The U.S. Federal Government established the Federal Risk and Authorization Management Program (FedRAMP), a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. All Federal agency cloud deployments and service models, other than certain on-premises private clouds, must meet FedRAMP requirements at the appropriate risk impact level (Low, Moderate, or High).
Google’s FedRAMP status is posted on the government’s website: FedRAMP Marketplace.
How can I get FedRAMP compliance for my solution that uses Google Cloud?
FedRAMP allows for varying levels of inheritance for cloud service providers (CSPs) using FedRAMP-authorized infrastructure, platforms, and services. This initial analysis of control vs. inheritance will ultimately determine how much compliance responsibility you will hold as a CSP. For example, if your organization prefers to build the entire stack of your application, you will also create more customer responsibility/obligation during evaluation by your Authorizing Official. If you use Platform as a Service or Software as a Service, there is likely to be a lesser compliance burden.
Once you have selected your FedRAMP-authorized services, Google can help you configure your solution through service-specific configuration guides or direct engagement with FedRAMP experts in our Professional Services organization.