U.S. | Government and public sector

FedRAMP

The U.S. Federal Government established the Federal Risk and Authorization Management Program (FedRAMP), a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. All Federal agency cloud deployments and service models, other than certain on-premises private clouds, must meet FedRAMP requirements at the appropriate risk impact level (Low, Moderate, or High).

Google’s FedRAMP status is posted on the government’s website: FedRAMP Marketplace.

Google Cloud services and authorized regions that are covered by FedRAMP

FedRAMP Package ID FR1805751477

*Note that all Google Cloud services covered by FedRAMP High are also covered by FedRAMP Moderate

*Note: FedRAMP Moderate and FedRAMP High platforms implement controls restricting TLS 1.1/1.0 connections at the domain level.

App Engine

BigQuery

Cloud Bigtable

Cloud Data Loss Prevention

Cloud DNS

Cloud HSM

Cloud Identity

Cloud Key Management Service

Cloud Logging

Cloud Spanner

Cloud SQL

Cloud Storage

Compute Engine

Container Registry

Dataflow

Dataproc

Firestore

Google Kubernetes Engine

Admin Console (including Admin SDK, Directory Sync)

Identity & Access Management (IAM)

Memorystore

Persistent Disk

Pub/Sub

Virtual Private Cloud

FedRAMP Package ID FR1805751477

*Note that all Google Cloud services covered by FedRAMP High are also covered by FedRAMP Moderate

*Note: FedRAMP Moderate and FedRAMP High platforms implement controls restricting TLS 1.1/1.0 connections at the domain level.

Access Context Manager

Access Transparency

AI Platform Training and Prediction (formerly Cloud Machine Learning Engine)

Anthos Config Management (ACM)

Anthos Identity Service

Anthos Service Mesh

Apigee

Assured Workloads

AutoML Natural Language

AutoML Tables

AutoML Translation

AutoML Video Intelligence

AutoML Vision

Beyondcorp Enterprise

BigQuery Data Transfer Service

Binary Authorization

Care Studio (Cloud Healthcare Search)

CCAI Insights

Certificate Authority Service

Chronicle SIEM (formerly Chronicle Security)

Cloud Billing API

Cloud Build

Cloud CDN

Cloud Composer

Cloud Data Fusion

Cloud Data Loss Prevention

Cloud Debugger

Cloud Deployment Manager

Cloud Endpoints

Cloud External Key Manager

Cloud Functions

Cloud Functions for Firebase

Cloud Healthcare API

Cloud IDS

Cloud Interconnect

Cloud Life Sciences (formerly Google Genomics)

Cloud Load Balancing

Cloud Monitoring

Cloud NAT (Network Address Translation)

Cloud Natural Language API

Cloud Profiler

Cloud Router

Cloud Run (fully managed)

Cloud Run for Anthos

Cloud Scheduler

Cloud Shell

Cloud Source Repositories

Cloud Storage for Firebase

Cloud Tasks

Cloud Trace (formerly Stackdriver Trace)

Cloud Translation

Cloud Vision API

Cloud VPN

Connect

Contact Center AI (CCAI)

Data Catalog

Database Migration Service

Datalab

Datastore

Dialogflow

Document AI

Filestore (Basic HDD and Basic SSD tiers)

Game Servers

Google Cloud App

Google Cloud Armor

Google Cloud CLI

Google Cloud console

Google Cloud Marketplace

Identity Platform

Google Cloud Identity-Aware Proxy

GKE Hub

IoT Core

Key Access Justifications (KAJ)

Looker Studio (including Pro formerly Google Data Studio)

Network Connectivity Center

Network Service Tiers

Resource Manager API

Secret Manager

Security Command Center (including Web Security Scanner) (formerly Cloud Security Scanner)

Service Directory

Service Infrastructure (formerly Service Control; includes Service Management API and Service Consumer Management API)

Speech-to-Text

Storage Transfer Service

Talent Solution

Text-to-Speech

Video Intelligence API

Vertex AI Workbench User Managed Notebooks (formerly AI Platform Notebooks)

VPC Service Controls

Web Risk API

Workflows

*Note: FedRAMP Moderate and FedRAMP High platforms implement controls restricting TLS 1.1/1.0 connections at the domain level.

Google Workspace Enterprise Plus

Google Workspace Enterprise Standard

Google Workspace Business Plus

Google Workspace Business Standard

*Note: FedRAMP Moderate and FedRAMP High platforms implement controls restricting TLS 1.1/1.0 connections at the domain level.

