[Fundamentals] Added page for FedRAMP High In Process products #25913
Conversation
|
This pull request requires reviews from CODEOWNERS as it changes files that match the following patterns:
|
|
Preview URL: https://f98c3197.preview.developers.cloudflare.com Files with changes (up to 15)
|
| - Bots, aka Bot Management | ||
| - Browser Isolation | ||
| - CDN Cache | ||
| - **Exception:** Smart Tiered Cache is not supported. |
There was a problem hiding this comment.
I think this exception should be in Tiered Cache.
| - Page Shield | ||
| - R2 Object Storage | ||
| - Rate Limiting | ||
| - SSL/TLS |
There was a problem hiding this comment.
There are several exceptions within the SSL/TLS offerings.
| - CDN Cache | ||
| - **Exception:** Smart Tiered Cache is not supported. | ||
| - Cache Reserve | ||
| - Cloudflare for SaaS |
There was a problem hiding this comment.
If it means the same as SSL for SaaS, it should be removed.
| - Zero Trust Network Access | ||
| - **Exception:** Browser-based SSH and VNC is not supported. | ||
| - **Exception:** Storing SSH logs on Cloudflare is not supported. | ||
| - Advanced Certificate Manager |
There was a problem hiding this comment.
Technically, this is part of SSL/TLS.
| - Cloudflare Workers | ||
| - Cloudflare Workers KV | ||
| - Cloudflare Zero Trust | ||
| - **Note:** Third-party integrations will appear in the FedRAMP Zero Trust dashboard, but users will need to indpendently verify their integrations are FedRAMP High compliant. |
There was a problem hiding this comment.
| - **Note:** Third-party integrations will appear in the FedRAMP Zero Trust dashboard, but users will need to indpendently verify their integrations are FedRAMP High compliant. | |
| - **Note:** Third-party integrations will appear in the Cloudflare One dashboard, but customers will need to independently verify their integrations are FedRAMP High compliant. |
| - Cloudflare Turnstile | ||
| - Cloudflare WARP client | ||
| - **Exception:** Directly route Microsoft 365 traffic is not supported. | ||
| - **Note:** Users will need to exempt a new of of IPs in their firewall. |
There was a problem hiding this comment.
| - **Note:** Users will need to exempt a new of of IPs in their firewall. | |
| - **Note:** Customers will need to exempt a new set of IPs in their firewall. Refer to the FedRAMP High requirements listed in the [WARP with firewall](/cloudflare-one/team-and-resources/devices/warp/deployment/firewall/) documentation. |
| - Cloudflare Tunnel | ||
| - Cloudflare Turnstile | ||
| - Cloudflare WARP client | ||
| - **Exception:** Directly route Microsoft 365 traffic is not supported. |
There was a problem hiding this comment.
| - **Exception:** Directly route Microsoft 365 traffic is not supported. | |
| - **Exception:** When using the [Directly route Microsoft 365 traffic](/cloudflare-one/team-and-resources/devices/warp/configure-warp/warp-settings/#directly-route-microsoft-365-traffic) feature, customers must independently verify that the excluded IPs are FedRAMP Authorized. |
There was a problem hiding this comment.
The M365 preconfigured split tunnel feature is supported in FedRamp dash but we want to warn customers to be responsible and verify all the IPs are what they want to exclude. The recommendation to manually exclude IPs they need in Fedramp is right.
The M365 feature note we have in the dashboard for reference is:
Note: You must confirm excluded IPs are FedRAMP Authorized before directly routing Microsoft 365 traffic.
There was a problem hiding this comment.
updated the proposed text to:
"When using the Directly route Microsoft 365 traffic feature, customers must independently verify that the excluded IPs are FedRAMP Authorized."
|
@wevans997-dev can you take a look at this? |
9 participants
Added page to list products that are under FedRAMP High In Process status. PCX-17927