IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [fedramp]

The Federal Risk and Authorization Management Program (FedRAMP) is a US government program for standardized security assessment.

5 questions
2
votes
1 answer

What are the FEDRAMP "complementary controls"?

Quoting the FedRAMP official FAQ: FedRAMP requirements include additional controls above the standard NIST baseline controls in NIST SP 800-53 Revision 4. These additional controls address the unique elements of cloud computing to ensure all…
niilzon
  • 1,587
  • 2
  • 10
  • 17
1
vote
1 answer

Do I need to keep production Docker/container images?

Context My company is developing a SaaS solution that needs to conform to PCI-DSS L1 for sure, and possibly FedRAMP and other frameworks later. We can do continuous deployment with feature flagged/canary releases, with multiple releases a day.…
aries1980
  • 13
  • 4
1
vote
1 answer

AWS Private CM and FedRamp compliance for TLS

Is the use of a private, auto-signed certificate, created and managed by AWS Private CM, and use in internal TLS communication, for endpoints that do not require external verification, and do not have external access, in compliance with FedRamp…
MasterOfTheHouse
  • 111
  • 4
0
votes
0 answers

Google Cloud and Private CM on Microsoft Windows and FedRamp compliance for TLS

Is it possible to use Private Certificate Authority based on Microsoft Windows Servers for protection SSL/TLS connections in FedRAMP environment on Google Cloud?
taulatin
  • 1
0
votes
0 answers

FedRamp Moderate question about hashing MD5

If I use MD5 but not for cryptography purposes, and not for any authentication or authorization mechanism, Am I in violation of FedRamp Moderate?
MasterOfTheHouse
  • 111
  • 4