U.S. | Government and public sector

FedRAMP

The U.S. Federal Government established the Federal Risk and Authorization Management Program (FedRAMP), a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. All Federal agency cloud deployments and service models, other than certain on-premises private clouds, must meet FedRAMP requirements at the appropriate risk impact level (Low, Moderate, or High).

Google’s FedRAMP status is posted on the government’s website: FedRAMP Marketplace.

Google Cloud services and authorized regions that are covered by FedRAMP

Google Cloud Platform (GCP) services (FedRAMP High)

FedRAMP Package ID FR1805751477

*Note that all GCP services covered by FedRAMP High are also covered by FedRAMP Moderate

*Note: FedRAMP Moderate and FedRAMP High platforms implement controls restricting TLS 1.1/1.0 connections at the domain level.

App Engine

BigQuery

Cloud Bigtable

Cloud Console

Cloud Data Loss Prevention

Cloud DNS

Cloud HSM

Cloud Identity

Cloud Key Management Service

Cloud Logging

Cloud Spanner

Cloud SQL

Cloud Storage

Compute Engine

Container Registry

Dataflow

Dataproc

Firestore

Google Kubernetes Engine

Google Workspace Admin Console

Identity and Access Management

Memorystore

Persistent Disk

Pub/Sub

Virtual Private Cloud

Google Cloud Platform (GCP) services (FedRAMP Moderate)

FedRAMP Package ID FR1805751477

*Note that all GCP services covered by FedRAMP High are also covered by FedRAMP Moderate

*Note: FedRAMP Moderate and FedRAMP High platforms implement controls restricting TLS 1.1/1.0 connections at the domain level.

Access Context Manager

Access Transparency

AI Platform

AI Platform Training and Prediction API

Anthos Config Management

Anthos Service Mesh

Apigee

App Engine

Assured Workloads

AutoML Natural Language

AutoML Tables

AutoML Translation

AutoML Video Intelligence

AutoML Vision

BigQuery

BigQuery Data Transfer Service

Binary Authorization

Care Studio (Cloud Healthcare Search)

Certificate Authority Service

Cloud AI Notebooks

Cloud Bigtable

Cloud Billing API

Cloud Build

Cloud CDN

Cloud Composer

Cloud Console

Cloud Console Mobile App

Cloud Data Fusion

Cloud Data Loss Prevention

Cloud Debugger

Cloud Deployment Manager

Cloud DNS

Cloud Endpoints

Cloud External Key Manager

Cloud Functions

Cloud Healthcare API

Cloud HSM

Cloud Interconnect

Cloud Key Management Service

Cloud Life Sciences

Cloud Load Balancing

Cloud Logging

Cloud Monitoring

Cloud NAT

Cloud Natural Language API

Cloud Profiler

Cloud Router

Cloud Run

Cloud Shell

Cloud Source Repositories

Cloud Spanner

Cloud SQL

Cloud Storage

Cloud Tasks

Cloud Trace

Cloud Translation

Cloud Vision API

Cloud VPN

Compute Engine

Connect

Container Registry

Data Catalog

Dataflow

Datalab

Dataproc

Datastore

Dialogflow

Document AI

Error Reporting

Filestore

Firestore

Game Servers

Google Cloud Armor

Google Cloud CLI

Google Cloud Marketplace

Google Kubernetes Engine

Identity and Access Management

Identity Platform

Identity-Aware Proxy

IoT Core

Memorystore

Network Service Tiers

Persistent Disk

Pub/Sub

Resource Manager

Secret Manager

Security Command Center

Service Consumer Management

Service Control

Service Directory

Service Infrastructure

Service Management

Speech-to-Text

Storage Transfer Service

Talent Solution

Text-to-Speech

Video Intelligence API

Virtual Private Cloud

VPC Service Controls

Web Security Scanner

Google Workspace Editions (FedRAMP High)

*Note: FedRAMP Moderate and FedRAMP High platforms implement controls restricting TLS 1.1/1.0 connections at the domain level.

Google Workspace Enterprise Plus

Google Workspace Enterprise Standard

Google Workspace Business Plus

Google Workspace Business Standard

Google Workspace Editions (FedRAMP Moderate)

*Note: FedRAMP Moderate and FedRAMP High platforms implement controls restricting TLS 1.1/1.0 connections at the domain level.

