Identity & Access Management

LastPass

Name: LastPass
Author: LastPass (GoTo)

by LastPass (GoTo)

Not FedRAMP Authorized

FedRAMP Status

Not FedRAMP Authorized

Impact Level

N/A

Overview

LastPass is a widely used password manager that has suffered multiple significant data breaches. It is not FedRAMP authorized despite marketing language suggesting government trust. Defense contractors should not store credentials for CUI systems in LastPass.

CUI Risk Assessment

Not FedRAMP authorized despite marketing claims. Has suffered multiple data breaches. Cannot be used for credential management in CUI environments.

NIST 800-171 Violations

Using LastPass for CUI without FedRAMP authorization may violate these NIST 800-171 controls:

3.1.1 3.5.10 3.13.8 3.13.11

FedRAMP Compliant Alternatives

Keeper Security Government Cloud

Keeper Security — High Impact

Frequently Asked Questions

Is LastPass FedRAMP authorized?

No. Despite marketing that uses terms like "trusted," LastPass does not hold FedRAMP authorization. Its multiple data breaches further undermine its suitability for defense environments.

Run a Full Tech Stack Audit

Check all your enterprise tools at once with our free CUI Compliance Auditor.

Launch CUI Auditor

← CUI Compliance Auditor