FedRAMP Low
E1023369
FedRAMP Low is a baseline security authorization level within the U.S. Federal Risk and Authorization Management Program designed for cloud systems handling the least sensitive federal information and requiring minimal security controls.
Statements (49)
| Predicate | Object |
|---|---|
| instanceOf |
FedRAMP security baseline
ⓘ
information security standard ⓘ |
| appliesTo |
cloud service offerings
ⓘ
federal information systems ⓘ |
| assessmentPerformedBy | Third Party Assessment Organization ⓘ |
| authorizationBoundary | applies to systems categorized as low impact under FIPS 199 ⓘ |
| authorizationType | security authorization baseline ⓘ |
| basedOnStandard |
FIPS 199
NERFINISHED
ⓘ
NIST SP 800-53 NERFINISHED ⓘ |
| controlFamilyCoverage |
access control
ⓘ
audit and accountability ⓘ configuration management ⓘ contingency planning ⓘ identification and authentication ⓘ incident response ⓘ maintenance ⓘ media protection ⓘ physical and environmental protection ⓘ risk assessment ⓘ system and communications protection ⓘ system and information integrity ⓘ |
| countryOfOrigin |
United States of America
ⓘ
surface form:
United States
|
| documentationRequirement |
Plan of Action and Milestones
ⓘ
Security Assessment Plan NERFINISHED ⓘ Security Assessment Report ⓘ System Security Plan ⓘ |
| governingBody | FedRAMP Program Management Office NERFINISHED ⓘ |
| impactCategory |
availability low
ⓘ
confidentiality low ⓘ integrity low ⓘ |
| includes |
management security controls
ⓘ
operational security controls ⓘ technical security controls ⓘ |
| informationSensitivity | least sensitive federal information ⓘ |
| objective | to ensure adequate security for low-impact federal cloud services ⓘ |
| overseenBy |
Joint Authorization Board
NERFINISHED
ⓘ
U.S. General Services Administration NERFINISHED ⓘ |
| partOf | Federal Risk and Authorization Management Program NERFINISHED ⓘ |
| purpose | to define minimum security requirements for low-impact federal cloud systems ⓘ |
| relatedBaseline |
FedRAMP High
GENERATED
ⓘ
FedRAMP Moderate GENERATED ⓘ |
| requires | minimal security controls compared to FedRAMP Moderate and High ⓘ |
| riskLevel |
low impact to individuals
ⓘ
low impact to organizational assets ⓘ low impact to organizational operations ⓘ |
| securityImpactLevel | low ⓘ |
| usedBy |
U.S. federal agencies
NERFINISHED
ⓘ
cloud service providers seeking FedRAMP authorization ⓘ |
| usesControlBaselineFrom | NIST SP 800-53 low baseline NERFINISHED ⓘ |
Referenced by (1)
Full triples — surface form annotated when it differs from this entity's canonical label.