Stay organized with collections Save and categorize content based on your preferences.
FedRAMP logo

U.S. | Government and public sector

FedRAMP

The U.S. Federal Government established the Federal Risk and Authorization Management Program (FedRAMP), a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. All Federal agency cloud deployments and service models, other than certain on-premises private clouds, must meet FedRAMP requirements at the appropriate risk impact level (Low, Moderate, or High).

Google’s FedRAMP status is posted on the government’s website: FedRAMP Marketplace.

Google Cloud services and authorized regions that are covered by FedRAMP

FedRAMP Package ID FR1805751477

*Note that all Google Cloud services covered by FedRAMP High are also covered by FedRAMP Moderate

*Note: FedRAMP Moderate and FedRAMP High platforms implement controls restricting TLS 1.1/1.0 connections at the domain level.

Access Context Manager
Access Transparency
AI Platform Training and Prediction (formerly Cloud Machine Learning Engine)
Anthos Config Management (ACM)
Anthos Identity Service
Anthos Service Mesh
Apigee
Assured Workloads
AutoML Natural Language
AutoML Tables
AutoML Translation
AutoML Video Intelligence
AutoML Vision
Beyondcorp Enterprise
BigQuery Data Transfer Service
Binary Authorization
Care Studio (Cloud Healthcare Search)
CCAI Insights
Certificate Authority Service
Chronicle SIEM (formerly Chronicle Security)
Cloud Billing API
Cloud Build
Cloud CDN
Cloud Composer
Cloud Data Fusion
Cloud Data Loss Prevention
Cloud Debugger
Cloud Deployment Manager
Cloud Endpoints
Cloud External Key Manager
Cloud Functions
Cloud Functions for Firebase
Cloud Healthcare API
Cloud IDS
Cloud Interconnect
Cloud Life Sciences (formerly Google Genomics)
Cloud Load Balancing
Cloud Monitoring
Cloud NAT (Network Address Translation)
Cloud Natural Language API
Cloud Profiler
Cloud Router
Cloud Run (fully managed)
Cloud Run for Anthos
Cloud Scheduler
Cloud Shell
Cloud Source Repositories
Cloud Storage for Firebase
Cloud Tasks
Cloud Trace (formerly Stackdriver Trace)
Cloud Translation
Cloud Vision API
Cloud VPN
Connect
Contact Center AI (CCAI)
Data Catalog
Database Migration Service
Datalab
Datastore
Dialogflow
Document AI
Filestore (Basic HDD and Basic SSD tiers)
Game Servers
Google Cloud App
Google Cloud Armor
Google Cloud CLI
Google Cloud console
Google Cloud Marketplace
Identity Platform
Google Cloud Identity-Aware Proxy
GKE Hub
IoT Core
Key Access Justifications (KAJ)
Looker Studio (including Pro formerly Google Data Studio)
Network Connectivity Center
Network Service Tiers
Resource Manager API
Secret Manager
Security Command Center (including Web Security Scanner) (formerly Cloud Security Scanner)
Service Directory
Service Infrastructure (formerly Service Control; includes Service Management API and Service Consumer Management API)
Speech-to-Text
Storage Transfer Service
Talent Solution
Text-to-Speech
Video Intelligence API
Vertex AI Workbench User Managed Notebooks (formerly AI Platform Notebooks)
VPC Service Controls
Web Risk API
Workflows

*Note: FedRAMP Moderate and FedRAMP High platforms implement controls restricting TLS 1.1/1.0 connections at the domain level.

Google Workspace Enterprise Plus
Google Workspace Enterprise Standard
Google Workspace Business Plus
Google Workspace Business Standard

FedRAMP Package ID F1206081364

*Note that Admin Console and Cloud Identity are now part of the Google Services package (FR1805751477)

*Note: FedRAMP Moderate and FedRAMP High platforms implement controls restricting TLS 1.1/1.0 connections at the domain level.

Calendar
Docs
Drive
Forms
Gmail
Google Chat
Google Meet
Keep
New Sites
Sheets
Slides
Vault

FedRAMP Package ID F1206081364

*Note that Admin Console and Cloud Identity are now part of the Google Services package (FR1805751477)

*Note: FedRAMP Moderate and FedRAMP High platforms implement controls restricting TLS 1.1/1.0 connections at the domain level.

