While these installs are self hosted and don’t require FedRAMP accreditation they do come with a certification to field from the USAF. Along with that certification, vulnerability assessments and health scores for vendor tools are public within the Iron Bank.
CloudBees FedRAMP Status
Understanding FedRAMP Authorization and Security Requirements
FedRAMP, or the Federal Risk and Authorization Management Program, sets the cybersecurity benchmark for cloud services and solutions provided to the U.S. government. This framework is crucial for vendors that need to meet stringent security requirements, or provided as Software as a Service (SaaS). In the case of CloudBees our offerings are self hosted either in the cloud or on premise. Due to this CloudBees is not held to the FedRAMP accreditation levels however we do harden our software to comply with many FedRAMP guidelines.
Key Features of FedRAMP Security Controls
Tiered Security Levels: FedRAMP categorizes its security measures into three impact levels—low, moderate, and high—tailored to the sensitivity of data handled. This ensures appropriate protection is applied, matching the potential risk.
FedRAMP High
This level applies to systems and data that involve the processing, storage, or transmission of sensitive information, such as personally identifiable information (PII) or national security data.
FedRAMP Moderate
Systems at this level handle information not publicly accessible but does not require the same level of protection as FedRAMP High. This includes data like internal operations or information that protects against unauthorized disclosure.
FedRAMP Low
Systems that process, store, or transmit publicly available information or public data. Security controls at this level focus on ensuring the integrity and availability of the data, with fewer requirements for confidentiality.
Each level of FedRAMP defines a set of security controls and requirements
Tailored to the sensitivity and impact of the data and systems being managed ensuring appropriate protection while facilitating the use of cloud services by federal agencies.
Security Measures
From access control, incident response, system integrity and physical security, FedRAMP's security controls cover all bases. These are designed to safeguard against unauthorized access, ensure reliability, and protect against hazards.
Rigorous Assessment
Achieving FedRAMP authorization is a meticulous process, evaluated by independent third-party organizations. CSPs must demonstrate full compliance with the relevant security controls to be deemed fit for federal use.
Why It Matters
For federal agencies, FedRAMP authorization means trust and reliability in their cloud services, knowing they meet stringent security standards. It opens the door to providing services to the federal government, assuming they can meet these high benchmarks
Security Compliance
CloudBees is committed to security compliance by aligning its solutions with FedRAMP standards, including robust controls for data protection, and access management, enhancing the security posture of their operational environments.
Adhering to Security Levels
Each implementation of CloudBees is tailored to meet/exceed the security requirements of the customer ensuring data is handled with the appropriate level of sensitivity whether at rest or transit within the solution.
CloudBees Status
For agencies focused on security and seek FedRAMP levels of security, CloudBees offers a self hosted cloud native install adhering to security best practices and the standards of the DoD’s Iron Bank
Security Best Practices
CloudBees products maintain the highest level of security and compliance to orchestrate and automate critical systems for our customers.
