Back to Details

fedramp-compliance

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

FedRAMP Compliance

FedRAMP合规

Implement FedRAMP requirements for federal cloud services.
为联邦云服务实施FedRAMP合规要求。

Impact Levels

影响级别

yaml
levels:
  low:
    controls: ~125
    use_case: Public data
    
  moderate:
    controls: ~325
    use_case: CUI, most federal systems
    
  high:
    controls: ~425
    use_case: Law enforcement, emergency services
yaml
levels:
  low:
    controls: ~125
    use_case: 公开数据
    
  moderate:
    controls: ~325
    use_case: CUI、大多数联邦系统
    
  high:
    controls: ~425
    use_case: 执法、应急服务

NIST 800-53 Families

NIST 800-53控制家族

yaml
control_families:
  AC: Access Control
  AU: Audit and Accountability
  AT: Awareness and Training
  CM: Configuration Management
  CP: Contingency Planning
  IA: Identification and Authentication
  IR: Incident Response
  MA: Maintenance
  MP: Media Protection
  PE: Physical Protection
  PL: Planning
  PS: Personnel Security
  RA: Risk Assessment
  CA: Assessment and Authorization
  SC: System and Communications Protection
  SI: System and Information Integrity
  SA: System and Services Acquisition
  PM: Program Management
yaml
control_families:
  AC: 访问控制
  AU: 审计与问责
  AT: 意识与培训
  CM: 配置管理
  CP: 应急规划
  IA: 身份识别与认证
  IR: 事件响应
  MA: 维护
  MP: 介质保护
  PE: 物理保护
  PL: 规划
  PS: 人员安全
  RA: 风险评估
  CA: 评估与授权
  SC: 系统与通信保护
  SI: 系统与信息完整性
  SA: 系统与服务采购
  PM: 项目管理

Continuous Monitoring

持续监控

yaml
conmon:
  vulnerability_scans: Monthly
  penetration_tests: Annual
  poa_m_updates: Monthly
  security_assessment: Annual
yaml
conmon:
  vulnerability_scans: 每月一次
  penetration_tests: 每年一次
  poa_m_updates: 每月一次
  security_assessment: 每年一次

Best Practices

最佳实践

  • 3PAO assessment
  • SSP documentation
  • POA&M tracking
  • Continuous monitoring
  • Annual authorization
  • 3PAO评估
  • SSP文档编制
  • POA&M跟踪
  • 持续监控
  • 年度授权