FedRAMP security controls

E1023779

U.S. federal government standard information security requirement set security control baseline

FedRAMP security controls are a standardized set of baseline security requirements that U.S. federal agencies use to assess and authorize cloud service providers for handling government data.

Jump to: Statements Referenced by

Statements (48)

Predicate	Object
instanceOf	U.S. federal government standard ⓘ information security requirement set ⓘ security control baseline ⓘ
administeredBy	FedRAMP Program Management Office NERFINISHED ⓘ
alignedWith	Federal Information Security Modernization Act NERFINISHED ⓘ NIST Risk Management Framework NERFINISHED ⓘ
appliesTo	Infrastructure as a Service offerings for federal agencies ⓘ Platform as a Service offerings for federal agencies ⓘ Software as a Service offerings for federal agencies ⓘ cloud service providers ⓘ
basedOn	NIST SP 800-53 security controls NERFINISHED ⓘ
evaluationMethod	security assessment by Third Party Assessment Organizations ⓘ
governs	federal information in cloud computing environments ⓘ
hasComponent	FedRAMP High baseline NERFINISHED ⓘ FedRAMP Low baseline NERFINISHED ⓘ FedRAMP Moderate baseline NERFINISHED ⓘ
includes	access control requirements ⓘ audit and accountability requirements ⓘ configuration management requirements ⓘ contingency planning requirements ⓘ incident response requirements ⓘ management security controls ⓘ operational security controls ⓘ risk assessment requirements ⓘ security assessment and authorization requirements ⓘ system and communications protection requirements ⓘ system and information integrity requirements ⓘ technical security controls ⓘ
jurisdiction	United States government ⓘ surface form: United States federal government
objective	ensure consistent security posture across federal cloud services ⓘ standardize security assessment of cloud services ⓘ
partOf	Federal Risk and Authorization Management Program NERFINISHED ⓘ
purpose	assess cloud service provider security ⓘ protect U.S. government data in cloud environments ⓘ support authorization of cloud services for federal use ⓘ
requires	continuous monitoring of cloud systems ⓘ documented security policies and procedures ⓘ independent security assessment ⓘ system security plan documentation ⓘ
scope	availability of federal information in the cloud ⓘ confidentiality of federal information in the cloud ⓘ integrity of federal information in the cloud ⓘ
targetData	federal information categorized as High impact ⓘ federal information categorized as Low impact ⓘ federal information categorized as Moderate impact ⓘ
usedBy	U.S. federal agencies ⓘ
usedFor	FedRAMP Authorization to Operate NERFINISHED ⓘ FedRAMP Provisional Authorization to Operate NERFINISHED ⓘ

Referenced by (1)

Full triples — surface form annotated when it differs from this entity's canonical label.

FedRAMP Joint Authorization Board Provisional ATO → basedOn → FedRAMP security controls ⓘ