
Tenable (TENB) announced it has achieved FedRAMP High authorization, the top tier of the U.S. government's cloud security certification program. This designation allows the company to sell its flagship vulnerability management and exposure management solutions to federal agencies handling the most sensitive, controlled unclassified information — a market tier previously off-limits to Tenable without the clearance.
The win matters because the federal cybersecurity market is large and sticky: once a vendor is embedded in agency workflows, churn is extremely low and contract values tend to expand over multi-year periods. Tenable's existing commercial business posted $999.4M in revenue in FY2025, growing 11% year-over-year, with a strong 78.1% gross margin — but the company still runs at a -3.6% net margin, meaning it needs incremental high-margin revenue to push toward sustained profitability.
The bull case centers on the government channel being a genuine step-change, not a marginal win. Federal contracts tend to be multi-year, sole-source-eligible once FedRAMP High certified, and competitively insulated from commercial pricing pressure. Competitors like Qualys and Rapid7 also hold FedRAMP certifications at various levels, so Tenable is entering a competitive but defined market with credibility.
The bear case is execution lag: FedRAMP High authorization is a prerequisite, not a contract. Converting the clearance into actual pipeline and closed deals can take 12-24 months of procurement cycles. Meanwhile, the broader federal IT spending environment is politically uncertain, with DOGE-driven budget scrutiny potentially slowing new vendor awards. Investors buying the jump risk pricing in revenue that may not materialize for several quarters.
Key things to watch: whether management provides any federal pipeline color on the next earnings call, and whether peer Qualys or Rapid7 show any displacement risk in existing agency accounts now that Tenable can compete at the High tier.