Skip to content

Ultimate Governance, Risk &
Compliance  (GRC) Guides

What are the categories of FedRAMP compliance?

 

AI-powered. Integrated content.
Unique Hub & Spoke architecture.

What are the categories of FedRAMP compliance?

FedRAMP is the Federal Risk and Authorization Management Program, which is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. It was created to provide a consistent approach to security requirements and authorization processes to ensure that cloud solutions meet the security requirements of the federal government. The categories of FedRAMP compliance are based on the levels of impact that a security incident could have on an organization. There are four levels of impact: High, Moderate, Low, and Low-Impact Software-as-a-Service (LI-SaaS). At the highest level of impact, High, the loss of confidentiality, integrity, or availability could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals. This level of impact is usually applied to law enforcement, emergency services, financial, and health systems. At the Moderate level, the loss of confidentiality, integrity, or availability could be expected to have a serious adverse effect on organizational operations, organizational assets, or individuals. This is the most common level of impact, with nearly 80 percent of approved FedRAMP applications at this level. At the Low level, the loss of confidentiality, integrity, or availability could be expected to have a limited adverse effect on organizational operations, organizational assets, or individuals. Finally, the Low-Impact Software-as-a-Service (LI-SaaS) level is applied to systems that are low risk for uses like collaboration tools, project management applications, and tools that help develop open-source code. This category is also known as FedRAMP Tailored. The categories of FedRAMP compliance are based on the impact levels that could be expected from a security incident. Each category is designed to provide the appropriate level of security for the type of system and the potential impact of a security incident. High impact systems require the most stringent security measures, while Low-Impact Software-as-a-Service systems require the least. By categorizing systems based on the impact level, FedRAMP provides organizations with a consistent approach to security and authorization processes that ensure cloud solutions meet the security requirements of the federal government. .



6clicks is powered by AI and includes all the content you need.
Our unique 6clicks Hub & Spoke architecture makes it simple to use and deploy.

logo
logo
logo
logo
logo
logo

GET STARTED TODAY