[Fundamentals] Added page for FedRAMP High In Process products #25913
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change | ||||
|---|---|---|---|---|---|---|
| @@ -0,0 +1,66 @@ | ||||||
| --- | ||||||
| pcx_content_type: reference | ||||||
| title: FedRAMP Status | ||||||
| --- | ||||||
|
|
||||||
| ## FedRAMP High "In-Process" | ||||||
|
|
||||||
| The following products are are under FedRAMP High "In-Process" status. Any exceptions are denoted with a note or exception. | ||||||
|
|
||||||
| - Zero Trust Network Access | ||||||
| - **Exception:** Browser-based SSH and VNC is not supported. | ||||||
| - **Exception:** Storing SSH logs on Cloudflare is not supported. | ||||||
| - Advanced Certificate Manager | ||||||
|
There was a problem hiding this comment. Technically, this is part of SSL/TLS. |
||||||
| - Cloudflare Aegis | ||||||
| - AI Crawl Control | ||||||
| - Analytics, aka Cloudflare Analytics | ||||||
| - API Shield | ||||||
| - Email Security | ||||||
| - Argo Smart Routing | ||||||
| - Bots, aka Bot Management | ||||||
| - Browser Isolation | ||||||
| - CDN Cache | ||||||
| - **Exception:** Smart Tiered Cache is not supported. | ||||||
|
There was a problem hiding this comment. I think this exception should be in Tiered Cache. |
||||||
| - Cache Reserve | ||||||
| - Cloudflare for SaaS | ||||||
|
There was a problem hiding this comment. If it means the same as SSL for SaaS, it should be removed. |
||||||
| - Cloudflare Images | ||||||
| - Cloudflare Logs | ||||||
| - Cloudflare One | ||||||
| - Zero Trust Infrastructure Access | ||||||
| - Cloudflare Queues | ||||||
| - Cloudflare Spectrum | ||||||
|
There was a problem hiding this comment. Exception: BYOIP (Bring Your Own IP) service bindings and related CDN configurations are not supported; customers must use Spectrum HTTP/HTTPS applications to route FedRAMP traffic via the CDN. |
||||||
| - Cloudflare Stream | ||||||
| - Cloudflare Tunnel | ||||||
| - Cloudflare Turnstile | ||||||
| - Cloudflare WARP client | ||||||
| - **Exception:** Directly route Microsoft 365 traffic is not supported. | ||||||
| - **Note:** Users will need to exempt a new of of IPs in their firewall. | ||||||
| - Cloudflare Workers | ||||||
| - Cloudflare Workers KV | ||||||
| - Cloudflare Zero Trust | ||||||
| - **Note:** Third-party integrations will appear in the FedRAMP Zero Trust dashboard, but users will need to indpendently verify their integrations are FedRAMP High compliant. | ||||||
|
There was a problem hiding this comment.
Suggested change
|
||||||
| - CASB, aka Cloud Access Security Broker | ||||||
| - Customer Metadata Boundary | ||||||
| - Data Loss Prevention (DLP) | ||||||
| - Data Localization Suite | ||||||
| - DDoS Protection | ||||||
| - DNS | ||||||
| - Cloudflare Durable Objects | ||||||
| - Cloudflare Gateway | ||||||
| - Hyperdrive | ||||||
| - Load Balancing | ||||||
| - **Exception:** Geo-steering is not supported. Only "FedRAMP High" and "FedRAMP High – All Datacenters" are supported as options for health monitoring regions. | ||||||
| - Magic Firewall | ||||||
| - Magic Network Monitoring | ||||||
| - Magic Transit | ||||||
| - Magic WAN | ||||||
| - Network Interconnect | ||||||
| - Page Shield | ||||||
| - R2 Object Storage | ||||||
| - Rate Limiting | ||||||
| - SSL/TLS | ||||||
|
There was a problem hiding this comment. There are several exceptions within the SSL/TLS offerings. |
||||||
| - Tiered Cache | ||||||
| - Video Stream Delivery | ||||||
| - WAF | ||||||
|
There was a problem hiding this comment. Not all WAF components are FedRAMP High "In-Process" — only the following components:
Besides these components, also "Rate Limiting", which is already in the list as a separate entry (line 60). |
||||||
| - Waiting Room | ||||||
|
There was a problem hiding this comment. Exception: Custom hostnames are not supported for FedRAMP High. |
||||||
| - Web Analytics | ||||||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
technically SSH logs are part of Zero Trust Infrastructure Access