persona-logo
Published May 19, 2026
Last updated May 21, 2026

Persona attains FedRAMP® Moderate Authorization status

Agencies can deploy Persona for: benefits enrollment integrity, account recovery, contractor and workforce onboarding, and secure access to digital portals.
Bobby Kozyra
Bobby Kozyra
4 min

Persona’s FedRAMP® Moderate Authorization status gives federal agencies a secure and highly configurable option for verifying users, preventing fraud, and securing digital services. 

The US Government Accountability Office (GAO) estimates the federal government loses $233 billion to $521 billion to fraudsters annually. And many agencies are facing a significant challenge as they modernize their digital operations. 

They can’t add so much complexity to identity verification processes that they inadvertently block constituents, employees, or contractors from important resources and systems. But they also need a solution that can defend against today's AI-powered threats. 

Persona for Government is modern, modular, and efficient 

Persona for Government gives agencies a configurable way to verify identities, combat AI-driven threats, and deliver secure digital services without sacrificing flexibility. 

The fraud-versus-friction dilemma isn’t exclusive to federal agencies, and Persona supports consumer-facing businesses across sectors with similar challenges, including OpenAI, Square, Lyft, and Okta. State agencies and educational institutions also turn to Persona for fraud prevention and identity verification.

FedRAMP Moderate Authorization allows agencies to confidently use Persona to verify identities for critical government services. Identity verification is essential to protecting public programs and expanding access to digital services. Persona helps agencies do both.
Stephen Eng
Federal compliance lead at Persona

Choose from an extensive verification library

Persona's platform offers a variety of verification checks, including:

  • Government ID verification: Supports identity documents from 200+ countries and territories with fully automated decisions and advanced fraud detection. 

  • Selfie verification: Includes selfie liveness detection to detect presentation attacks and AI-spoofs, including deepfakes that fraudsters submit via advanced injection attacks. 

  • Database verifications: Matches data against multiple authoritative and issuing sources across 40+ countries. 

  • Fallback verification: Set required, step-up, and fallback options to prevent fraud and support people across different demographics and technical comfort levels. 

Unlike legacy tools that lock agencies into rigid workflows, agencies can use the no-code platform to configure, launch, and update custom collection flows in real time as the program requirements and fraud threats change. 

Automate identity operations 

Throughout each flow, Persona collects and analyzes device, network, and behavioral signals to detect signs of risk. Agencies can automate workflows to add or remove checks based on the results. 

For example, you might run a silent database verification in the background or require a selfie when someone appears risky. But when there aren’t signs of risk, you can remove additional checks to avoid the extra costs and potential delays. 

You can also customize your flows with conditional logic for different user inputs, monitor key metrics to identify areas of improvement, and edit each element (e.g., colors, padding, and button roundness) to match your agency.

Verify contractors and employees 

Persona's candidate verification and workforce IDV solutions support applicant verification, background checks, and integration with identity access management systems. 

  • Confirm interviewees’ real-world identities.

  • Detect fake job interviews where bad actors swap in someone else to interview on their behalf.

  • Secure onboarding and device enrollment by reconfirming the person's identity before granting access to workplace systems and devices.

  • Prevent account takeovers by reverifying employees’ identities during password recovery or MFA reset.

  • Reverify the identities of admins and other privileged employees before they conduct high-risk actions.

Similar to fraud use cases, with Persona, you can automate identity verification and reverification requests to reduce help desk tickets and manual review.

Persona's security controls and certifications

Persona uses multi-layered security controls, third-party audits, access controls, and continuous vulnerability scanning to protect against cyberattacks and other threats. 

In addition to the FedRAMP Moderate Authorization status, Persona's security posture is validated through a range of independent certifications and compliance frameworks:

  • Kantara IAL2 certification: Identity assurance aligned with NIST SP 800-63-3 standards for digital identity assurance at Level 2

  • SOC 2 Type II compliance: Independent validation of security, availability, and confidentiality controls

  • ISO 27001 certification: International standard for information security management systems

  • HIPAA compliance: Security requirements for handling protected health information

  • FIPS 140-2 compliance: Cryptographic modules meet federal standards for protecting sensitive information

  • NIST SP 800-53 compliance: Implementation of the federal security controls framework

  • PCI DSS compliance: Security requirements for handling payment card information.

Persona for Government is hosted on Google Cloud Platform with AES-256 encryption, TLS 1.2+, and data residency controls. And agencies get granular control over data policies, including customizable data access, storage, retention, and redaction policies.

Persona’s path to Moderate Authorization status

Persona achieved FedRAMP Moderate Authorization through the 20x Phase 2 pilot, a new process for continuous security validation. Persona was one of 13 cloud service providers selected for the pilot and was the only identity verification provider to achieve FedRAMP 20x Moderate Authorization. Additionally, Persona previously received Moderate Ready status under the traditional Rev. 5 authorization path.

Persona is now listed on the FedRAMP Marketplace and available through Carahsoft Technology Corp.

"FedRAMP Moderate Authorization gives agencies confidence that Persona can help them modernize identity verification for digital services while meeting Federal security requirements," said Harjeet Khalsa, sales director, Google federal & ISV ecosystem at Carahsoft. “Carahsoft and its reseller partners are pleased to work with Persona to give acquisition teams a straightforward path to deploying modern identity infrastructure without waiting on additional assessment cycles.”

Ready to learn more? Check out our government solutions page, contact the Carahsoft Team at [email protected], or email us directly at [email protected].

The information provided is not intended to constitute legal advice; all information provided is for general informational purposes only and may not constitute the most up-to-date information. Any links to other third-party websites are only for the convenience of the reader.
Bobby Kozyra
Bobby Kozyra
Bobby Kozyra is a former U.S. Naval Officer and the public sector GTM lead at Persona.
Continue reading