Compliance Frameworks

FedRAMP Low Revision 4

fedramp_low_revision_4_aws

18 Requirements

73 Checks

Description

The Federal Risk and Authorization Management Program (FedRAMP) was established in 2011. It provides a cost-effective, risk-based approach for the adoption and use of cloud services by the U.S. federal government. FedRAMP empowers federal agencies to use modern cloud technologies, with an emphasis on the security and protection of federal information.

Check your compliance status

prowler aws --compliance fedramp_low_revision_4_aws

Run in Prowler Cloud

Compliance Frameworks

FedRAMP Low Revision 4

Description

Compliance MetadataEdit

Check your compliance status

Requirements

Manage system accounts, group memberships, privileges, workflow, notifications, deactivations, and authorizations.26 Checks

The information system enforces approved authorizations for logical access to information and system resources in accordance with applicable access control policies.20 Checks

Authorize remote access systems prior to connection. Enforce remote connection requirements to information systems.21 Checks

The information system protects audit information and audit tools from unauthorized access, modification, and deletion.4 Checks

The organization retains audit records for at least 90 days to provide support for after-the-fact investigations of security incidents and to meet regulatory and organizational information retention requirements.1 Checks

Continuously monitor configuration management processes. Determine security impact, environment and operational risks.11 Checks

The organization develops, documents, and maintains under configuration control, a current baseline configuration of the information system.21 Checks

The organization provides for the recovery and reconstitution of the information system to a known state after a disruption, compromise, or failure.9 Checks

The information system uniquely identifies and authenticates organizational users (or processes acting on behalf of organizational users).6 Checks

The organization establishes and manages cryptographic keys for required cryptography employed within the information system in accordance with [Assignment: organization-defined requirements for key generation, distribution, storage, access, and destruction].2 Checks

The information system implements FIPS-validated or NSA-approved cryptography in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.4 Checks