Compliance

FedRAMP


Virtustream has a strong presence in the public sector and has implemented measures to certify its cloud services for government programs in the United States (US). Virtustream Federal Cloud is a FedRAMP-authorized IaaS solution based on the security controls in NIST 800-53. It is rated at an impact level of FedRAMP Moderate. The Virtustream Federal Cloud has been assessed by an independent third party assessor (3PAO) and is continuously monitored to remain compliant.

Virtustream cloud services subject to FedRAMP commitments include:

  • Virtustream Federal Cloud

Region: United States

About FedRAMP

The Federal Information Security Management Act of 2002 (FISMA) is a United States federal law that requires each federal agency to develop, document, and implement an agency-wide program to provide information security for the information and information systems that support the operations and assets of the agency, including those provided or managed by third partys such as a cloud service provider. The act recognized the importance of information security to the economic and national security interests of the United States.

The Federal Risk Authorization Management Program (FedRAMP) refers to a United States (US) government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. FedRAMP applies to US federal, state, and local governments, and federally funded research and development centers.

Both FedRAMP and FISMA use the NIST SP 800-53 security controls. The FedRAMP security controls are based on NIST SP 800-53 Rev. 4 baselines and contain controls above the NIST baseline that address the unique elements of cloud computing.