IBM Cloud® compliance: FedRAMP
Illustration showing a person interacting with a computer interface, around which are a security shield and a small government building
What is FedRAMP?

The Federal Risk and Authorization Management Program (FedRAMP) was created to provide a standardized approach for assessing the security of cloud computing services—under the Federal Information Security Management Act (FISMA)—for use by U.S. government departments and agencies. Any cloud service that will be used by a federal government agency must be FedRAMP-authorized, either through a Joint Authorization Board (JAB) provisional authorization (P-ATO) or by an Agency accreditation (ATO), and must be assessed by a third-party assessment organization (3PAO).

FedRAMP authorization is granted at three security Impact Levels (IL): Low, Moderate and High—based on the impact that data loss, including privacy data, would have upon an organization—with increasingly strict controls required for each level. FedRAMP High authorization is the highest level of authorization.

IBM position

IBM Cloud for Government (IC4G) and IBM SmartCloud® for Government (SCG) meet FedRAMP High security standards.

IBM Service Descriptions (SDs) indicate if a given offering maintains FedRAMP compliance status. Services below are assessed each year.

View the IBM Cloud for Government authorization (link resides outside

View the IBM Smart Cloud for Government authorization (link resides outside

Take the next step

Questions about a compliance program? Need a protected compliance report? We can help.

See more compliance programs