FedRAMP clarification

old.reddit.com / @/u/BrandonSB2, https://old.reddit.com/user/BrandonSB2

We are working towards CMMC and are spinning up a Microsoft GCC instance. Based on what we've heard in passing it sounds like if you host an application within Microsoft GCC then that would in theory make it compliant to FedRAMP. Does anyone know if this is the case? For example, say we hosted a password manager within a VM in the GCC instance. The password manager standalone isn't FedRAMP authorized but if it was behind Microsoft's GCC instance would that be covered as meeting FedRAMP requirements? The main problem here is a lot of our solutions in the MSP industry don't necessarily have FedRAMP authorized toolsets but they could be hosted within a FedRAMP authorized space (A VM within Microsoft GCC).

submitted by /u/BrandonSB2
[link] [comments]

published 10 months ago




See all items from the same source