I seem to recall that there was some problem with using sFTP in some government environments, but now I need to know if it poses a risk on a FedRAMP-compliant project.
Asked
Active
Viewed 284 times
0
-
Can you clarify and provide some documentation around the issue with SFTP in government environments? Without knowing the specific use cases, it would be difficult to provide information on workarounds or attempting to solve for compliance with FedRAMP. – h4ckNinja Jul 14 '19 at 17:53
-
Specifically, my question was dealing with allowing the use of sFTP in a FedRAMP-compliant project. I understand there is a difference between sFTP and FTPS, and thought I'd heard somewhere that one or both of these was not recommended in federal environments--however I'm only concerned with sFTP. Is sFTP frowned upon or is it an acceptable solution to transfer government-regulated or sensitive data, such as Personally Identifiable Information (PII)? If acceptable, are there specific configuration parameters that must be applied--or would it be just fine to use out of the box? – ShieldOfSalvation Jul 15 '19 at 18:14
-
This would depend on multiple scenarios such as the use of a CAP? and the IL level designation of the information. – Christopher Holloway Feb 13 '19 at 13:45