[Fundamentals] Added page for FedRAMP High In Process products #25913
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change | ||||||
|---|---|---|---|---|---|---|---|---|
| @@ -0,0 +1,66 @@ | ||||||||
| --- | ||||||||
| pcx_content_type: reference | ||||||||
| title: FedRAMP Status | ||||||||
| --- | ||||||||
|
|
||||||||
| ## FedRAMP High "In-Process" | ||||||||
|
|
||||||||
| The following products are are under FedRAMP High "In-Process" status. Any exceptions are denoted with a note or exception. | ||||||||
|
|
||||||||
| - Zero Trust Network Access | ||||||||
| - **Exception:** Browser-based SSH and VNC is not supported. | ||||||||
| - **Exception:** Storing SSH logs on Cloudflare is not supported. | ||||||||
| - Advanced Certificate Manager | ||||||||
|
Contributor
There was a problem hiding this comment. Technically, this is part of SSL/TLS. |
||||||||
| - Cloudflare Aegis | ||||||||
| - AI Crawl Control | ||||||||
| - Analytics, aka Cloudflare Analytics | ||||||||
| - API Shield | ||||||||
| - Email Security | ||||||||
| - Argo Smart Routing | ||||||||
| - Bots, aka Bot Management | ||||||||
| - Browser Isolation | ||||||||
| - CDN Cache | ||||||||
| - **Exception:** Smart Tiered Cache is not supported. | ||||||||
|
Contributor
There was a problem hiding this comment. I think this exception should be in Tiered Cache. |
||||||||
| - Cache Reserve | ||||||||
| - Cloudflare for SaaS | ||||||||
|
Contributor
There was a problem hiding this comment. If it means the same as SSL for SaaS, it should be removed. |
||||||||
| - Cloudflare Images | ||||||||
| - Cloudflare Logs | ||||||||
| - Cloudflare One | ||||||||
| - Zero Trust Infrastructure Access | ||||||||
| - Cloudflare Queues | ||||||||
| - Cloudflare Spectrum | ||||||||
|
Contributor
There was a problem hiding this comment. Exception: BYOIP (Bring Your Own IP) service bindings and related CDN configurations are not supported; customers must use Spectrum HTTP/HTTPS applications to route FedRAMP traffic via the CDN. |
||||||||
| - Cloudflare Stream | ||||||||
| - Cloudflare Tunnel | ||||||||
| - Cloudflare Turnstile | ||||||||
| - Cloudflare WARP client | ||||||||
| - **Exception:** Directly route Microsoft 365 traffic is not supported. | ||||||||
|
Contributor
There was a problem hiding this comment.
Suggested change
Contributor
There was a problem hiding this comment. The M365 preconfigured split tunnel feature is supported in FedRamp dash but we want to warn customers to be responsible and verify all the IPs are what they want to exclude. The recommendation to manually exclude IPs they need in Fedramp is right. The M365 feature note we have in the dashboard for reference is: Note: You must confirm excluded IPs are FedRAMP Authorized before directly routing Microsoft 365 traffic.
Contributor
There was a problem hiding this comment. updated the proposed text to: |
||||||||
| - **Note:** Users will need to exempt a new of of IPs in their firewall. | ||||||||
|
Contributor
There was a problem hiding this comment.
Suggested change
|
||||||||
| - Cloudflare Workers | ||||||||
| - Cloudflare Workers KV | ||||||||
| - Cloudflare Zero Trust | ||||||||
| - **Note:** Third-party integrations will appear in the FedRAMP Zero Trust dashboard, but users will need to indpendently verify their integrations are FedRAMP High compliant. | ||||||||
|
Contributor
There was a problem hiding this comment.
Suggested change
|
||||||||
| - CASB, aka Cloud Access Security Broker | ||||||||
| - Customer Metadata Boundary | ||||||||
| - Data Loss Prevention (DLP) | ||||||||
| - Data Localization Suite | ||||||||
| - DDoS Protection | ||||||||
|
Contributor
There was a problem hiding this comment.
Suggested change
|
||||||||
| - DNS | ||||||||
| - Cloudflare Durable Objects | ||||||||
| - Cloudflare Gateway | ||||||||
| - Hyperdrive | ||||||||
| - Load Balancing | ||||||||
| - **Exception:** Geo-steering is not supported. Only "FedRAMP High" and "FedRAMP High – All Datacenters" are supported as options for health monitoring regions. | ||||||||
| - Magic Firewall | ||||||||
| - Magic Network Monitoring | ||||||||
| - Magic Transit | ||||||||
| - Magic WAN | ||||||||
| - Network Interconnect | ||||||||
| - Page Shield | ||||||||
| - R2 Object Storage | ||||||||
| - Rate Limiting | ||||||||
| - SSL/TLS | ||||||||
|
Contributor
There was a problem hiding this comment. There are several exceptions within the SSL/TLS offerings. |
||||||||
| - Tiered Cache | ||||||||
| - Video Stream Delivery | ||||||||
| - WAF | ||||||||
|
Contributor
There was a problem hiding this comment. Not all WAF components are FedRAMP High "In-Process" — only the following components:
Besides these components, also "Rate Limiting", which is already in the list as a separate entry (line 60). |
||||||||
| - Waiting Room | ||||||||
|
Contributor
There was a problem hiding this comment. Exception: Custom hostnames are not supported for FedRAMP High. |
||||||||
| - Web Analytics | ||||||||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
technically SSH logs are part of Zero Trust Infrastructure Access
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Think this is probably OK since Access for Infra is underneath Access' umbrella