[Verse 1] When you're building systems for the government's defense FedRAMP authorization makes the compliance sense Low for public data, Moderate for most High for national security, that's what matters most DoD maps their levels two through six in line With FedRAMP's framework, keeping data fine [Chorus] Low Moderate High, know your authorization Shared responsibility, cloud configuration You own the data, apps, and access control CSP handles infrastructure, that's their role Monitor continuous, scan and update FedRAMP in the cloud, don't hesitate [Verse 2] Shared responsibility splits the compliance load Cloud provider secures the underlying code Physical security, network infrastructure too Hypervisor patching, that's what they do for you But you still own identity, encryption keys Operating systems, applications if you please [Chorus] Low Moderate High, know your authorization Shared responsibility, cloud configuration You own the data, apps, and access control CSP handles infrastructure, that's their role Monitor continuous, scan and update FedRAMP in the cloud, don't hesitate [Verse 3] GovCloud regions keep your data state-side AWS GovCloud, Azure Government pride Google's Assured Workloads for compliance needs Isolated environments where security feeds US persons only with the clearance right Keeping federal data safe day and night [Bridge] Vulnerability scanning monthly at least POA and M updates, never cease Inherit those controls from your CSP's pack Reference their SSP, stay on track Continuous monitoring never sleeps Assessment and authorization, the cycle repeats [Chorus] Low Moderate High, know your authorization Shared responsibility, cloud configuration You own the data, apps, and access control CSP handles infrastructure, that's their role Monitor continuous, scan and update FedRAMP in the cloud, don't hesitate [Outro] From IL-two to six, map it right FedRAMP authorization shining bright Cloud security shared but never ignored Defense infrastructure, properly secured
← 4 FIPS 140-2/140-3 Cryptography | 6 Container Supply Chain Security →