1. Assessment Phase

  • FedRAMP Moderate Compliance Assessment Execution
20 Credits

FedRAMP Moderate Compliance Report

Overview

This report performs a technical assessment of your AWS environment against the FedRAMP Moderate compliance standard. FedRAMP (Federal Risk and Authorization Management Program) provides a standardized security framework for cloud services used by U.S. federal agencies. The Moderate baseline is intended for systems that handle Controlled Unclassified Information (CUI) and requires enhanced security controls to protect the confidentiality, integrity, and availability of federal data.

This assessment evaluates your environment based on a broad set of technical controls, grouped by category:

Access Control (AC)

  • AC-2, AC-2(1), AC-2(3), AC-2(4), AC-2(12)(a), AC-2(f), AC-2(g), AC-2(j)
  • AC-3, AC-4, AC-5(c), AC-6, AC-6(10), AC-17(1), AC-17(2), AC-21(b)

Audit and Accountability (AU)

  • AU-2(a)(d), AU-3, AU-6(1)(3), AU-7(1), AU-9, AU-9(2), AU-11, AU-12(a)(c)

Security Assessment and Authorization (CA)

  • CA-7(a)(b)

Configuration Management (CM)

  • CM-2, CM-7(a), CM-8(1), CM-8(3)(a)

Contingency Planning (CP)

  • CP-9(b), CP-10

Identification and Authentication (IA)

  • IA-2, IA-2(1), IA-2(1)(2), IA-5(1)(a)(d)(e), IA-5(4), IA-5(7)

Incident Response (IR)

  • IR-4(1), IR-6(1), IR-7(1)

Risk Assessment (RA)

  • RA-5

System and Services Acquisition (SA)

  • SA-3(a), SA-10

System and Communications Protection (SC)

  • SC-2, SC-4, SC-5, SC-7, SC-7(3), SC-8, SC-8(1), SC-12, SC-13, SC-23, SC-28

System and Information Integrity (SI)

  • SI-2(2), SI-4(a)(b)(c), SI-4(1), SI-4(2), SI-4(4), SI-4(5), SI-4(16), SI-7, SI-7(1), SI-12

The assessment covers many AWS services, including IAM, EC2, CloudTrail, KMS, and Security Hub.

Upon completion, you will receive a detailed report identifying all passed and failed resources, along with actionable remediation steps to help you achieve compliance with the FedRAMP Moderate technical recommendations.