Hello all. I'm a FEDRAMP noob, mainly because we are responding to a US Army solicitation for a web-based application for behavior therapy. The preponderance of applications are commercial and deliver content under commercial or individual subscriptions.
As I understand, FEDRAMP is required when the web application holds or involved 'federal' data. Am i wrong in assuming that since this application, used much like Netflix (on a personal flat screen device) and using OTA or home networks, that FEDRAMP would not be required?
Please correct me if I my assumptions are incorrect. We are trying to convince a KO that a new requirement added to what is a commercial product solution is overreaching.
Thanks in advance for any feedback/clarity.
[link] [comments]