Oracle Compliance Program
DISA and FedRAMP Authorizations

Oracle offers FedRAMP-compliant and DISA P-ATO authorized infrastructure and software services. These services and solutions are assessed by a third-party assessment organization (3PAOs) to complete a readiness for the authorization and are continuously monitored for compliance requirements.

See a complete list of FedRAMP-compliant services at Oracle FedRAMP Marketplace.

What is FedRAMP?

Federal Risk and Authorization Management Program (FedRAMP) and Defense Information Systems Agency (DISA) Authorizations

FedRAMP is a security framework established to protect data confidentiality, integrity, and availability in cloud environments. Launched within the General Services Administration (GSA) in 2012, FedRAMP’s mission is to:

  • Accelerate adoption of secure cloud products and of government-authorized secure cloud solutions and assessments
  • Build confidence in cloud-based products and deployment architectures
  • Achieve collaboration, agreement, and consistency for all cloud products deployed within the government—within or outside of the FedRAMP marketplace
  • Develop and certify security deployment methods
  • Drive digital transformation through emerging technologies, including automation, real-time analytics, and more to better support government’s mission

FedRAMP High JAB P-ATO

Oracle Cloud Infrastructure (OCI) can provide government customers with the stringent security standards necessary to protect the federal government's data. Oracle has obtained a P-ATO from the Joint Authorization Board (JAB) for FedRAMP High in its U.S. Government Cloud regions.

  • Announcements
  • API Gateway
  • Application Performance Monitoring
  • Auditing
  • Autonomous Data Warehouse
  • Autonomous Database Dedicated
  • Autonomous Database Shared
  • Autonomous Dedicated
  • Autonomous JSON Database
  • Autonomous Shared
  • Autonomous Transaction Processing
  • Autoscaling
  • Block Storage
  • Cloud Guard
  • Cloud Shell Service
  • Cloud VMWare Solution
  • Compute
  • Compute GPU
  • Connector Hub
  • Container Engine for Kubernetes
  • Data Flow
  • Data Safe
  • Data Science
  • Data Transfer Service
  • Database
  • Database Cloud Service
  • Digital Assistant
  • E-mail Delivery Service
  • Events
  • Exadata
  • Exadata Cloud Service
  • FastConnect
  • File Storage
  • High Performance Compute
  • Identity and Access Management
  • Integration
  • Key Management
  • Linux YUM/Repo
  • Load Balancing
  • Management Agent Service
  • Marketplace
  • Metering
  • Monitoring
  • Notifications
  • Object Storage
  • OCI Data Catalog
  • OCI Registry (OCIR)
  • Operational Insights
  • OS Management Service
  • Private Endpoints
  • Process Automation
  • Public Logging (includes VCN Flow Logs)
  • Resource Manager
  • Search Service with OpenSearch
  • Streaming
  • Tenant Manager
  • Terraform
  • Vault
  • Virtual Cloud Networks
  • Vision
  • Visual Builder Studio
  • Visual Builder

The following services are currently under government review for approval:

  • Data Labeling
  • OpenSearch
  • Vision

Oracle’s FedRAMP Moderate cloud services include the following:

SaaS

Oracle Aconex for Defense

Oracle B2C Service

Oracle Customer Experience Cloud

  • Partner relationship management
  • Sales automation

Oracle Enterprise Resource Planning

  • Financials
  • Procurement
  • Project management
  • Risk management

Oracle Human Capital Management

  • HR
  • Payroll
  • Talent management
  • Workforce management

Oracle Talent Acquisition Cloud (Taleo)

Oracle Supply Chain Management

  • Inventory
  • Manufacturing
  • Maintenance
  • Order management
  • Product lifecycle management
  • Supply chain planning

Defense Information Systems Agency (DISA) Authorizations

The Defense Information Systems Agency's mission is to provide, operate and defend global command and control and information-sharing capabilities for the entire Defense Department, national-level leaders, and coalition partners. The DISA Cloud Computing Security Requirements Guide (CC SRG) outlines how the US Department of Defense (DoD) assesses the security posture of non-DoD cloud service providers (CSPs) and how to grant a DoD Provisional Authorization (PA) to host DoD information and systems. The CC SRG defines the DoD Impact Levels which are a combination of the sensitivity of the information to be stored and/or processed in the cloud; and the potential impact of an event that results in the loss of confidentiality, integrity, or availability of that information:

  • Impact Level 2: Data cleared for public release (note: Level 1 was combined with Level 2)
  • Impact Level 4: Controlled unclassified information (CUI) over the Non-Secure Internet Protocol Router Network (NIPRNet). CUI includes protected health information (PHI), privacy information (PII) and export controlled data (note: Level 3 was combined with Level 4)
  • Impact Level 5: Higher sensitivity CUI, mission-critical information, or NSS over NIPRNet
  • Impact Level 6: Classified data over Secret Internet Protocol Router Network (SIPRNet)

Oracle’s DISA Impact Level 5 cloud services include the following:

Tech

  • Announcements
  • API Gateway
  • Application Performance Monitoring
  • Auditing
  • Autonomous Database Dedicated
  • Autonomous Database Shared
  • Autoscaling
  • Block Storage
  • Cloud Shell Service
  • Compute
  • Compute HPC
  • Database
  • Data Flow
  • Data Science
  • Data Transfer Service
  • Digital Assistant
  • E-mail Delivery Service
  • Events
  • Exadata
  • FastConnect
  • File Storage
  • Identity and Access Management
  • Key Management
  • Linux YUM/Repo
  • Load Balancing
  • Marketplace
  • Metering
  • Monitoring
  • Notifications
  • Object Storage
  • Oracle Autonomous Data Warehouse
  • Oracle Autonomous Transaction Processing
  • Oracle Cloud Infrastructure Data Catalog
  • Oracle Cloud Infrastructure Registry (OCIR)
  • Oracle Cloud Infrastructure Service Connector Hub
  • Oracle Cloud VMWare Solution
  • Oracle Container Engine for Kubernetes
  • Oracle Integration Cloud
  • Private Endpoints
  • Public Logging (includes VCN Flow Logs)
  • Resource Manager
  • Streaming
  • Terraform
  • Vault
  • Virtual Cloud Networks

The following services are currently under government review for approval:

  • Analytics Cloud
  • Big Data Service
  • Content Management
  • Data Labeling
  • DevOps
  • Forecasting
  • GoldenGate
  • Identity Cloud
  • Language
  • Network Firewall
  • NoSQL Database Cloud Service
  • Operations Insights
  • Speech
  • Vision
  • Vulnerability Scanning Service
  • Web Application Firewall

Oracle’s DISA Impact Level 4 cloud services include the following:

SaaS

Oracle Aconex for Defense

Oracle B2C Service

Oracle Enterprise Resource Planning

  • Financials
  • Procurement
  • Project management
  • Risk management

Oracle Customer Experience Cloud

  • Partner relationship management
  • Sales automation

Oracle Human Capital Management

  • HR
  • Payroll
  • Talent management
  • Workforce management

Oracle Supply Chain Management

  • Inventory
  • Maintenance
  • Manufacturing
  • Order management
  • Product lifecycle management
  • Supply chain planning

Oracle’s DISA Impact Level 2 cloud services include the following:

SaaS

  • Oracle Talent Acquisition Cloud (Taleo)

Resources and more

Oracle Cloud Marketplace now available in all government regions

Oracle Cloud Marketplace provides a single platform where government customers can discover, evaluate, and launch a rich ecosystem of click-to-deploy images and end-to-end solution stacks provided by Oracle and third party independent software vendor (ISV) partners.

Explore the Marketplace

Oracle Cloud services available on federal contracts

Federal agencies can purchase Oracle Cloud services quickly and easily through existing contracts that provide access to Oracle’s Generation 2 Enterprise Cloud and its comprehensive cloud computing services portfolio.

Explore Federal Contracts Vehicles

Oracle has attained a P-ATO from the Joint Authorization Board (JAB) for FedRAMP High in its US Government Cloud Regions.

Oracle Cloud for Government helps agencies maximize IT investment, manage enterprise workloads, and build cloud native solutions for the future. It’s authorized to operate at a FedRAMP High JAB and Impact Level 4, providing compliant, highly secure, and resilient infrastructure and solutions for U.S. federal agencies, state and local offices, and government-affiliated entities.

Read more on FedRAMP High JAB

Oracle National Security Regions (ONSRs) meet the highest level of US government classification standards.

Oracle National Security Regions (ONSRs) meet the highest level of U.S. Government classification standards and are designed and built for the U.S. DoD and Intelligence communities. Completely isolated from the internet, these air-gapped regions securely provide IaaS, PaaS, SaaS, and marketplace services, and enable mission owners to secure nation’s data, remove data silos, and innovate.

Learn about Classified

Oracle's DISA IL5-authorized cloud environments support DoD mission-critical workloads.

Oracle Cloud for Government enables an all-domain advantage for the U.S. Department of Defense (DoD) with cloud innovation and resilience. Oracle’s DISA IL5-authorized cloud environments support the DoD’s strategic objectives across multidomain warfighting capability.

See more on IL5