FusionAuth
FedRAMP Compliance
FedRAMP Compliance
Problem
The software is not compliant with the requirements for FedRAMP authorization. This creates challenges for organizations that need to meet these federal security standards to adopt or continue using FusionAuth.
Solution
FusionAuth should explore becoming FedRAMP authorized and make it easier for federal agencies or organizations working in highly regulated sectors to adopt the platform.
We could also be listed on the FedRAMP marketplace: https://marketplace.fedramp.gov/
Alternatives/workarounds
- Become FIPS compliant (see #2905).
- There are vendors out there that can help us become FedRAMP authorized or let us deploy into their FedRAMP environments: https://uberether.com/ is one
Additional context
FedRAMP authorization validation are increasingly becoming critical compliance requirements for U.S. government agencies and contractors, which limits FusionAuth’s market potential in these sectors.
If we implement this, make sure to update the license FAQ: https://fusionauth.io/license-faq#46
Related issues
- https://github.com/FusionAuth/fusionauth-issues/issues/2905 (split off from this issue)
- https://github.com/FusionAuth/fusionauth-issues/issues/3226
Community guidelines
All issues filed in this repository must abide by the FusionAuth community guidelines.
How to vote
Please give us a thumbs up or thumbs down as a reaction to help us prioritize this feature. Feel free to comment if you have a particular need or comment on how this feature should work.
Splitting up https://github.com/FusionAuth/fusionauth-issues/issues/2905 since FedRAMP and FIPS are related, but not the same.