Skip to content

Commit

Permalink
FedRAMP docs (#8815)
Browse files Browse the repository at this point in the history
  • Loading branch information
@melindafekete
melindafekete authored Nov 22, 2024
1 parent 172e34d commit 0e7b675
Show file tree
Hide file tree
Showing 3 changed files with 83 additions and 0 deletions.
12 changes: 12 additions & 0 deletions website/docs/using-unleash/compliance/compliance-overview.mdx
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
---
title: Compliance for feature flags
description: 'Secure and compliant feature flags at scale with Unleash.'
---

# Compliance

## Overview

Unleash is designed to help organizations meet strict compliance requirements, supporting frameworks like [FedRAMP](https://www.fedramp.gov/program-basics/), [SOC 2](https://www.aicpa-cima.com/topic/audit-assurance/audit-and-assurance-greater-than-soc-2), [ISO 27001](https://en.wikipedia.org/wiki/ISO/IEC_27001), and more. Features such as [audit logs](/reference/events#event-log), [role-based access control](/reference/rbac) (RBAC), and [change request](/reference/change-requests) workflows enable secure feature management at scale.

For a detailed overview of how Unleash can help you with FedRAMP requirements, refer to our [FedRAMP compliance documentation](/using-unleash/compliance/fedramp). For information regarding any other frameworks, [reach out to us](mailto:[email protected]).
56 changes: 56 additions & 0 deletions website/docs/using-unleash/compliance/fedramp.mdx
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,56 @@
---
title: FedRAMP compliance for feature flags
description: 'FedRAMP compliant feature flags at scale with Unleash.'
---

# FedRAMP compliance

## Overview

When operating in a [FedRAMP-compliant](https://www.fedramp.gov/program-basics/) environment, it's crucial to ensure that all integrated systems, including feature flagging solutions, adhere to the same compliance standards. Using a homegrown or third-party feature flag system that does not support FedRAMP standards can compromise your certification and introduce unnecessary risks.

This guide provides an overview of how Unleash features align with FedRAMP controls, helping your organization meet its compliance requirements.

## Access Control

| **FedRAMP Control** | **Unleash Features** |
|-------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| [AC-02 Account Management](https://csrc.nist.gov/projects/cprt/catalog#/cprt/framework/version/SP_800_53_5_1_0/home?element=AC-2) | Unleash uses [role-based access control](/reference/rbac) (RBAC) with configurable permissions. In addition, you can integrate Unleash roles with other identity systems using [SCIM](/reference/scim). You can control authorization at different levels with [single sign-on](/reference/sso) (SSO) and [personal access tokens](/reference/api-tokens-and-client-keys#personal-access-tokens). |
| [AC-04 Information Flow Enforcement](https://csrc.nist.gov/projects/cprt/catalog#/cprt/framework/version/SP_800_53_5_1_0/home?element=AC-4) | Unleash supports information flow control with architectural system components like [Unleash Proxy](/reference/unleash-proxy) or [Unleash Edge](/reference/unleash-edge), and configuration-level options like IP allow-lists. |
| [AC-07 Unsuccessful Logon Attempts](https://csrc.nist.gov/projects/cprt/catalog#/cprt/framework/version/SP_800_53_5_1_0/home?element=AC-7) | Unleash restricts user logins after 10 failed attempts. |

## Audit and Accountability

| **FedRAMP Control** | **Unleash Features** |
|----------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| [AU-02 Event Logging](https://csrc.nist.gov/projects/cprt/catalog#/cprt/framework/version/SP_800_53_5_1_0/home?element=AU-2) | Unleash provides detailed [audit logs and event tracking](/reference/events), accessible through the Admin UI or exportable for integration with other systems. |
| [AU-12 Audit Record Generation](https://csrc.nist.gov/projects/cprt/catalog#/cprt/framework/version/SP_800_53_5_1_0/home?element=AU-12) | Unleash provides detailed [audit logs and event tracking](/reference/events), accessible through the Admin UI or exportable for integration with other systems. |

