FedRAMP

Josef Kamara, CPA, CISSP, CISA · Updated May 6, 2026 · 1 minute read

FedRAMP Moderate

The FedRAMP impact level for cloud services that handle data whose loss of confidentiality, integrity, or availability would have serious adverse effects on federal operations or assets. The Moderate baseline requires implementation of 323 NIST SP 800-53 Revision 5 controls and is the most common authorization level, covering the majority of federal SaaS, IaaS, and PaaS workloads.

From the library

The full analysis on FedRAMP Moderate.

The article is where the term meets the practitioner. Read how this concept actually shows up in audit, in remediation, and in the boardroom.

Read the analysis →
The Authority Brief

One compliance analysis per week from Josef Kamara, CPA, CISSP, CISA. Federal and private compliance, written for practitioners.