Android and Chrome Device Management
Chrome Sync (for Google Workspace for Education domains only)
Classroom
Cloud Search (including 3P)
Contacts
Docs APIs
Apps Activity API
Calendar API
Contacts API
Drive REST API (replaced Documents List API)
Gmail REST API (replaced Email Migration API)
Sheets API
Sites API
Tasks API
Drawings
Google Workspace Security Center (for Enterprise Plus and Google Workspace for Education Plus domains only)
Google Tasks
Groups for Business
Google Meet Live Stream
Google Voice
Jamboard
Secure LDAP

All Google Cloud regions covered by FedRAMP High are also covered by FedRAMP Moderate

Oregon (us-west1) - FedRAMP High
Los Angeles (us-west2) - FedRAMP High
Salt Lake City (us-west3) - FedRAMP High
Las Vegas (us-west4) - FedRAMP High
Iowa (us-central1) - FedRAMP High
Oklahoma (us-central2) - FedRAMP High
South Carolina (us-east1) - FedRAMP High
Northern Virginia (us-east4) - FedRAMP High
Columbus (us-east5) - FedRAMP High
Dallas (us-south1) - FedRAMP High
Montreal (northamerica-northeast1) - FedRAMP Moderate
Sao Paulo (southamerica-east1) - FedRAMP Moderate
Belgium (europe-west1) - FedRAMP Moderate
London (europe-west2) - FedRAMP Moderate
Frankfurt (europe-west3) - FedRAMP Moderate
Netherlands (europe-west4) - FedRAMP Moderate
Finland (europe-north1) - FedRAMP Moderate
Mumbai (asia-south1) - FedRAMP Moderate
Singapore (asia-southeast1) - FedRAMP Moderate
Taiwan (asia-east1) - FedRAMP Moderate
Tokyo (asia-northeast1) - FedRAMP Moderate
Sydney (australia-southeast1) - FedRAMP Moderate
Zurich (europe-west6) - FedRAMP Moderate
Warsaw (europe-central2) - FedRAMP Moderate
Jakarta (asia-southeast2) - FedRAM Moderate
Osaka (asia-northeast2) - FedRAMP Moderate
Seoul (asia-northeast3) - FedRAMP Moderate

FAQs

FedRAMP allows for varying levels of inheritance for cloud service providers (CSPs) using FedRAMP-authorized infrastructure, platforms, and services. This initial analysis of control vs. inheritance will ultimately determine how much compliance responsibility you will hold as a CSP. For example, if your organization prefers to build the entire stack of your application, you will also create more customer responsibility/obligation during evaluation by your Authorizing Official. If you use Platform as a Service or Software as a Service, there is likely to be a lesser compliance burden.

Once you have selected your FedRAMP-authorized services, Google can help you configure your solution through service-specific configuration guides or direct engagement with FedRAMP experts in our Professional Services organization.

Google is one of the first hyperscale commercial cloud providers to achieve FedRAMP High on a commercial public cloud offering, and is one of the largest providers of FedRAMP services available on the market today. In the past, hyperscale providers have separated their “govclouds” from their commercial cloud offerings to meet FedRAMP High requirements. This resulted in degraded service offerings, lower service availability, and higher operational cost. Google Cloud’s FedRAMP High authorization enables government agencies processing high impact workloads to adopt technology at a much higher velocity and at the same scale as commercial customers. It also provides a much-needed boost to competition in the US Government’s public cloud market, giving the public sector a greater range of choices in technology mix and cloud providers than ever before with plans to continue expanding the authorized product offerings.

FedRAMP terms and conditions flow down from our public sector procurement partner, Carahsoft, so if you are interested in FedRAMP on Google Cloud, please contact them here.

Related offerings

NIST 800-53

Learn more

FIPS 140-2 Validated

Learn more

NIST 800-34

Learn more

U.S. Defense Information Systems Agency Provisional Authorization

Learn more

Take the next step

Start building on Google Cloud with $300 in free credits and 20+ always free products.

Get started for free

Take the next step

Start your next project, explore interactive tutorials, and manage your account.

Contact sales