FedRAMP does not apply to private cloud deployments. OMB M-24-15 defines the scope of FedRAMP as "cloud computing products and services (such as IaaS, Platform-as-a-Service (PaaS), and SaaS) that create, collect, process, store, or maintain Federal information on behalf of a Federal agency." The memorandum also describes categories of cloud computing products and services that are outside the scope of FedRAMP, including "Information systems that are only used for a single agency’s operations, hosted on cloud infrastructure or platform, and are not offered as a shared service or do not operate with a shared responsibility model."
Comments
0 comments
Please sign in to leave a comment.