You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The Federal Risk and Authorization Management Program (FedRAMP) is a U.S. Federal government program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. FedRAMP leverages a standardized set of requirements, established in accordance with the Federal Information Security Management Act (FISMA), to improve consistency and confidence in the security of cloud solutions. The FedRAMP program helps U.S. Federal government agencies to accelerate their adoption of secure cloud solutions across their organization through the reuse of FedRAMP security packages.
13
+
The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide program that promotes the adoption of secure cloud services across the federal government by providing a standardized approach to security and risk assessment for cloud technologies and federal agencies. FedRAMP uses the National Institutes of Standards & Technology Special Publication (NIST SP) 800 series and requires cloud service providers to complete an independent security assessment conducted by an accredited third-party assessment organization (3PAO) to ensure that authorizations are compliant with the Federal Information Security Management Act of 2002 (FISMA 2002).
14
14
15
-
New Relic supports U.S. Federal government customers and is responsible for implementing and complying with the requirements established by the FedRAMP program. New Relic maintains a FedRAMP Moderate certification, see [New Relic Attains FedRAMP Moderate Impact for SaaS Services](https://newrelic.com/solutions/industry/public-sector).
15
+
New Relic has met the FedRAMP security control requirements as described in the NIST SP 800-53, Rev. 5 security control baseline for **Moderate** impact levels, has been assessed by an independent 3PAO, has posted its security package in FedRAMP's secure repository, and maintains a FedRAMP Moderate authorization, see [New Relic Attains FedRAMP Moderate Impact for SaaS Services](https://newrelic.com/solutions/industry/public-sector). Federal agencies are responsible for reviewing New Relic's security package, including shared responsibility details, and issuing their own Authority to Operate (ATO) decision.
16
16
17
-
As a part of New Relic's FedRAMP Moderate certification, New Relic has produced a FedRAMP Customer Implementation Summary/Customer Responsibility Matrix (CIS/CRM) that delineates the shared security and privacy responsibilities of New Relic and its Customers (for example, federal agencies).
17
+
As a part of achieving a FedRAMP Moderate authorization, New Relic has produced a FedRAMP Customer Implementation Summary/Customer Responsibility Matrix (CIS/CRM) that delineates the shared security and privacy responsibilities between New Relic and its Customers (for example, federal agencies). Download our New Relic FedRAMP Customer Responsibility Matrix (CRM) as an [XLSX](https://github.com/newrelic/docs-website/raw/develop/src/content/docs/security/security-privacy/compliance/certificates-standards-regulations/New-Relic-Observability-Platform-Public-CRM-Matrix.xlsx) file (70 KB) or as a [PDF](https://github.com/newrelic/docs-website/raw/develop/src/content/docs/security/security-privacy/compliance/certificates-standards-regulations/New-Relic-Observability-Platform-Public-CRM-Matrix.pdf) file (176KB) to understand your specific implementation responsibilities. This document outlines the security controls that customers will need to engineer, design, define and implement in order to be in compliance with the FedRAMP baseline and to help customers achieve and maintain their ATO.
18
18
19
-
***CIS:** This summarizes the implementation status of each control and the party responsible for maintaining that control, whether the Customer is fully responsible for the control, partially inherits the control (there are some customer responsibilities), or the control is fully implemented by New Relic (no responsibilities for the customer).
20
-
21
-
***CRM:** This provides details for a customer of what their responsibilities are for a given control, including responsibilities for optional services (applicable depending on which services the customer acquires). For more information about shared responsibility, download our New Relic FedRAMP CRM worksheet as an [XLSX](https://github.com/newrelic/docs-website/raw/develop/src/content/docs/security/security-privacy/compliance/certificates-standards-regulations/New-Relic-Observability-Platform-CRM.xlsx) file (70 KB) or as a [PDF](https://github.com/newrelic/docs-website/raw/develop/src/content/docs/security/security-privacy/compliance/certificates-standards-regulations/New-Relic-Observability-Platform-Moderate-CRM-Worksheet.pdf) file (176KB).
22
-
23
-
For access to the complete New Relic CIS/CRM workbook and other FedRAMP security package documents, please complete and submit a FedRAMP Package Request Form, see [New Relic](https://marketplace.fedramp.gov/products/F1607057910) on the FedRAMP marketplace.
19
+
For access to the New Relic security package and the entire New Relic CIS/CRM matrix, U.S. government employees and contractors can sign and submit the FedRAMP Package Request Form from the [New Relic FedRAMP Marketplace](https://marketplace.fedramp.gov/products/F1607057910) to [email protected].
24
20
25
21
## Applicable document by service [#applicable-services]
0 commit comments