FedRAMP

FedRAMP (Federal Risk and Authorization Management Program) is the US Federal Government's cloud security framework, defining baseline security controls and the audit process for cloud services used by US federal agencies. Microsoft 365 is FedRAMP-authorized at various impact levels: Moderate (commercial / GCC), High (GCC High / DoD), and DoD Impact Levels 4 / 5 / 6 for specific defense workloads. FedRAMP authorization is required for US federal agency cloud usage and increasingly referenced in state, local, and tribal government procurement. The FedRAMP audit reports are available in the Microsoft Service Trust Portal. Different impact levels correspond to different Microsoft 365 clouds — GCC, GCC High, DoD.