The Federal Risk and Authorization Management Program (FedRAMP) was created to provide a standardized approach for assessing the security of cloud computing services—under the Federal Information Security Management Act (FISMA)—for use by U.S. government departments and agencies. Any cloud service that will be used by a federal government agency must be FedRAMP-authorized, either through a Joint Authorization Board (JAB) provisional authorization (P-ATO) or by an Agency accreditation (ATO), and must be assessed by a third-party assessment organization (3PAO).
FedRAMP authorization is granted at three security Impact Levels (IL): Low, Moderate and High—based on the impact that data loss, including privacy data, would have upon an organization—with increasingly strict controls required for each level. FedRAMP High authorization is the highest level of authorization.
IBM Cloud for Government (IC4G) and IBM SmartCloud® for Government (SCG) meet FedRAMP High security standards.
IBM Service Descriptions (SDs) indicate if a given offering maintains FedRAMP compliance status. Services below are assessed each year.
View the IBM Cloud for Government authorization (link resides outside ibm.com)
View the IBM Smart Cloud for Government authorization (link resides outside ibm.com)
Services
- Fortigate Security Appliance
- Gateway Appliance
- Hardware Dedicated Firewall
- IBM Cloud Backup
- IBM Cloud Bare Metal
- IBM Cloud Block Storage
- IBM Cloud Direct Link Connect
- IBM Cloud Direct Link Dedicated
- IBM Cloud Direct Link Dedicated Hosting
- IBM Cloud File Storage
- IBM Cloud Load Balancer (Dedicated options)
- IBM Cloud Object Storage (IaaS)
- IBM Cloud Virtual Servers
- Microsoft MySQL
- Microsoft SQL Server
- VMware
- Request IBM FedRAMP Package (link resides outside of ibm.com)