FedRAMP Authorized — Moderate Impact
Citrix Workspace for Government by Citrix. 6 compliance features verified.
Citrix Workspace for Government
by Citrix
Impact Level
Moderate
Status
Authorized
Pricing
enterprise
Authorization Date: September 8, 2018 | Sponsoring Agency: DHS
Overview
Citrix Workspace for Government provides FedRAMP Moderate authorized virtual desktop infrastructure and application delivery for government organizations. It enables secure remote access to applications and desktops from any device. The platform supports BYOD policies while maintaining data security through centralized computing.
Key Features
Certifications & Authorizations
Deployment Options
NIST 800-171 Compliance Coverage
How to Procure Citrix Workspace for Government for Defense Contracts
Citrix Workspace for Government is available through GSA MAS Contract 47QTCA22D0006 under SIN 518210C (IT Professional Services) and SIN 54151S (Software). SEWP V procurement is available via Prime Contract NNG15SC03B with Citrix authorized resellers. Government pricing includes volume discounts and educational discounts not available commercially. The authorization boundary covers the Citrix Cloud for Government control plane, customer resource locations, and data flows between government networks and Citrix infrastructure. Contracting officers must approve the System Security Plan (SSP) addendum documenting customer responsibility matrix, particularly for endpoint security and network controls. Customer Responsibility Matrix clearly delineates government responsibilities for identity management, endpoint compliance, and network security policies. Typical procurement timeline: 45-60 days for initial subscription through GSA, 90-120 days for SEWP due to additional security reviews. For CMMC assessments, include Citrix Workspace endpoints and data flows in your assessment boundary if processing CUI. Document network segmentation between Citrix traffic and CUI environments. The FedRAMP authorization covers the service delivery infrastructure, but customer endpoints and local networks require separate CMMC compliance verification. Ensure your Citrix Workspace deployment maps align with your OSC (Objective Security Controls) implementation for AC (Access Control) and SC (System and Communications Protection) control families.
Compliance Cross-References
Citrix Workspace for Government's FedRAMP Moderate authorization directly supports DFARS 252.204-7012 compliance by providing adequate security controls for CUI processing in cloud environments. The authorization satisfies DFARS 252.239-7010 cloud computing security requirements through documented security controls and continuous monitoring. For NIST 800-171 compliance, the service implements AC (Access Control) controls through multi-factor authentication, role-based access, and session management; SC (System and Communications Protection) through encrypted communications and network segmentation; AU (Audit and Accountability) through comprehensive logging and monitoring capabilities. CMMC Level 2 domain alignment includes Access Control (AC.L2), Audit and Accountability (AU.L2), Configuration Management (CM.L2), Identification and Authentication (IA.L2), Media Protection (MP.L2), Personnel Security (PS.L2), Physical Protection (PE.L2), Recovery (RE.L2), Risk Assessment (RA.L2), Security Assessment (CA.L2), System and Communications Protection (SC.L2), System and Information Integrity (SI.L2), and Situational Awareness (SA.L2). DoD Cloud Computing SRG compliance is achieved through IL2 Provisional Authorization, addressing virtualization security, multi-tenancy isolation, and government cloud deployment requirements. Organizations using this service inherit security controls documented in the Customer Responsibility Matrix, reducing individual assessment scope.
Defense Contractor Use Case
Defense contractors use Citrix Workspace Government for providing secure virtual desktop access to employees working remotely, ensuring CUI never leaves the controlled computing environment.
Related Products
More Productivity Products
Related Compliance Assessments
Frequently Asked Questions
What is the FedRAMP authorization level for Citrix Workspace for Government?
Citrix Workspace for Government is authorized at the FedRAMP Moderate impact level, with authorization granted on 2018-09-08 sponsored by DHS. The FedRAMP Moderate baseline includes approximately 325 security controls covering confidentiality, integrity, and availability.
Can defense contractors use Citrix Workspace for Government for CUI?
Citrix Workspace for Government is authorized at the FedRAMP Moderate baseline. While FedRAMP Moderate covers a broad range of government data, defense contractors handling CUI should carefully evaluate whether Moderate controls meet their specific DFARS 252.204-7012 and NIST 800-171 requirements. Some CUI categories may require FedRAMP High authorization depending on the sensitivity of the data and contract requirements.
How does Citrix Workspace for Government pricing compare to commercial?
Citrix Workspace for Government government pricing is typically negotiated on an enterprise basis and may differ from commercial list prices. Government and defense contractor pricing often includes compliance overhead that can make it 15-30% higher than commercial equivalents. However, volume discounts, GSA Schedule pricing, and multi-year commitments can help offset these costs. Contact Citrix directly or check GSA Advantage for current government pricing.
Browse All FedRAMP Authorized Tools
Search and filter 80+ FedRAMP authorized products for your defense contracting needs.
Open FedRAMP FinderTrack Citrix Workspace for Government FedRAMP compliance updates with AI-powered intelligence
Signals matches SAM.gov opportunities to your profile, monitors regulatory changes, and alerts you before competitors. Free for 90 days.
Start Free — 90 Days