continuously tracks files even when renamed, relocated, encrypted, or obfuscated. Using MD5, SHA1, and SHA256 hashing, the platform reconstructs data lineage to show who accessed, modified, or exfiltrated sensitive data. 

Behavioral correlation and alert stacking 

Insider threats often unfold over time. DTEX uses machine learning, correlation engines, and MITRE-aligned analytics to elevate risk signals by linking sequences of activity across the kill chain. This reduces false positives and strengthens true-positive detection. 

Automated risk elevation 

DTEX automatically increases monitoring for high-risk groups such as leavers and joiners, or individuals flagged as persons of interest. These populations are then correlated with insider-threat-relevant behaviors for proactive detection. 

Privacy-by-design for global compliance 

DTEX’s patented Pseudonymization™ architecture preserves employee privacy without compromising security outcomes. This allows agencies, including those operating in regions with strict privacy laws, to deploy insider-risk capabilities in a proportional and compliant manner. 

Advancing insider threat maturity across federal agencies

Federal missions rely on trusted personnel and secure information systems. As insider risks accelerate and cloud adoption grows, FedRAMP authorization allows agencies to deploy the DTEX Platform with confidence. 

Agencies can now meet CNSSD 504 requirements through a FedRAMP-authorized SaaS platform that unifies behavioral intelligence, continuous monitoring, and risk-adaptive detection. 

To learn how the DTEX Platform aligns with all CNSSD 504 requirements and recommendations, download the CNSSD 504 Requirements Mapping datasheet. 

If you’d like to speak with a DTEX federal expert, email us for a consultation.