The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide program that promotes the adoption of secure cloud services across the federal government by providing a standardized approach to security and risk assessment for cloud technologies and federal agencies. FedRAMP uses the National Institutes of Standards & Technology Special Publication (NIST SP) 800 series and requires cloud service providers to complete an independent security assessment conducted by an accredited third-party assessment organization (3PAO) to ensure that authorizations are compliant with the Federal Information Security Management Act of 2002 (FISMA 2002).
New Relic has met the FedRAMP security control requirements as described in the NIST SP 800-53, Rev. 5 security control baseline for Moderate impact levels, has been assessed by an independent 3PAO, has posted its security package in FedRAMP's secure repository, and maintains a FedRAMP Moderate authorization, see New Relic Attains FedRAMP Moderate Impact for SaaS Services. Federal agencies are responsible for reviewing New Relic's security package, including shared responsibility details, and issuing their own Authority to Operate (ATO) decision.
As a part of achieving a FedRAMP Moderate authorization, New Relic has produced a FedRAMP Customer Implementation Summary/Customer Responsibility Matrix (CIS/CRM) that delineates the shared security and privacy responsibilities between New Relic and its Customers (for example, federal agencies). Download our New Relic FedRAMP Customer Responsibility Matrix (CRM) as an XLSX file (70 KB) or as a PDF file (176KB) to understand your specific implementation responsibilities. This document outlines the security controls that customers will need to engineer, design, define and implement in order to be in compliance with the FedRAMP baseline and to help customers achieve and maintain their ATO.
For access to the New Relic security package and the entire New Relic CIS/CRM matrix, U.S. government employees and contractors can sign and submit the FedRAMP Package Request Form from the New Relic FedRAMP Marketplace to package-access@fedramp.gov.
Applicable document by service
Caution
Not all New Relic Observability Platform services are in compliance with this program. For non-compliant services, please see the section on services not in scope.
The following applies to the New Relic Observability Platform:
Document | Last updated | Infrastructure | Services |
|---|---|---|---|
2024-OCT-30 | AWS, First Party | New Relic Observability Platform |
Important
To use New Relic's offering in compliance with FedRAMP moderate, contact your account representative to assign the account or accounts appropriately. If you require more information about New Relic's FedRAMP authorization, see New Relic's listing in the FedRAMP Marketplace.
Services not in scope
The following services are not FedRAMP-authorized:
Last updated | Infrastructure | Services |
|---|---|---|
N/A | Azure | Azure Native New Relic Service |
N/A | AWS | CodeStream |
N/A | AWS, GCP | ML Ops |
N/A | Customer | New Relic Mobile App |
N/A | GCP | Pixie: Community Cloud for Pixie |
N/A | GCP | Pixie: Auto-telemetry with Pixie |
N/A | AWS, Azure | New Relic AI |
N/A | AWS | Agentic Integration - Github Copilot |
N/A | AWS | Agentic Integration - Google Gemini Code Assist |
N/A | AWS | New Relic Control |
N/A | N/A | New Relic Github Application |
N/A | AWS | Response Intelligence - RAG Data Indexing & Mgmt |
N/A | AWS | New Relic eAPM |
N/A | N/A | Schedule NRQL Searches |
N/A | N/A | New Relic AI Model Context Protocol (MCP) |