CloudBees FedRAMP Status

Understanding FedRAMP Authorization and Security Requirements

FedRAMP, or the Federal Risk and Authorization Management Program, sets the cybersecurity benchmark for cloud services and solutions provided to the U.S. government. This framework is crucial for vendors that need to meet stringent security requirements, or provided as Software as a Service (SaaS). In the case of CloudBees our offerings are self hosted either in the cloud or on premise. Due to this CloudBees is not held to the FedRAMP accreditation levels however we do harden our software to comply with many FedRAMP guidelines.

Key Features of FedRAMP Security Controls

Tiered Security Levels: FedRAMP categorizes its security measures into three impact levels—low, moderate, and high—tailored to the sensitivity of data handled. This ensures appropriate protection is applied, matching the potential risk.

  • FedRAMP High

    This level applies to systems and data that involve the processing, storage, or transmission of sensitive information, such as personally identifiable information (PII) or national security data.

  • FedRAMP High

    Systems at this level handle information not publicly accessible but does not require the same level of protection as FedRAMP High. This includes data like internal operations or information that protects against unauthorized disclosure.

  • FedRAMP Low

    Systems that process, store, or transmit publicly available information or public data. Security controls at this level focus on ensuring the integrity and availability of the data, with fewer requirements for confidentiality.

Media: FedRAMP logo image

Each level of FedRAMP defines a set of security controls and requirements tailored to the sensitivity and impact of the data and systems being managed, ensuring appropriate protection while facilitating the use of cloud services by federal agencies.

  • Security Measures

    From access control, incident response, system integrity and physical security, FedRAMP's security controls cover all bases. These are designed to safeguard against unauthorized access, ensure reliability, and protect against hazards.

  • Rigorous Assessment

    Achieving FedRAMP authorization is a meticulous process, evaluated by independent third-party organizations. CSPs must demonstrate full compliance with the relevant security controls to be deemed fit for federal use.

FedRamp CloudBees status image

Why It Matters

For federal agencies, FedRAMP authorization means trust and reliability in their cloud services, knowing they meet stringent security standards. It opens the door to providing services to the federal government, assuming they can meet these high benchmarks

  • Security Compliance

    CloudBees is committed to security compliance by aligning its solutions with FedRAMP standards, including robust controls for data protection, and access management, enhancing the security posture of their operational environments.

  • Adhering to Security Levels

    Each implementation of CloudBees is tailored to meet/exceed the security requirements of the customer ensuring data is handled with the appropriate level of sensitivity whether at rest or transit within the solution.

FedRAMP Agency Process image

CloudBees Status

For agencies focused on security and seek FedRAMP levels of security, CloudBees offers a self hosted cloud native install adhering to security best practices and the standards of the DoD’s Iron Bank to ensure CloudBees products maintain the highest level of security and compliance to orchestrate and automate critical systems for our customers.  While these installs are self hosted and don’t require FedRAMP accreditation they do come with a certification to field from the USAF.  Along with that certification, vulnerability assessments and health scores for vendor tools are public within the Iron Bank.

As part of our commitment to security and compliance, we have initiated a project to make a version of CloudBees CI for Modern Cloud Platforms FIPS 140-2 compliant. FIPS 140-2 is a federal security standard established by the National Institute of Standards and Technology (NIST) that specifies the security requirements for cryptographic modules. Achieving FIPS 140-2 compliance involves ensuring that cryptographic algorithms and modules used within CloudBees CI for Modern Cloud Platforms meet the rigorous security standards outlined by NIST. This version of the product is intended for use by U.S. federal entities in addition to contractors or service providers working on behalf of the government

CloudBees intends to pursue FEDRamp authorization for applicable products as part of its strategic roadmap to serve federal clients. Details are confidential at this stage.