Skip to main content

FedRAMP compliance

Overview

When operating in a FedRAMP-compliant environment, it's crucial to ensure that all integrated systems, including feature flagging solutions, adhere to the same compliance standards. Using a homegrown or third-party feature flag system that does not support FedRAMP standards can compromise your certification and introduce unnecessary risks.

This guide provides an overview of how Unleash features align with FedRAMP controls, helping your organization meet its compliance requirements.

Access Control

FedRAMP ControlUnleash Feature
AC-02 Account ManagementUnleash uses role-based access control (RBAC) with configurable permissions. In addition, you can integrate Unleash roles with other identity systems using SCIM. You can control authorization at different levels with single sign-on (SSO) and personal access tokens.
AC-04 Information Flow EnforcementUnleash supports information flow control with architectural system components like Unleash Proxy or Unleash Edge, and configuration-level options like IP allow-lists.
AC-07 Unsuccessful Logon AttemptsUnleash restricts user logins after 10 failed attempts.

Audit and Accountability

FedRAMP ControlUnleash Feature
AU-02 Event LoggingUnleash provides detailed audit logs and event tracking, accessible through the Admin UI or exportable for integration with other systems.
AU-12 Audit Record GenerationUnleash provides detailed audit logs and event tracking, accessible through the Admin UI or exportable for integration with other systems.

Security Assessment and Authorization

FedRAMP ControlUnleash Feature
CA-8 Penetration TestingUnleash conducts annual penetration testing by external auditors; results are available upon request.

Configuration Management

FedRAMP ControlUnleash Feature
CM-02 Baseline ConfigurationUnleash provides Export functionality that facilitates keeping a configuration snapshot of feature flags and related entities in the audit records. Instance-wide configurations, such as projects, users, and roles, can be managed and restored using the Unleash Terraform provider.
CM-05 Access Restrictions for ChangeUnleash provides advanced role-based access control (RBAC) controls to implement logical access restrictions. Change Requests help you define and track approval flows.

Identification and Authentication

FedRAMP ControlUnleash Feature
IA-02 Identification and Authentication (Organizational Users)Unleash provides single sign-on (SSO) to enable customers to enforce multi-factor authentication (MFA) for all Unleash users.
IA-02 (01) Identification and Authentication (Organizational Users); Multi-factor Authentication to Privileged AccountsUnleash provides SSO to enable customers to enforce multi-factor authentication (MFA) for all Unleash users.
IA-02 (02) Identification and Authentication (Organizational Users); Multi-factor Authentication to Non-privileged AccountsUnleash provides SSO to enable customers to enforce multi-factor authentication (MFA) for all Unleash users.
IA-02 (08) Identification and Authentication (Organizational Users); Access to Accounts — Replay ResistantUnleash restricts user logins after 10 failed attempts.

System and Communications Protection

FedRAMP ControlUnleash Feature
SC-08 (01) Transmission Confidentiality and Integrity (Cryptographic Protection)Unleash implements cryptographic protection for data in transit, as detailed in our SOC2 report (available upon request.
SC-17 Public Key Infrastructure CertificatesUnleash uses PKI certificates issued by AWS and Google.