Oracle Cloud Infrastructure (OCI) US Government Cloud offers many different tools that facilitate compliance with the Federal Risk and Authorization Management Program (FedRAMP).
As you know, there is no technical solution that guarantees an auditor will find an organization in compliance with any control. Satisfying these controls requires a “whole-of-organization” approach to security and compliance, one that combines people, policies, procedures, processes, and technologies to achieve results.
Utilizing these services, however, can significantly enhance your organization’s security and compliance posture while streamlining the audit and approval process. And that’s why we’ve made this guide, prepared in consultation with OCI personnel: to help cloud security architects, engineers, and compliance personnel select OCI services that facilitate compliance. You’ll learn how to use in-scope OCI services that may facilitate full or partial compliance at the individual control level.
Learn more: Achieve FedRAMP Compliance
Before You Use The Guide to OCI Services for FedRAMP High
When using this guide, we assume you have knowledge of the following documents published by the Program Management Office (PMO):
- https://www.fedramp.gov/assets/resources/documents/Agency_Authorization_Playbook.pdf
- https://www.fedramp.gov/assets/resources/documents/CSP_Authorization_Playbook_Getting_Started_with_FedRAMP.pdf
- https://www.fedramp.gov/assets/resources/documents/Agency_Package_Request_Form.pdf
- https://www.fedramp.gov/assets/resources/documents/Reusing_Authorizations_for_Cloud_Products_Quick_Guide.pdf
- https://www.oracle.com/industries/government/govcloud/fedramp-high-jab/
We recommend that organizations pursuing compliance familiarize themselves with these documents before utilizing the guide.
And finally, this guide is limited to providing advice on how to use OCI services within the OCI US Government Cloud to facilitate compliance with, and only with, the FedRAMP High security controls. This guidance is not directly portable to other comparable security compliance standards, which may have subtly different requirements and interpretations. Additionally, as of the time of this writing, this guidance applies only to the OCI US Government Cloud.
With all that out of the way, go ahead and download your In-Depth Guide to Oracle Services for FedRAMP High Baseline here:
38North Security can help you achieve compliance with many different frameworks. Get in touch with us today.
