turbot/aws_compliance

Benchmark: FedRAMP Low Revision 4

To obtain the latest version of the official guide, please download https://www.fedramp.gov/assets/resources/documents/FedRAMP_Low_Security_Controls.xlsx.

Overview

The Federal Risk and Authorization Management Program (FedRAMP) is a US government-wide program that delivers a standard approach to the security assessment, authorization, and continuous monitoring for cloud products and services.

It is important that Cloud Service Providers (CSPs) understand the impact level of their offering(s) and correlated security categorization when developing their authorization strategy. Cloud Service Offerings (CSOs) are categorized into one of three impact levels: Low, Moderate, and High; and across three security objectives: Confidentiality, Integrity, and Availability:

  • Confidentiality: Information access and disclosure includes means for protecting personal privacy and proprietary information.

  • Integrity: Stored information is sufficiently guarded against modification or destruction.

  • Availability: Ensuring timely and reliable access to information.

FedRAMP currently authorizes CSOs at the: Low, Moderate, and High impact levels.

Low Impact Level

FedRAMP low impact level is the standard for cloud computing security for cloud service offerings (CSOs). This applies where the loss of confidentiality, integrity, and availability of data would result in limited adverse effects on a federal agency’s operations, assets, or individuals. FedRAMP currently has two baseline levels for systems with low-impact data: low baseline and low-impact SaaS. The low impact level is most appropriate for CSPs that will handle federal information intended for public use. Any loss of data at this level wouldn’t compromise an agency’s mission, safety, finances, or reputation.

Usage

Install the mod:

mkdir dashboards
cd dashboards
powerpipe mod init
powerpipe mod install github.com/turbot/steampipe-mod-aws-compliance

Start the Powerpipe server:

steampipe service start
powerpipe server

Open http://localhost:9033 in your browser and select FedRAMP Low Revision 4.

Run this benchmark in your terminal:

powerpipe benchmark run aws_compliance.benchmark.fedramp_low_rev_4

Snapshot and share results via Turbot Pipes:

powerpipe benchmark run aws_compliance.benchmark.fedramp_low_rev_4 --share

Benchmarks

Tags