Auto-sync: update nexus workspace
This commit is contained in:
35
wiki/concepts/FedRAMP.md
Normal file
35
wiki/concepts/FedRAMP.md
Normal file
@@ -0,0 +1,35 @@
|
||||
---
|
||||
title: "FedRAMP"
|
||||
type: concept
|
||||
tags:
|
||||
- Compliance
|
||||
- Cloud-Security
|
||||
- Government
|
||||
- Certification
|
||||
last_updated: 2026-04-14
|
||||
---
|
||||
|
||||
# FedRAMP (Federal Risk and Authorization Management Program)
|
||||
|
||||
## Definition
|
||||
美国政府级的云安全认证项目,为云服务和云产品提供统一的安全评估和授权标准。FedRAMP 基于 [[ISO-27001]] 和 NIST SP 800-53 控制框架。
|
||||
|
||||
## Purpose
|
||||
- 为联邦机构提供标准化的云服务安全评估方法
|
||||
- 减少重复安全评估,降低成本
|
||||
- 确保云服务提供商达到政府级别的安全标准
|
||||
|
||||
## Business Value for OpenText
|
||||
- **市场准入**:FedRAMP 认证使 OpenText 能够向联邦政府机构销售云服务
|
||||
- **多垂直市场覆盖**:持有 FedRAMP 等多项行业及政府认证,可进入多个垂直市场
|
||||
- **差异化优势**:证明安全成熟度,增强客户信心
|
||||
|
||||
## Relationship to Other Concepts
|
||||
- 基于 [[ISO-27001]] 构建
|
||||
- 与 [[Global Information Security Policy (GISP)]] 配合,满足政策层面的合规要求
|
||||
- 与 [[Third-Party-Penetration-Testing]] 配合,通过第三方验证满足认证要求
|
||||
|
||||
## Connections
|
||||
- [[ISO-27001]]:框架基础
|
||||
- [[Global Information Security Policy (GISP)]]:政策支撑
|
||||
- [[OpenText]]:持有该认证的组织
|
||||
Reference in New Issue
Block a user