Dashboard: FedRAMP Moderate Revision 4
To obtain the latest version of the official guide, please download https://www.fedramp.gov/assets/resources/documents/FedRAMP_Moderate_Security_Controls.xlsx.
Overview
The Federal Risk and Authorization Management Program (FedRAMP) is a US government-wide program that delivers a standard approach to the security assessment, authorization, and continuous monitoring for cloud products and services.
It is important that Cloud Service Providers (CSPs) understand the impact level of their offering(s) and correlated security categorization when developing their authorization strategy. Cloud Service Offerings (CSOs) are categorized into one of three impact levels: Low, Moderate, and High; and across three security objectives: Confidentiality, Integrity, and Availability:
Confidentiality: Information access and disclosure includes means for protecting personal privacy and proprietary information.
Integrity: Stored information is sufficiently guarded against modification or destruction.
Availability: Ensuring timely and reliable access to information.
FedRAMP currently authorizes CSOs at the: Low, Moderate, and High impact levels.
Moderate Impact Level
FedRAMP moderate impact level is the standard for cloud computing security for controlled unclassified information across federal government agencies. Moderate Impact systems accounts for nearly 80% of CSP applications that receive FedRAMP authorization and is most appropriate for CSOs where the loss of confidentiality, integrity, and availability would result in serious adverse effects on an agency’s operations, assets, or individuals. Serious adverse effects could include significant operational damage to agency assets, financial loss, or individual harm that is not loss of life or physical.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-aws-compliance
Start the Powerpipe server:
steampipe service startpowerpipe server
Open http://localhost:9033 in your browser and select FedRAMP Moderate Revision 4 dashboard.
You could also snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe benchmark run aws_compliance.benchmark.fedramp_moderate_rev_4 --share
Benchmark
This dashboard is automatically generated from the following benchmark:
benchmark.fedramp_moderate_rev_4