FedRamp GCP – Fedramp and PCI Compliance on Google Cloud
Is GCP FedRamp Compliant? If so, what level of FedRamp does it meet?
The level of FedRamp GCP compliance depends on the GCP service being discussed.
The majority of GCP's core services (Compute Engine, App Engine, Cloud Storage..) are ALL FedRamp HIGH compliant. In addition, when you install custom appliances (e.g. F5 on GCP), you will need to specifically ensure that the encryption modules being used (for e..g. in your SSL cert, the FIPs-140 module being used) meet the level of FedRamp compliance your organization needs.
More importantly, this is across all U.S. regions - i.e. the entire public cloud offering (as opposed to several of AWS' FedRamp compliant services being restricted to AWS' govcloud - same for Azure).
What about PCI Compliance?
PCI DSS on GCP - Customer Responsibility Matrix for GCP DSS.
Where can I find out more about implementing FedRamp compliance on GCP?
FedRamp Implementation Guide GCP
Need Assistance with PCI or FedRAMP compliance on GCP? Set up a free 30 minute consultation.
Leave a Reply