FedRAMP In Process — Moderate Impact
Mattermost for Government by Mattermost. 6 compliance features verified.
Mattermost for Government
by Mattermost
Impact Level
Moderate
Status
In Process
Pricing
mid market
Overview
Mattermost for Government is an open-source-based secure collaboration platform pursuing FedRAMP Moderate authorization. It provides messaging, file sharing, and workflow automation with options for self-hosted or cloud deployment. Mattermost is popular with DevOps and technical teams in defense organizations.
Key Features
Certifications & Authorizations
Deployment Options
NIST 800-171 Compliance Coverage
How to Procure Mattermost for Government for Defense Contracts
Mattermost for Government is available through GSA Multiple Award Schedule (MAS) under SIN 518210C (IT Professional Services) and SIN 54151S (Software). The product leverages AWS GovCloud infrastructure currently pursuing FedRAMP Moderate authorization. Contracting officers should specify FedRAMP Moderate requirement in SOW and ensure Mattermost provides current authorization documentation including SSP, SAR, and POA&M. Government pricing offers 25-30% discount from commercial rates with volume licensing tiers starting at 100 users. Authorization boundary includes Mattermost application layer, AWS GovCloud infrastructure, and customer data encryption components. COs must approve data location restrictions (US persons only), encryption key management procedures, and incident response protocols. Typical procurement timeline spans 60-90 days including security review, ATO documentation validation, and technical implementation. For CMMC assessment boundary inclusion, ensure Mattermost deployment covers all CUI collaboration workflows and document integration touchpoints with existing DoD systems. Recommend pilot deployment with 50-100 users before full enterprise rollout. Include data retention policies, backup procedures, and disaster recovery requirements in contract terms. Verify contractor compliance with DFARS 252.204-7012 for CUI handling and 252.239-7010 for cloud computing services.
Compliance Cross-References
Mattermost for Government's FedRAMP Moderate pursuit directly supports DFARS 252.204-7012 CUI protection requirements through encryption-at-rest and in-transit capabilities. The platform addresses DFARS 252.239-7010 cloud computing requirements via AWS GovCloud deployment with US-person administration. NIST 800-171 control family mapping includes: Access Control (AC) through role-based permissions and multi-factor authentication; System and Communications Protection (SC) via TLS 1.3 encryption and network segmentation; Audit and Accountability (AU) through comprehensive logging and monitoring capabilities. For CMMC Level 2 compliance, Mattermost satisfies Access Control (AC.1.001-AC.2.016), System and Information Integrity (SI.1.210-SI.2.214), and Identification and Authentication (IA.1.076-IA.2.081) domains. The platform's encryption capabilities support Controlled Unclassified Information (CUI) handling requirements under 32 CFR 2002. DoD Cloud Computing SRG Impact Level 2 requirements are met through FedRAMP Moderate baseline controls, with plans for IL4 certification pending DoD validation.
Defense Contractor Use Case
Defense contractors evaluate Mattermost for secure team messaging when they need self-hosted deployment options, custom integrations, or air-gapped communication capabilities.
Related Products
More Collaboration Products
Related Compliance Assessments
Frequently Asked Questions
What is the FedRAMP authorization level for Mattermost for Government?
Mattermost for Government is in process at the FedRAMP Moderate impact level. The FedRAMP Moderate baseline includes approximately 325 security controls covering confidentiality, integrity, and availability.
Can defense contractors use Mattermost for Government for CUI?
Mattermost for Government is authorized at the FedRAMP Moderate baseline. While FedRAMP Moderate covers a broad range of government data, defense contractors handling CUI should carefully evaluate whether Moderate controls meet their specific DFARS 252.204-7012 and NIST 800-171 requirements. Some CUI categories may require FedRAMP High authorization depending on the sensitivity of the data and contract requirements.
How does Mattermost for Government pricing compare to commercial?
Mattermost for Government government pricing is generally competitive with commercial pricing, though the government edition may carry a premium of 10-20% to cover FedRAMP compliance and dedicated infrastructure costs. Mid-market organizations can often access government pricing through GSA Schedule contracts or reseller partners. Contact Mattermost for a quote tailored to your organization size and requirements.
Browse All FedRAMP Authorized Tools
Search and filter 80+ FedRAMP authorized products for your defense contracting needs.
Open FedRAMP FinderTrack Mattermost for Government FedRAMP compliance updates with AI-powered intelligence
Signals matches SAM.gov opportunities to your profile, monitors regulatory changes, and alerts you before competitors. Free for 90 days.
Start Free — 90 Days