Share This:

We’re delighted to share that Alderstone CMT can now be used as an onboarding tool for migrations, implementations and other services related to BMC Helix FedRAMP offerings.


US Federal customers with on-premise Remedy ITSM systems can now seamlessly migrate to BMC Helix with no data loss, no operational impact and with the peace of mind that their security is assured.



“We have included Alderstone CMT as a component within the FedRAMP Moderate authorization boundary.  It has been specifically documented as a migration utility for the purpose of onboarding.  For comparison purposes, it is similar to DevStudio (for development and integrations) and Messaging Services (email integration), since they are considered an integral part of the complete BMC cloud service offering.”

Scot Shepard , Sr Manager & SaaS Information Security Officer


What is FedRAMP?

FedRAMP simplifies security for the digital age by providing a standardized approach to security for the cloud.

FedRAMP facilitates the shift from insecure, tethered, tedious IT to secure, mobile, nimble, and quick IT.

The FedRAMP Program Management Office (PMO) mission is to promote the adoption of secure cloud services across the Federal Government by providing a standardized approach to security and risk assessment.


BMC Helix & FedRAMP

BMC Helix services for the Federal Risk and Authorization Management Program (FedRAMP) are designed to comply with U.S. federal agency-specific processes for assessing and authorizing federal cloud computing products and services. FedRAMP consists of a subset of National Institute of Standards and Technology Special Publication (NIST SP) 800-53 security controls specifically selected to provide protection in cloud environments. BMC's FedRAMP certification is defined for the Federal Information Processing Standards (FIPS) 199 Moderate impact level. The FedRAMP services are staffed by U.S. personnel in U.S. data centers.

BMC obtained its FedRAMP authority to operate (ATO) authorization in April of 2016. Led by the SaaS Chief Information Security Officer, the FedRAMP team works continually to insure the latest releases of Helix applications and supporting components meet the compliance standards set by the FedRAMP program. FedRAMP testing is conducted annually by a third-party. BMC offers the following services with the ATO:

  • BMC Helix ITSM
  • BMC Helix Digital Workplace Basic
  • BMC Helix Digital Workplace Advanced
  • BMC Helix Custom Applications
  • BMC Helix Premium Connector
  • BMC Helix Business Workflows
  • BMC Helix Multi-Cloud Service Management

Read more here: