While these installs are self hosted and don’t require FedRAMP accreditation they do come with a certification to field from the USAF. Along with that certification, vulnerability assessments and health scores for vendor tools are public within the Iron Bank.
As part of our commitment to security and compliance, we have initiated a project to make a version of CloudBees CI for Modern Cloud Platforms FIPS 140-2 compliant. FIPS 140-2 is a federal security standard established by the National Institute of Standards and Technology (NIST) that specifies the security requirements for cryptographic modules. Achieving FIPS 140-2 compliance involves ensuring that cryptographic algorithms and modules used within CloudBees CI for Modern Cloud Platforms meet the rigorous security standards outlined by NIST. This version of the product is intended for use by U.S. federal entities in addition to contractors or service providers working on behalf of the government
CloudBees intends to pursue FEDRamp authorization for applicable products as part of its strategic roadmap to serve federal clients. Details are confidential at this stage.