Teleport Launches Beams — Trusted Agent Runtimes For Infrastructure
Learn More
Support
LOG IN
Try for FreeContact Sales
Background image

COMPLIANCE

Accelerate FedRAMP Authorization with Teleport

Teleport helps cloud service providers achieve and maintain FedRAMP authorization by establishing a unified identity layer across humans, machines, workloads, and AI agents. Cryptographic identities, short-lived certificates, and identity-traceable audit logs deliver the access, authentication, and continuous monitoring evidence needed to meet NIST SP 800-53 controls - so you can unlock federal revenue faster and reduce time in the audit chair.

Book a Demo

Teleport Features for FedRAMP Controls

Access Controls

Control Name

ID

Teleport Capability

Account Management

AC-02

  • Teleport integrates with SSO providers such as GitHub, Okta, Google, etc.
  • Teleport supports role-based access control (RBAC) for SSH and Kubernetes
  • Teleport certificate-based SSH and Kubernetes authentication and audit logging comply with these requirements without additional configuration.
  • Audit events are emitted when a user is created, updated, deleted, locked, or unlocked.

Access Enforcement

AC-03

Teleport supports robust role-based access controls (RBAC). RBAC can be used to:

  • Control which SSH nodes a user can or cannot access.
  • Control cluster-level configuration (session recording, configuration, etc.).
  • Control which UNIX logins a user is allowed to use when logging into a server.
  • Control which user groups have access to Kubernetes resources.

Unsuccessful Logon Attempts

AC-07

Teleport supports two types of users: local and SSO-based accounts (GitHub, Google Apps, Okta, etc). For local accounts, by default, Teleport locks accounts for 30 minutes after 5 failed login attempts. For SSO-based accounts, the number of invalid login attempts and lockout time period is controlled by the SSO provider.

System Use Notification

AC-08

Teleport supports two methods for System Use Notifications:

  • Linux Pluggable Authentication Modules (PAM). PAM modules can be used to display a custom message on login using a message of the day (MOTD) module within the Session management primitive.
  • Pre-Authentication MOTD. A method for displaying a custom message of the day (MOTD) prior to authenticating as a user.

Concurrent Session control

AC-10

Teleport supports both a maximum number of connections (`max_connections`) and the maximum number of simultaneously connected users (`max_users`) under the `connection_limits` configuration parameter.

Session Termination

AC-12

Teleport user sessions are automatically terminated when a certificate expires. Users can exit a Teleport interactive session at any time by typing `exit` or sending an interrupt signal to the process for remote execution of a program. Logout of all sessions (destroying credentials) indicates termination of all sessions and includes an explicit logout message.

Remote Access

AC-17

Teleport administrators create users with configurable roles that can be used to allow or deny access to system resources. Admins can terminate active sessions with session locking. Teleport terminates sessions on expiry or inactivity.

Use of External Information Systems

AC-20

Teleport supports connecting multiple independent clusters using a feature called Trusted Clusters. When allowing access from one cluster to another, roles are mapped according to a pre-defined relationship of the scope of access.

Audit & Accountability

Configuration Management

Identification and Authentication

System and Communications Protection

Ready to Teleport?

Contact SalesStart Free Trial