Before you can achieve FedRAMP authorization, you need to determine which impact level and baseline applies to your system. This decision will shape everything from your control implementation to your documentation and assessment process.
This section of the FedRAMP Hub explains how FedRAMP levels are categorized and how to identify the right path for your cloud service offering (CSO) based on the type of data you handle and the risk level of your solution.
Explore these articles to understand each FedRAMP level and corresponding baseline(s) in depth:
FedRAMP Levels & Baselines, Explained
Learn how to determine the appropriate FedRAMP authorization level and baseline based on the sensitivity of the federal data your system processes.
FedRAMP High: Who Needs The Highest Level & How It Compares to Moderate
Understand what makes the High baseline the most rigorous and how it differs from the widely used Moderate baseline.
FedRAMP Moderate: Requirements & How to Prepare
Get familiar with the most common FedRAMP baseline and what it takes to achieve and maintain authorization at this level.
FedRAMP Low, 20x, and LI-SaaS Baselines: What They Are & Who They Apply to
Explore the multiple baselines designed for low-risk systems and how they streamline the path to authorization for SaaS providers.
