FedRAMP

compliance

US government program providing standardized security assessment for cloud services used by federal agencies.

What is FedRAMP?

FedRAMP (Federal Risk and Authorization Management Program) standardizes cloud security assessment for federal use. Built on NIST 800-53, it defines three impact levels: Low, Moderate, and High. Authorization is granted by either an agency (Agency ATO) or the Joint Authorization Board (JAB P-ATO). Once authorized, cloud services can be used by any federal agency.

In Microsoft 365

Microsoft Azure and Microsoft 365 have FedRAMP High authorization. Organizations using M365 in government clouds (GCC, GCC High, DoD) benefit from this authorization. For their own FedRAMP compliance, organizations implement controls on top of the authorized platform.

Examples

  • 1FedRAMP Moderate (moderate impact systems)
  • 2FedRAMP High (high impact, DoD systems)
  • 3FedRAMP Tailored (low-impact SaaS)

Related TrueConfig Controls

These controls help implement and verify fedramp in your Microsoft 365 environment.

ID-04Require Phishing-Resistant MFA for All UsersPA-04Require PIM for All Privileged RolesPA-06Require FIDO2 Security Keys for AdministratorsLOG-03Stream All Security Events to SIEM in Real-Time

Frequently Asked Questions

What is FedRAMP?
US government program providing standardized security assessment for cloud services used by federal agencies.
How does FedRAMP work in Microsoft 365?
Microsoft Azure and Microsoft 365 have FedRAMP High authorization. Organizations using M365 in government clouds (GCC, GCC High, DoD) benefit from this authorization. For their own FedRAMP compliance, organizations implement controls on top of the authorized platform.
What are examples of FedRAMP?
Examples of FedRAMP include: FedRAMP Moderate (moderate impact systems), FedRAMP High (high impact, DoD systems), FedRAMP Tailored (low-impact SaaS).
Which TrueConfig controls relate to FedRAMP?
TrueConfig controls related to FedRAMP include: ID-04, PA-04, PA-06, LOG-03. These controls help implement and verify fedramp in your environment.

Related Terms

NIST 800-53

Comprehensive catalog of security and privacy controls published by the National Institute of Standards and Technology.

← Back to GlossaryBrowse Controls →