Google Workspace Business Starter

Google Workspace for Education

Google Workspace for Education Fundamentals

Google Workspace for Education Plus

Google Workspace for Education Standard

Google Workspace Enterprise Essentials

Google Workspace Enterprise Plus

Google Workspace for Nonprofits

Google Workspace for Governments

Teaching & Learning Upgrade

Google Workspace (FedRAMP High)

FedRAMP Package ID F1206081364

*Note that Admin Console and Cloud Identity are now part of the Google Services package (FR1805751477)

*Note: FedRAMP Moderate and FedRAMP High platforms implement controls restricting TLS 1.1/1.0 connections at the domain level.

Calendar

Docs

Drive

Forms

Gmail

Google Chat

Google Meet

Keep

New Sites

Sheets

Slides

Vault

Google Workspace (FedRAMP Moderate)

FedRAMP Package ID F1206081364

*Note that Admin Console and Cloud Identity are now part of the Google Services package (FR1805751477)

*Note: FedRAMP Moderate and FedRAMP High platforms implement controls restricting TLS 1.1/1.0 connections at the domain level.

Android and Chrome Device Management

Chrome Sync (for Google Workspace for Education domains only)

Classroom

Cloud Search (including 3P)

Contacts

Docs APIs

Apps Activity API

Calendar API

Contacts API

Drive REST API (replaced Documents List API)

Gmail REST API (replaced Email Migration API)

Sheets API

Sites API

Tasks API

Drawings

Google Workspace Security Center (for Enterprise Plus and Google Workspace for Education Plus domains only)

Google Tasks

Groups for Business

Google Meet Live Stream

Google Voice

Jamboard

Secure LDAP

Authorized regions covered by FedRAMP

All GCP regions covered by FedRAMP High are also covered by FedRAMP Moderate

Las Vegas (us-west4) - FedRAMP High

Oregon (us-west1) - FedRAMP High

Los Angeles (us-west2) - FedRAMP High

Salt Lake City (us-west3) - FedRAMP High

Iowa (us-central1) - FedRAMP High

South Carolina (us-east1) - FedRAMP High

Northern Virginia (us-east4) - FedRAMP High

Montreal (northamerica-northeast1) - FedRAMP Moderate

Sao Paulo (southamerica-east1) - FedRAMP Moderate

Belgium (europe-west1) - FedRAMP Moderate

London (europe-west2) - FedRAMP Moderate

Frankfurt (europe-west3) - FedRAMP Moderate

Netherlands (europe-west4) - FedRAMP Moderate

Finland (europe-north1) - FedRAMP Moderate

Mumbai (asia-south1) - FedRAMP Moderate

Singapore (asia-southeast1) - FedRAMP Moderate

Taiwan (asia-east1) - FedRAMP Moderate

Tokyo (asia-northeast1) - FedRAMP Moderate

Sydney (australia-southeast1) - FedRAMP Moderate

Zurich (europe-west6) - FedRAMP Moderate

Warsaw (europe-central2) - FedRAMP Moderate

Jakarta (asia-southeast2) - FedRAM Moderate

Osaka (asia-northeast2) - FedRAMP Moderate

Seoul (asia-northeast3) - FedRAMP Moderate

FAQs

How can I get FedRAMP compliance for my solution that uses Google Cloud?

FedRAMP allows for varying levels of inheritance for cloud service providers (CSPs) using FedRAMP-authorized infrastructure, platforms, and services. This initial analysis of control vs. inheritance will ultimately determine how much compliance responsibility you will hold as a CSP. For example, if your organization prefers to build the entire stack of your application, you will also create more customer responsibility/obligation during evaluation by your Authorizing Official. If you use Platform as a Service or Software as a Service, there is likely to be a lesser compliance burden.

Once you have selected your FedRAMP-authorized services, Google can help you configure your solution through service-specific configuration guides or direct engagement with FedRAMP experts in our Professional Services organization.

How does Google offer FedRAMP-authorized services when it doesn’t have a GovCloud offering?

Google is one of the first hyperscale commercial cloud providers to achieve FedRAMP High on a commercial public cloud offering, and is one of the largest providers of FedRAMP services available on the market today. In the past, hyperscale providers have separated their “govclouds” from their commercial cloud offerings to meet FedRAMP High requirements. This resulted in degraded service offerings, lower service availability, and higher operational cost. GCP’s FedRAMP High authorization enables government agencies processing high impact workloads to adopt technology at a much higher velocity and at the same scale as commercial customers. It also provides a much-needed boost to competition in the US Government’s public cloud market, giving the public sector a greater range of choices in technology mix and cloud providers than ever before with plans to continue expanding the authorized product offerings.

FedRAMP terms and conditions flow down from our public sector procurement partner, Carahsoft, so if you are interested in FedRAMP on Google Cloud, please contact them here.