FedRAMP Moderate

E310853

FedRAMP Moderate is a U.S. federal security authorization level for cloud services that handle sensitive but unclassified data, requiring robust controls to protect confidentiality, integrity, and availability.

All labels observed (2)

Label Occurrences
FedRAMP Moderate canonical 1
FedRAMP Moderate impact level 1

How this entity was disambiguated

Statements (49)

Predicate Object
instanceOf FedRAMP impact level
U.S. federal security authorization level
appliesTo cloud service providers
federal information systems
authorizationSponsor U.S. federal agencies
authorizationType Agency Authorization to Operate
Provisional Authorization to Operate
basedOn FIPS 199
surface form: FIPS 199 security categorization

FIPS 200 minimum security requirements
NIST SP 800-53
surface form: NIST SP 800-53 security controls
controlBaselineSize fewer controls than FedRAMP High
more controls than FedRAMP Low
country United States of America
surface form: United States
dataSensitivity Controlled Unclassified Information
sensitive but unclassified data
documentationIncludes continuous monitoring strategy
plan of action and milestones
security assessment plan
security assessment report
governingFramework FedRAMP Program Management Office
surface form: FedRAMP
impactLevel moderate
objective standardize security requirements for moderate-impact cloud services
overseenBy FedRAMP Program Management Office
protects availability
confidentiality
integrity
regulates cloud services
relatedStandard FedRAMP High impact level
surface form: FedRAMP High

FedRAMP Low
requires access control mechanisms
audit and accountability controls
authorization to operate
configuration management controls
contingency planning
continuous monitoring
incident response capabilities
independent security assessment
personnel security controls
physical and environmental protection controls
risk assessment
security authorization
system and communications protection controls
system and information integrity controls
system security plan
requiresAssessmentBy Third Party Assessment Organization
sector public sector cloud security
typicalUseCase federal business operations
mission support systems
systems where loss would have serious adverse effect

How these facts were elicited

Referenced by (2)

Full triples — surface form annotated when it differs from this entity's canonical label.

cloud.gov platform complianceLevel FedRAMP Moderate
FedRAMP Joint Authorization Board Provisional ATO mayCover FedRAMP Moderate
this entity surface form: FedRAMP Moderate impact level