background

FedRAMP Levels

Before you can achieve FedRAMP authorization, you need to determine which impact level and baseline applies to your system. This decision will shape everything from your control implementation to your documentation and assessment process.

This section of the FedRAMP Hub explains how FedRAMP levels are categorized and how to identify the right path for your cloud service offering (CSO) based on the type of data you handle and the risk level of your solution.

Explore these articles to understand each FedRAMP level and corresponding baseline(s) in depth:

FedRAMP Levels & Baselines, Explained

Learn how to determine the appropriate FedRAMP authorization level and baseline based on the sensitivity of the federal data your system processes.

Explore Resourceangle-right

FedRAMP High: Who Needs The Highest Level & How It Compares to Moderate

Understand what makes the High baseline the most rigorous and how it differs from the widely used Moderate baseline.

Explore Resourceangle-right

FedRAMP Moderate: Requirements & How to Prepare

Get familiar with the most common FedRAMP baseline and what it takes to achieve and maintain authorization at this level.

Explore Resourceangle-right

FedRAMP Low, 20x, and LI-SaaS Baselines: What They Are & Who They Apply to

Explore the multiple baselines designed for low-risk systems and how they streamline the path to authorization for SaaS providers.

Explore Resourceangle-right