The Federal Risk and Authorization Management Program (FedRAMP) is a U.S. Federal government program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. FedRAMP leverages a standardized set of requirements, established in accordance with the Federal Information Security Management Act (FISMA), to improve consistency and confidence in the security of cloud solutions. The FedRAMP program helps U.S. Federal government agencies to accelerate their adoption of secure cloud solutions across their organization through the reuse of FedRAMP security packages.
New Relic supports U.S. Federal government customers and is responsible for implementing and complying with the requirements established by the FedRAMP program. New Relic maintains a FedRAMP Moderate certification, see New Relic Attains FedRAMP Moderate Impact for SaaS Services.
As a part of New Relic's FedRAMP Moderate certification, New Relic has produced a FedRAMP Customer Implementation Summary/Customer Responsibility Matrix (CIS/CRM) that delineates the shared security and privacy responsibilities of New Relic and its Customers (for example, federal agencies).
CIS: This summarizes the implementation status of each control and the party responsible for maintaining that control, whether the Customer is fully responsible for the control, partially inherits the control (there are some customer responsibilities), or the control is fully implemented by New Relic (no responsibilities for the customer).
CRM: This provides details for a customer of what their responsibilities are for a given control, including responsibilities for optional services (applicable depending on which services the customer acquires). For more information about shared responsibility, download our New Relic FedRAMP CRM worksheet as an XLSX file (70 KB) or as a PDF file (176KB).
For access to the complete New Relic CIS/CRM workbook and other FedRAMP security package documents, please complete and submit a FedRAMP Package Request Form, see New Relic on the FedRAMP marketplace.
Applicable document by service
Caution
Not all New Relic Observability Platform services are in compliance with this program. For non-compliant services, please see the section on services not in scope.
The following applies to the New Relic Observability Platform:
Document | Last updated | Infrastructure | Services |
---|---|---|---|
2024-OCT-30 | AWS, First Party | New Relic Observability Platform |
Important
To use New Relic's offering in compliance with FedRAMP moderate, contact your account representative to assign the account or accounts appropriately. If you require more information about New Relic's FedRAMP authorization, see New Relic's listing in the FedRAMP Marketplace.
Services not in scope
The following services are not FedRAMP-authorized:
Last updated | Infrastructure | Services |
---|---|---|
N/A | Azure | Azure Native New Relic Service |
N/A | AWS | CodeStream |
N/A | AWS, GCP | ML Ops |
N/A | Customer | |
N/A | AWS | |
N/A | GCP | Pixie: Community Cloud for Pixie |
N/A | GCP | Pixie: Auto-telemetry with Pixie |
N/A | AWS, Azure | New Relic AI |