## Security Assessment and Authorization

| **FedRAMP Control** | **Unleash Features** |
|-------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| [CA-8 Penetration Testing](https://csrc.nist.gov/projects/cprt/catalog#/cprt/framework/version/SP_800_53_5_1_0/home?element=CA-8) | Unleash conducts annual penetration testing by external auditors; results are available upon [request](https://www.getunleash.io/plans/enterprise). |

## Configuration Management

| **FedRAMP Control** | **Unleash Features** |
|--------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------|
| [CM-02 Baseline Configuration](https://csrc.nist.gov/projects/cprt/catalog#/cprt/framework/version/SP_800_53_5_1_0/home?element=CM-2) | Unleash provides [Export](/how-to/how-to-environment-import-export) functionality that facilitates keeping a configuration snapshot of feature flags and related entities in the audit records. Instance-wide configurations, such as projects, users, and roles, can be managed and restored using the [Unleash Terraform provider](/reference/terraform). |
| [CM-05 Access Restrictions for Change](https://csrc.nist.gov/projects/cprt/catalog#/cprt/framework/version/SP_800_53_5_1_0/home?element=CM-5) | Unleash provides advanced [role-based access control](/reference/rbac) (RBAC) controls to implement logical access restrictions. [Change Requests](/reference/change-requests) help you define and track approval flows. |

## Identification and Authentication

| **FedRAMP Control** | **Unleash Features** |
|-----------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------|
| [IA-02 Identification and Authentication](https://csrc.nist.gov/projects/cprt/catalog#/cprt/framework/version/SP_800_53_5_1_0/home?element=IA-2) (Organizational Users) | Unleash provides single sign-on (SSO) to enable customers to enforce multi-factor authentication (MFA) for all Unleash users. |
| [IA-02 (01) Identification and Authentication](https://csrc.nist.gov/projects/cprt/catalog#/cprt/framework/version/SP_800_53_5_1_0/home?element=IA-2) (Organizational Users); Multi-factor Authentication to Privileged Accounts | Unleash provides SSO to enable customers to enforce multi-factor authentication (MFA) for all Unleash users. |
| [IA-02 (02) Identification and Authentication](https://csrc.nist.gov/projects/cprt/catalog#/cprt/framework/version/SP_800_53_5_1_0/home?element=IA-2) (Organizational Users); Multi-factor Authentication to Non-privileged Accounts | Unleash provides SSO to enable customers to enforce multi-factor authentication (MFA) for all Unleash users. |
| [IA-02 (08) Identification and Authentication](https://csrc.nist.gov/projects/cprt/catalog#/cprt/framework/version/SP_800_53_5_1_0/home?element=IA-2) (Organizational Users); Access to Accounts — Replay Resistant | Unleash restricts user logins after 10 failed attempts. |

## System and Communications Protection

| **FedRAMP Control** | **Unleash Features** |
|-------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------|
| [SC-08 (01) Transmission Confidentiality and Integrity](https://csrc.nist.gov/projects/cprt/catalog#/cprt/framework/version/SP_800_53_5_1_0/home?element=SC-8) (Cryptographic Protection) | Unleash implements cryptographic protection for data in transit, as detailed in our SOC2 report (available upon [request](https://www.getunleash.io/plans/enterprise). |
| [SC-17 Public Key Infrastructure Certificates](https://csrc.nist.gov/projects/cprt/catalog#/cprt/framework/version/SP_800_53_5_1_0/home?element=SC-17) | Unleash uses PKI certificates issued by AWS and Google. |
15 changes: 15 additions & 0 deletions website/sidebars.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -537,6 +537,21 @@ const sidebars: SidebarsConfig = {
],
},
'generated/unleash-proxy',
{
type: 'category',
label: 'Compliance',
link: {
type: 'doc',
id: 'using-unleash/compliance/compliance-overview',
},
items: [
{
type: 'doc',
label: 'FedRAMP',
id: 'using-unleash/compliance/fedramp',
},
],
},
{
label: 'Troubleshooting',
type: 'category',
Expand Down

0 comments on commit 0e7b675

Please sign in to comment.