Elastic FedRAMP authorized Cloud offerings
Elastic users can take advantage of the FedRAMP authorized Cloud offerings to host sensitive data in a secure environment that meets their regulatory and compliance requirements.
FedRAMP Moderate deployments are available to all users who have a Platinum or Enterprise subscription level. FedRAMP High deployments are available to United States federal, state, and local agencies as well as tribal groups that have an Enterprise subscription level.
All FedRAMP deployments are hosted on AWS GovCloud (U.S.).
Learn about the Elastic FedRAMP offerings:
This table provides a comparison of features and capabilities included in Elastic Cloud Hosted and all FedRAMP authorized Cloud offerings.
| Feature | Elastic Cloud Hosted | FedRAMP Moderate | FedRAMP High |
|---|---|---|---|
| Trial period | 14 days | 30 days | none |
| Marketplace offering | AWS/GCP/Azure | AWS GovCloud | AWS GovCloud |
| Cloud service provider | AWS/GCP/Azure | AWS GovCloud | AWS GovCloud |
| Required subscription level | Standard, Gold, Platinum, Enterprise | Platinum, Enterprise | Enterprise |
| Available regions | 50+ regions | us-gov-east-1 |
us-gov-east-1 |
| Allowed users | All | All | U.S. federal, state, and local agencies; tribal groups |
| IPv6 support at the edge | No | Yes | Yes |
| Bring Your Own Key (BYOK) | Yes | No | No |
| Support policy | Global coverage | Global coverage or optional U.S. persons on U.S. soil support available | U.S. persons on U.S. soil support |
| Kibana connectors | All connector types | Email, Index, Webhook, Gen-AI, Bedrock, Gemini, Inference, Slack, Slack-API, PagerDuty | Email, Index, Webhook, Gen-AI, Bedrock, Gemini, Inference, Slack, Slack-API, PagerDuty |
| Cross-cluster search and cross-cluster replication | Yes | Yes | Yes |
| Private connectivity | Yes | Yes | No |
| AutoOps | Yes | No | No |
| Synthetic monitoring | Yes | No | No |
| Elastic Inference Service | Yes | No | No |
| Managed OTLP Endpoint (mOTLP) | Yes | No | No |
| Custom bundles and plugins | Yes | Yes | No |
| Elastic AI Assistant for Observability and Search, Elastic AI Assistant for Security | Yes | Elastic Managed LLM not available | Elastic Managed LLM not available |
| Attack Discovery | Yes | Yes | TBD |
| Universal profiling | Yes | No | No |
FedRAMP Moderate deployments are available for self-serve setup. Refer to the Elastic FedRAMP authorized cloud offerings page to get started with a free trial.
To get started on FedRAMP High, contact our support team.
There are some limitations to note for using the FedRAMP authorized Cloud offerings.
Applies to: FedRAMP Moderate, FedRAMP High
Only FIPS 140-2 compliant TLS protocols, ciphers, and curve types are allowed to be used as listed below.
- The supported TLS versions are
TLS v1.2andTLS v1.3. - The supported cipher suites are:
TLS v1.2:ECDHE-RSA-AES-128-GCM-SHA256,ECDHE-RSA-AES-256-GCM-SHA384,ECDHE-ECDSA-AES-128-GCM-SHA256,ECDHE-ECDSA-AES-256-GCM-SHA384TLS v1.3:TLS-AES-128-GCM-SHA256,TLS-AES-256-GCM-SHA384
- The supported curve types are
P-256,P-384andP-521.
Support for encrypted private keys is not available, as the cryptographic modules used for decrypting password protected keys are not FIPS validated. If an output or any other component with an SSL key that is password protected is configured, the components will fail to load the key. When running in FIPS mode, you must provide non-encrypted keys. Be sure to enforce security in your FIPS environments through other means, such as strict file permissions and access controls on the key file itself, for example.
Applies to: FedRAMP Moderate, FedRAMP High
The Elastic Defend integration that runs on hosts being protected has various features that require data to be sent directly to Elastic-managed cloud services. The data sent is not sourced from within the secure enclave on the host. However, you may still want to adjust the configuration for your FedRAMP Moderate and FedRAMP High environments. You can use the advanced setting [linux,mac,windows].advanced.allow_cloud_features to activate or deactivate each Elastic Defend feature individually.
Applies to: FedRAMP High
Custom plugins are currently not supported in FedRAMP High deployments.
Find answers here to some common questions about using the FedRAMP authorized Cloud offerings.
- Who can use FedRAMP?
-
The FedRAMP authorized Cloud offerings are intended for users who require their Elastic Cloud services to meet special security and compliance requirements:
- FedRAMP Moderate is available to all users having a Platinum or Enterprise subscription level.
- FedRAMP High is available to United States federal, state, and local agencies as well as tribal groups. An Enterprise subscription level is required.
- Where is FedRAMP hosted?
- FedRAMP Moderate and FedRAMP High Elastic Cloud deployments are hosted on AWS GovCloud (US) in the
us-gov-east-1region.