diff --git a/src/content/docs/fundamentals/reference/fedramp.mdx b/src/content/docs/fundamentals/reference/fedramp.mdx new file mode 100644 index 00000000000000..5d513a378a1260 --- /dev/null +++ b/src/content/docs/fundamentals/reference/fedramp.mdx @@ -0,0 +1,77 @@ +--- +pcx_content_type: reference +title: FedRAMP Status +--- + +## FedRAMP High "In-Process" + +The following products are are under FedRAMP High "In-Process" status. Any exceptions are denoted with a note or exception. + +- Zero Trust Network Access + - **Exception:** Browser-based SSH and VNC is not supported. + - **Exception:** Storing SSH logs on Cloudflare is not supported. +- Advanced Certificate Manager +- Cloudflare Aegis +- AI Crawl Control +- Analytics, aka Cloudflare Analytics +- API Shield +- Email Security +- Argo Smart Routing +- Bots, aka Bot Management +- Browser Isolation +- CDN Cache +- Cache Reserve +- Cloudflare for SaaS +- Cloudflare Images +- Cloudflare Logs +- Cloudflare One +- Zero Trust Infrastructure Access +- Cloudflare Queues +- Cloudflare Spectrum + - **Exception:** BYOIP (Bring Your Own IP) service bindings and related CDN configurations are not supported; customers must use Spectrum HTTP/HTTPS applications to route FedRAMP traffic via the CDN. +- Cloudflare Stream +- Cloudflare Tunnel +- Cloudflare Turnstile +- Cloudflare WARP client + - **Exception:** When using the [Directly route Microsoft 365 traffic](/cloudflare-one/team-and-resources/devices/warp/configure-warp/warp-settings/#directly-route-microsoft-365-traffic) feature, customers must independently verify that the excluded IPs are FedRAMP Authorized. + - **Note:** Customers will need to exempt a new set of IPs in their firewall. Refer to the FedRAMP High requirements listed in the [WARP with firewall](/cloudflare-one/team-and-resources/devices/warp/deployment/firewall/) documentation. +- Cloudflare Workers +- Cloudflare Workers KV +- Cloudflare Zero Trust + - **Note:** Third-party integrations will appear in the Cloudflare One dashboard, but users will need to indpendently verify their integrations are FedRAMP High compliant. +- CASB, aka Cloud Access Security Broker +- Customer Metadata Boundary +- Data Loss Prevention (DLP) +- Data Localization Suite +- DDoS Protection + - **Exception:** Adaptive rules from HTTP and Network-layer DDoS Protection Managed Ruleset are not supported. +- DNS +- Cloudflare Durable Objects +- Cloudflare Gateway +- Hyperdrive +- Load Balancing + - **Exception:** Geo-steering is not supported. Only "FedRAMP High" and "FedRAMP High – All Datacenters" are supported as options for health monitoring regions. +- Magic Firewall +- Magic Network Monitoring +- Magic Transit +- Magic WAN +- Network Interconnect +- Page Shield +- R2 Object Storage +- Rate Limiting +- SSL/TLS +- Tiered Cache + - **Exception:** Smart Tiered Cache is not supported. +- Video Stream Delivery +- WAF + - **Exception:** Only the following WAF components are under FedRAMP High "In-Process" status: + - Malicious uploads detection + - Leaked credentials detection + - The following managed rulesets: + - Cloudflare Managed Ruleset + - Sensitive Data Detection + - OWASP Core Ruleset + - Free Managed Ruleset +- Waiting Room + - **Exception:** Custom hostnames are not supported by FedRAMP High. +- Web Analytics \ No newline at end of file