< ciso
brief />
Tag Banner

All news with #fedramp tag

11 articles

Amazon Managed Service for Prometheus gains FedRAMP High

🛡️ Amazon Managed Service for Prometheus is now authorized for FedRAMP High and DoD CC SRG IL-4 and IL-5 in the AWS GovCloud (US) Regions. The fully managed, Prometheus-compatible monitoring service supports high-cardinality workloads with automatic scaling of ingestion and storage. It integrates with AWS security services to provide secure access to telemetry and alerting for regulated federal and public sector environments. Customers with FedRAMP High or DoD IL-4/5 requirements can adopt the service with confidence.
read more →

Bedrock models gain FedRAMP High and DoD IL-4/5 approval

🚨 Amazon Bedrock now offers OpenAI GPT, OpenAI GPT OSS, and NVIDIA Nemotron models approved for FedRAMP High and DoD CC SRG IL-4/IL-5 in AWS GovCloud (US), enabling compliant generative AI deployments for federal and public sector customers. These models run on Mantle, Bedrock’s distributed inference engine, providing serverless, high-performance inference with zero operator access and OpenAI API compatibility. Agencies and enterprises with stringent compliance needs can use Bedrock in GovCloud to build and scale secure AI applications.
read more →

Kiro Achieves FedRAMP High and DoD IL-4/IL-5 on AWS

🔒 Kiro is now authorized for FedRAMP High and DoD CC SRG Impact Levels 4 and 5 within the AWS GovCloud (US) Regions. This enables federal agencies and public sector organizations with stringent compliance requirements to adopt Kiro for sensitive workloads. Kiro combines an IDE and CLI for agentic AI-driven, spec-driven development, translating prompts into code, documentation, and tests. It also supports native MCP integration to connect with documentation, databases, APIs, and enterprise resources.
read more →

FedRAMP 20x and the rise of GRC engineering

🔍 The author argues that much of traditional compliance has become theatrical—focused on curated, point-in-time evidence rather than continuous operational truth. FedRAMP 20x and the broader GRC engineering movement push assurance toward automation, machine-readable evidence and continuous telemetry, shifting audits from static snapshots to ongoing validation. The writer recounts their organization’s FedRAMP 20x pilot, describing early setbacks as iterative learning rather than failure.
read more →

Check Point Achieves GovRAMP Authorization for Government

🛡️ Check Point has earned GovRAMP Authorization for the Check Point Infinity Platform for Government, extending its cloud security offering to U.S. federal, state, local, and tribal agencies. This follows its 2025 FedRAMP Authorization and is backed by prevention-first capabilities that ranked #1 in Miercom’s 2026 assessment. The authorization provides a vetted, consistent cybersecurity framework to support public-sector procurement and deployment. Organizations can expect unified protection with high effectiveness against phishing and AI-powered malware.
read more →

FedRAMP Clears Microsoft’s GCC High Despite Flaws, Concerns

🚨 An internal late-2024 government report reviewed by ProPublica found that Microsoft’s Government Community Cloud High lacked “proper detailed security documentation,” leaving evaluators with “a lack of confidence” in assessing the platform. One reviewer called the package “a pile of shit.” Despite those findings, FedRAMP authorized the product with a buyer-beware notice, a decision that helped Microsoft expand a multibillion-dollar federal cloud business.
read more →

AWS Launches VPC Encryption Controls in GovCloud US

🔒 AWS VPC Encryption Controls is now available in AWS GovCloud (US-East) and GovCloud (US-West). The feature lets security teams enable monitoring and enforcement of encryption in transit across existing VPCs, automatically identifying flows that permit plaintext. It transparently activates hardware-based AES-256 encryption across VPC resources (including Fargate, NLB, and ALB) and produces audit logs to help demonstrate compliance with standards such as HIPAA, PCI DSS, FedRAMP, and FIPS 140-2.
read more →

FedRAMP High: Falcon for XIoT Extends Federal Protection

🔒 CrowdStrike Falcon Platform for Government now includes Falcon for XIoT, delivering FedRAMP High–authorized visibility and protection for connected and operational technology assets. The solution provides native, zero‑touch XIoT asset discovery with deep protocol support and ICS vendor validation to preserve operational continuity across critical infrastructure. It also leverages AI-powered risk prioritization to surface and rank high‑risk conditions across converged IT/OT environments.
read more →

Gemini for Government: Secure, Scalable AI for Agencies

🚀 Gemini for Government packages Google’s Gemini models, secure commercial cloud services, and agentic AI tools into a FedRAMP High-authorized platform for the public sector. It is positioned to accelerate adoption of AI agents across defense, health, transportation, and research by offering enterprise-grade compliance and scalability. Early adopters include the Department of War’s GenAI.mil rollout, the FDA, and the Department of Transportation, and Google is offering webinars and downloadable agent toolkits to help agencies start building and deploying solutions today.
read more →

Google Public Sector: Year of AI-Driven Transformation 2025

🤖 Google Public Sector summarizes a year of AI, cloud, and security milestones, spotlighting Gemini for Government, Vertex AI, and FedRAMP High authorizations for productivity and analytics offerings. The post highlights DoD IL6 and CMMC Level 2 certifications, partnerships with DLA and GDIT, and large-scale deployments such as GenAI.mil. It emphasizes secure, agentic workflows, edge-capable deployments, and a focus on delivering accredited commercial cloud services to accelerate mission impact.
read more →

Amazon EKS Auto Mode Adds FIPS Support in GovCloud

🔐 Amazon Elastic Kubernetes Service (EKS) Auto Mode is now available in AWS GovCloud (US-East) and (US-West), automating compute, storage, and networking management for Kubernetes clusters. Its AMIs include FIPS-validated cryptographic modules to help meet FedRAMP-style requirements. EKS Auto Mode handles OS patching, leverages ephemeral compute to reduce persistent attack surface, and dynamically scales EC2 instances to optimize costs while maintaining availability; it supports clusters running Kubernetes 1.29 and later with no upfront fees.
read more →