Compliance
FedRAMP (Federal Risk and Authorization Management Program) is a critical framework for cloud service providers (CSPs) aiming to offer their cloud solutions to the U.S. Federal government. The FedRAMP security controls are based on NIST SP 800-53 baselines and contain controls, parameters, and guidance above the NIST baseline that address the unique elements of cloud computing.
Access Controls | ||||||
---|---|---|---|---|---|---|
Control Name | ID | Teleport Capability | ||||
Account Management | AC-02 |
| ||||
Access Enforcement | AC-03 | Teleport supports robust role-based access controls (RBAC). RBAC can be used to:
| ||||
Unsuccessful Logon Attempts | AC-07 | Teleport supports two types of users: local and SSO-based accounts (GitHub, Google Apps, Okta, etc). For local accounts, by default, Teleport locks accounts for 30 minutes after 5 failed login attempts. For SSO-based accounts, the number of invalid login attempts and lockout time period is controlled by the SSO provider. | ||||
System Use Notification | AC-08 | Teleport supports two methods for System Use Notifications:
| ||||
Concurrent Session control | AC-10 | Teleport supports both a maximum number of connections (`max_connections`) and the maximum number of simultaneously connected users (`max_users`) under the `connection_limits` configuration parameter. | ||||
Session Termination | AC-12 | Teleport user sessions are automatically terminated when a certificate expires. Users can exit a Teleport interactive session at any time by typing `exit` or sending an interrupt signal to the process for remote execution of a program. Logout of all sessions (destroying credentials) indicates termination of all sessions and includes an explicit logout message. | ||||
Remote Access | AC-17 | Teleport administrators create users with configurable roles that can be used to allow or deny access to system resources. Admins can terminate active sessions with session locking. Teleport terminates sessions on expiry or inactivity. | ||||
Use of External Information Systems | AC-20 | Teleport supports connecting multiple independent clusters using a feature called Trusted Clusters. When allowing access from one cluster to another, roles are mapped according to a pre-defined relationship of the scope of access. |
Audit & Accountability |
---|
Configuration Management |
---|
Identification and Authentication |
---|
System and Communications Protection |
---|