ChargePoint and Chargie, a smaller provider of EV charging, have been granted certification by the Federal Risk and Authorization Management Program, most commonly known as FedRAMP.
“It’s important because there’s a massive expansion of EV adoption across federal agencies, and the U.S. in general, right now,” said Teza Mukkavilli, CIO and chief information security officer for ChargePoint.
The company began working with the U.S. General Services Administration, which served as the sponsor for the FedRAMP certification process. The GSA had never taken on a charging network vendor, said Mukkavilli.
“So this was a whole new learning experience for them, a learning experience for us,” he added.
FedRAMP certification gives assurance to the many federal agencies that are now quickly transitioning vehicle fleets to EVs, and installing charging infrastructure, that ChargePoint and Chargie have the proper security infrastructure and protocols built into the systems and software.
“To meet our FedRAMP requirements we built a whole new isolated portion of our software, so we’ve isolated the new software from our existing commercial customers,” Mukkavilli explained, adding, the FedRAMP certification opens up a constant monitoring process to create a “culture of continual compliance.”
The certification gives the assurance to agencies like the U.S. Postal Service, which is currently involved in the nation's largest electric fleet rollout with some 66,000 delivery EVs and 14,000 chargers.
Charging networks handle large volumes of sensitive data related to personal identifiable information (PII), data related to the type of vehicle and its location, not to mention payment data.
“Our customers have an extra level of assurance now that these companies will receive FedRAMP authorization. It’s a win for small businesses and for expanding our country’s vehicle electrification infrastructure,” said GSA Administrator Robin Carnahan, in a statement.
More collaboration among network providers, government agencies, utilities and others is a natural trend as the electric vehicle evolution continues, and the driving experience becomes more digital and data heavy. These digital interactions will require the kinds of cybersecurity safeguards certifications like FedRAMP or StateRAMP ensures.
“I call FedRAMP the mother of all security certifications, given the intensity and the number of stages you have to get through to be certified. It definitely covers a lot more ground,” said Mukkavilli. “It definitely provides a lot more assurance for our customers, whether they are federal or commercial.”
ChargePoint has taken a lot of the learnings from the new isolated aspects of its software and integrated these into the commercial side of the business.
“There’s definitely that cross-pollination that happens to improve security for all customers,” said Mukkavilli.