Digital Transformation
FedRAMP

Q&A: Inside DSS’ Journey to FedRAMP Authorization

As secure cloud adoption becomes a cornerstone of federal health IT modernization, DSS is actively advancing through the FedRAMP authorization lifecycle for its DSS Health Cloud (DSSHC) platform as a service (PaaS). With the goal of achieving FedRAMP High impact level certification, DSS is reinforcing its long-standing commitment to data security, operational integrity, and trusted Veteran care. 

In this Q&A, Julie Yost, FedRAMP program manager at DSS, explains what FedRAMP is, why it matters for agencies and commercial partners alike, and how DSS is navigating the multi-phase certification process to unlock new opportunities across the federal health care landscape. 

 

Q: Let’s start at the top. What is FedRAMP, and why is it such a critical certification for cloud service providers, especially in the federal health care space?  

Julie: FedRAMP, or the Federal Risk and Authorization Management Program, is a government-wide program that provides a standardized approach to security assessments, authorizations, and continuous monitoring of cloud products and services that are used by federal agencies. 

It ensures that cloud service providers (CSPs) meet stringent federal security standards before they can even offer products and services to the federal government. The certification is essentially a prerequisite for doing business in the federal space. 

Achieving the certification proactively positions DSS in the FedRAMP Marketplace, where agencies can select providers, whose services meet those requirements. 

 

Q: DSS Health Cloud is progressing through the FedRAMP lifecycle. Can you walk us through the three main phases and where DSS currently stands? 

Julie: Sure. There are three designations used within the federal marketplace:  

  • FedRAMP Ready means a CSP is ready to pursue authorization and has passed the initial assessment. 
  • FedRAMP In Process means the CSP is actively working with a federal sponsor to achieve authorization. 
  • FedRAMP Authorized – that’s our golden ticket – means the CSP has completed the process, and their security package is available for reuse by other agencies. 

 

The DSS Health Cloud (DSSHC) was granted FedRAMP In Process status and it is now listed in the FedRAMP Marketplace. 

The “In Process” designation means DSS is actively working toward full FedRAMP authorization in collaboration with the Department of Veterans Affairs (VA). To reach this point, DSSHC has demonstrated real-world use, a contract award, and prior approval as FedRAMP Ready, which are all prerequisites for listing officially in the Marketplace.  

 

Q: What role does your sponsoring federal agency play in this process? 

 Julie: The Department of Veterans Affairs (VA) is our sponsor. The VA has been DSS’s main customer since the company was formed.  

We currently have more than 20 products and over 250 contracts with them, so they know who we are, that we have a strong reputation, and we have multiple points of contact. Their involvement has helped drive the project forward, and we’ve been able to lean on those relationships when needed, especially if there are any delays. 

 

Q: Why did DSS aim for the FedRAMP High certification level, and what does that say about your team’s priorities? 

Julie: As a leader in health IT, DSS supports FedRAMP’s goals of increasing the adoption, trustworthiness, and consistency of secure cloud solutions in the U.S. federal government. 

That certification is a key milestone as we continue to communicate our offering as a cloud services provider to the VA and other prospective federal agencies, and even the commercial market. 

In addition, the DSSHC includes stand-alone software as a service (SaaS) applications and Juno EHR, which is poised to be the first electronic health record (EHR) to gain the FedRAMP High designation. This is a huge milestone!  

 

Q: How does FedRAMP benefit federal agencies, and even commercial partners? 

Julie: For federal agencies, it streamlines cloud adoption, reduces costs, and ensures compliance with rigorous cybersecurity standards. 

For commercial cloud service providers like DSS, FedRAMP enhances our ability to align with the federal government's security expectations. This will ultimately help us deliver trusted, reliable, and scalable solutions that support agencies like VA in their mission to serve Veterans with excellence.  

It also reinforces internal best practices and strengthens our commitment to secure, high-impact health care delivery. 

 

Q: What does this certification mean for DSS’ future? 

Julie: Achieving this milestone promotes continuous improvement and accountability. It supports innovation and efficiency across our teams and enables us to deliver compliant, scalable, and patient-focused health care solutions. 

It will elevate our standard of care and align departments across DSS around a shared mission, which ultimately serves our Veterans. That’s really what we believe in as a company. 

Personally, I’ve contributed to this effort in various capacities over my 24 years with DSS. This is probably the largest project I’ve ever taken on. Its successful completion will open doors for future opportunity and partnership. 

There were several outstanding people involved in making this a success, and I can’t thank them enough. Everyone’s willingness to collaborate has been key to getting us to where we are today! 

 

We would like to thank Julie for sharing her insights with us. To learn more about how the DSS Health Cloud is driving a new era of federal health IT, please click here. 
View All Resources

Related Resources
News
DSS Health Cloud Achieves FedRAMP In Process Status
Read More
Digital Transformation AI
DSS Wins Third Place in the precisionFDA Veterans Cardiac Health and AI Model Predictions (V-CHAMPS) Challenge
Read More
Digital Transformation
PODCAST: FY2025 Focus on Enhancing Veteran Care
Read More