Release of cloud.gov Pages Customer Responsibility Matrix (CRM)

Our website publishing platform, cloud.gov Pages, is now fully authorized by FedRAMP® at the Moderate impact level, and is replacing the Federalist offering, formerly at https://federalist.18f.gov. As part of that migration, we are publishing the Control Implementation Summary (CIS) + Customer Responsibility Matrix (CRM) + Control-by-Control Inheritance (.xlsx). The CRM is a summary of each Low security control and whether it is handled by cloud.gov, a shared responsibility, or a customer responsibility. It includes guidance on which controls a customer system can fully or partially inherit from cloud.gov Pages.

We will release a CRM for the cloud.gov Pages Moderate impact controls in the near future. Updates to the cloud.gov Pages CRM will be reflected on our FedRAMP Tracker page