Google Workspace Business Starter

Google Workspace Frontline Edition

Google Workspace for Education

Google Workspace for Education Fundamentals

Google Workspace for Education Plus

Google Workspace for Education Standard

Google Workspace Enterprise Essentials

Google Workspace Enterprise Plus

Google Workspace for Nonprofits

Google Workspace for Governments

Teaching & Learning Upgrade

FedRAMP Package ID F1206081364

*Note that Admin Console and Cloud Identity are now part of the Google Services package (FR1805751477)

*Note: FedRAMP Moderate and FedRAMP High platforms implement controls restricting TLS 1.1/1.0 connections at the domain level.

Calendar

Docs

Drive

Forms

Gmail

Google Chat

Google Meet

Keep

New Sites

Sheets

Slides

Vault

FedRAMP Package ID F1206081364

*Note that Admin Console and Cloud Identity are now part of the Google Services package (FR1805751477)

*Note: FedRAMP Moderate and FedRAMP High platforms implement controls restricting TLS 1.1/1.0 connections at the domain level.

Android and Chrome Device Management

Chrome Sync (for Google Workspace for Education domains only)

Classroom

Cloud Search (including 3P)

Contacts

Docs APIs

Apps Activity API

Calendar API

Contacts API

Drive REST API (replaced Documents List API)

Gmail REST API (replaced Email Migration API)

Sheets API

Sites API

Tasks API

Drawings

Google Workspace Security Center (for Enterprise Plus and Google Workspace for Education Plus domains only)

Google Tasks

Groups for Business

Google Meet Live Stream

Google Voice

Jamboard

Secure LDAP

All Google Cloud regions covered by FedRAMP High are also covered by FedRAMP Moderate

Oregon (us-west1) - FedRAMP High

Los Angeles (us-west2) - FedRAMP High

Salt Lake City (us-west3) - FedRAMP High

Las Vegas (us-west4) - FedRAMP High

Iowa (us-central1) - FedRAMP High

Oklahoma (us-central2) - FedRAMP High

South Carolina (us-east1) - FedRAMP High

Northern Virginia (us-east4) - FedRAMP High

Columbus (us-east5) - FedRAMP High

Dallas (us-south1) - FedRAMP High

Montreal (northamerica-northeast1) - FedRAMP Moderate

Sao Paulo (southamerica-east1) - FedRAMP Moderate

Belgium (europe-west1) - FedRAMP Moderate

London (europe-west2) - FedRAMP Moderate

Frankfurt (europe-west3) - FedRAMP Moderate

Netherlands (europe-west4) - FedRAMP Moderate

Finland (europe-north1) - FedRAMP Moderate

Mumbai (asia-south1) - FedRAMP Moderate

Singapore (asia-southeast1) - FedRAMP Moderate

Taiwan (asia-east1) - FedRAMP Moderate

Tokyo (asia-northeast1) - FedRAMP Moderate

Sydney (australia-southeast1) - FedRAMP Moderate

Zurich (europe-west6) - FedRAMP Moderate

Warsaw (europe-central2) - FedRAMP Moderate

Jakarta (asia-southeast2) - FedRAMP Moderate

Osaka (asia-northeast2) - FedRAMP Moderate

Seoul (asia-northeast3) - FedRAMP Moderate

FAQs

FedRAMP allows for varying levels of inheritance for cloud service providers (CSPs) using FedRAMP-authorized infrastructure, platforms, and services. This initial analysis of control vs. inheritance will ultimately determine how much compliance responsibility you will hold as a CSP. For example, if your organization prefers to build the entire stack of your application, you will also create more customer responsibility/obligation during evaluation by your Authorizing Official. If you use Platform as a Service or Software as a Service, there is likely to be a lesser compliance burden.

Once you have selected your FedRAMP-authorized services, Google can help you configure your solution through service-specific configuration guides or direct engagement with FedRAMP experts in our Professional Services organization.

Google is one of the first hyperscale commercial cloud providers to achieve FedRAMP High on a commercial public cloud offering, and is one of the largest providers of FedRAMP services available on the market today. In the past, hyperscale providers have separated their “govclouds” from their commercial cloud offerings to meet FedRAMP High requirements. This resulted in degraded service offerings, lower service availability, and higher operational cost. Google Cloud’s FedRAMP High authorization enables government agencies processing high impact workloads to adopt technology at a much higher velocity and at the same scale as commercial customers. It also provides a much-needed boost to competition in the US Government’s public cloud market, giving the public sector a greater range of choices in technology mix and cloud providers than ever before with plans to continue expanding the authorized product offerings.

FedRAMP terms and conditions flow down from our public sector procurement partner, Carahsoft, so if you are interested in FedRAMP on Google Cloud, please contact them here.