FedRAMP Low Compliance Report

Overview

This report performs a technical assessment of your AWS environment against the FedRAMP Low compliance standard. FedRAMP (Federal Risk and Authorization Management Program) is a U.S. government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. The Low baseline is designed for cloud systems that handle low-impact data and still require robust foundational security controls.

This assessment evaluates your environment based on the following grouped controls:

Access Control (AC)

• AC-2 – Account Management
• AC-3 – Access Enforcement
• AC-17 – Remote Access

Audit and Accountability (AU)

• AU-2 – Audit Events
• AU-9 – Protection of Audit Information
• AU-11 – Audit Record Retention

Security Assessment and Authorization (CA)

• CA-7 – Continuous Monitoring

Configuration Management (CM)

• CM-2 – Baseline Configuration
• CM-8 – Information System Component Inventory

Contingency Planning (CP)

• CP-9 – Information System Backup
• CP-10 – Recovery and Reconstitution

Identification and Authentication (IA)

• IA-2 – Identification and Authentication (Organizational Users)

Incident Response (IR)

• IR-4 – Incident Handling

System and Services Acquisition (SA)

• SA-3 – System Development Life Cycle

System and Communications Protection (SC)

• SC-5 – Denial of Service Protection
• SC-7 – Boundary Protection
• SC-12 – Cryptographic Key Establishment and Management
• SC-13 – Use of Cryptography

The assessment covers many AWS services, including IAM, EC2, CloudTrail, S3, and Security Hub.

Upon completion, you will receive a detailed report identifying all passed and failed resources, along with actionable remediation steps to help you achieve compliance with the FedRAMP Low technical recommendations.