FedRAMP logo

U.S. | Government and public sector

FedRAMP

The U.S. Federal Government established the Federal Risk and Authorization Management Program (FedRAMP), a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. All Federal agency cloud deployments and service models, other than certain on-premises private clouds, must meet FedRAMP requirements at the appropriate risk impact level (Low, Moderate, or High).

Google’s FedRAMP status is posted on the government’s website: FedRAMP Marketplace.


Google Cloud services and authorized regions that are covered by FedRAMP

FedRAMP Package ID FR1805751477

*Note that all Google Cloud services covered by FedRAMP High are also covered by FedRAMP Moderate

*Note: FedRAMP Moderate and FedRAMP High platforms implement controls restricting TLS 1.1/1.0 connections at the domain level.

*Note: FedRAMP Moderate and FedRAMP High platforms implement controls restricting TLS 1.1/1.0 connections at the domain level.

FedRAMP Package ID F1206081364

*Note that Admin Console and Cloud Identity are now part of the Google Services package (FR1805751477)

*Note: FedRAMP Moderate and FedRAMP High platforms implement controls restricting TLS 1.1/1.0 connections at the domain level.

All Google Cloud regions covered by FedRAMP High are also covered by FedRAMP Moderate

FAQs

FedRAMP allows for varying levels of inheritance for cloud service providers (CSPs) using FedRAMP-authorized infrastructure, platforms, and services. This initial analysis of control vs. inheritance will ultimately determine how much compliance responsibility you will hold as a CSP. For example, if your organization prefers to build the entire stack of your application, you will also create more customer responsibility/obligation during evaluation by your Authorizing Official. If you use Platform as a Service or Software as a Service, there is likely to be a lesser compliance burden.

Once you have selected your FedRAMP-authorized services, Google can help you configure your solution through service-specific configuration guides or direct engagement with FedRAMP experts in our Professional Services organization.

Google is one of the first hyperscale commercial cloud providers to achieve FedRAMP High on a commercial public cloud offering, and is one of the largest providers of FedRAMP services available on the market today. In the past, hyperscale providers have separated their “govclouds” from their commercial cloud offerings to meet FedRAMP High requirements. This resulted in degraded service offerings, lower service availability, and higher operational cost. Google Cloud’s FedRAMP High authorization enables government agencies processing high impact workloads to adopt technology at a much higher velocity and at the same scale as commercial customers. It also provides a much-needed boost to competition in the US Government’s public cloud market, giving the public sector a greater range of choices in technology mix and cloud providers than ever before with plans to continue expanding the authorized product offerings.

FedRAMP terms and conditions flow down from our public sector procurement partner, Carahsoft, so if you are interested in FedRAMP on Google Cloud, please contact them here.

NIST 800-53

Learn more

FIPS 140-2 Validated

Learn more

NIST 800-34

Learn more

U.S. Defense Information Systems Agency Provisional Authorization

Learn more