Skip to content

[Fundamentals] Added page for FedRAMP High In Process products #25913

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: production
Choose a base branch
from
Open

[Fundamentals] Added page for FedRAMP High In Process products #25913

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
66 changes: 66 additions & 0 deletions src/content/docs/fundamentals/reference/fedramp.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,66 @@
---
pcx_content_type: reference
title: FedRAMP Status
---

## FedRAMP High "In-Process"

The following products are are under FedRAMP High "In-Process" status. Any exceptions are denoted with a note or exception.

- Zero Trust Network Access
- **Exception:** Browser-based SSH and VNC is not supported.
- **Exception:** Storing SSH logs on Cloudflare is not supported.
- Advanced Certificate Manager
- Cloudflare Aegis
- AI Crawl Control
- Analytics, aka Cloudflare Analytics
- API Shield
- Email Security
- Argo Smart Routing
- Bots, aka Bot Management
- Browser Isolation
- CDN Cache
- **Exception:** Smart Tiered Cache is not supported.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this exception should be in Tiered Cache.

- Cache Reserve
- Cloudflare for SaaS
- Cloudflare Images
- Cloudflare Logs
- Cloudflare One
- Zero Trust Infrastructure Access
- Cloudflare Queues
- Cloudflare Spectrum
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Exception: BYOIP (Bring Your Own IP) service bindings and related CDN configurations are not supported; customers must use Spectrum HTTP/HTTPS applications to route FedRAMP traffic via the CDN.

- Cloudflare Stream
- Cloudflare Tunnel
- Cloudflare Turnstile
- Cloudflare WARP client
- **Exception:** Directly route Microsoft 365 traffic is not supported.
- **Note:** Users will need to exempt a new of of IPs in their firewall.
- Cloudflare Workers
- Cloudflare Workers KV
- Cloudflare Zero Trust
- **Note:** Third-party integrations will appear in the FedRAMP Zero Trust dashboard, but users will need to indpendently verify their integrations are FedRAMP High compliant.
- CASB, aka Cloud Access Security Broker
- Customer Metadata Boundary
- Data Loss Prevention (DLP)
- Data Localization Suite
- DDoS Protection
- DNS
- Cloudflare Durable Objects
- Cloudflare Gateway
- Hyperdrive
- Load Balancing
- **Exception:** Geo-steering is not supported. Only "FedRAMP High" and "FedRAMP High – All Datacenters" are supported as options for health monitoring regions.
- Magic Firewall
- Magic Network Monitoring
- Magic Transit
- Magic WAN
- Network Interconnect
- Page Shield
- R2 Object Storage
- Rate Limiting
- SSL/TLS
- Tiered Cache
- Video Stream Delivery
- WAF
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not all WAF components are FedRAMP High "In-Process" — only the following components:

  • Malicious uploads detection
  • Leaked credentials detection
  • The following managed rulesets:
    • Cloudflare Managed Ruleset
    • Sensitive Data Detection
    • OWASP Core Ruleset
    • Free Managed Ruleset

Besides these components, also "Rate Limiting", which is already in the list as a separate entry (line 60).

- Waiting Room
- Web Analytics