FedRAMP Authorized — Moderate Impact
DocuSign for Government by DocuSign. 6 compliance features verified.
DocuSign for Government
by DocuSign
Impact Level
Moderate
Status
Authorized
Pricing
mid market
Authorization Date: May 18, 2016 | Sponsoring Agency: GSA
Overview
DocuSign for Government is a FedRAMP Moderate authorized electronic signature and agreement cloud for government organizations. It provides legally binding electronic signatures, contract lifecycle management, and document workflows. The platform supports compliance with ESIGN Act and UETA requirements.
Key Features
Certifications & Authorizations
Deployment Options
NIST 800-171 Compliance Coverage
How to Procure DocuSign for Government for Defense Contracts
DocuSign for Government is available through GSA Multiple Award Schedule (MAS) under SIN 518210C (IT Professional Services) and SIN 54151S (Software as a Service). Government pricing includes volume discounts typically 15-25% below commercial rates, with additional savings through enterprise licensing agreements. Contracting officers must review the FedRAMP authorization package including the System Security Plan (SSP), Plan of Action and Milestones (POA&M), and Continuous Monitoring reports. The authorization boundary encompasses the DocuSign application, underlying AWS GovCloud infrastructure, and all data flows for signature workflows. Key approval requirements include acceptance of the shared responsibility model, review of data residency commitments (US persons only), and validation of encryption standards (AES-256). Typical procurement timeline ranges 60-90 days including security review, legal assessment of terms, and technical integration planning. For CMMC assessment boundaries, include DocuSign as a covered contractor information system when processing CUI through signature workflows. Document API integrations and data flows in your System Security Plan, ensuring proper categorization under NIST SP 800-171 information system boundaries. Establish formal agreements covering incident response procedures and breach notification requirements.
Compliance Cross-References
DocuSign for Government's FedRAMP Moderate authorization directly supports DFARS 252.204-7012 compliance by providing adequate security controls for Controlled Unclassified Information (CUI) processing during contract signature workflows. The cloud deployment satisfies DFARS 252.239-7010 requirements through validated government cloud infrastructure and continuous monitoring. NIST 800-171 control implementation includes Access Control (AC) through multi-factor authentication and role-based permissions, System and Communications Protection (SC) via FIPS 140-2 encryption and secure transmission protocols, and Audit and Accountability (AU) through comprehensive logging and monitoring capabilities. For CMMC Level 2 assessment, DocuSign addresses Asset Management through automated inventory tracking, Access Control via identity federation with government systems, and System and Information Integrity through real-time security monitoring. DoD Cloud Computing SRG Impact Level 2 requirements are met through dedicated government cloud tenancy, data residency controls, and personnel security clearance requirements for support staff accessing government data environments.
Defense Contractor Use Case
Defense contractors use DocuSign Government for executing contracts, NDAs, and government forms electronically, streamlining the agreement process while maintaining FedRAMP compliance.
Related Products
More Productivity Products
Related Compliance Assessments
Frequently Asked Questions
What is the FedRAMP authorization level for DocuSign for Government?
DocuSign for Government is authorized at the FedRAMP Moderate impact level, with authorization granted on 2016-05-18 sponsored by GSA. The FedRAMP Moderate baseline includes approximately 325 security controls covering confidentiality, integrity, and availability.
Can defense contractors use DocuSign for Government for CUI?
DocuSign for Government is authorized at the FedRAMP Moderate baseline. While FedRAMP Moderate covers a broad range of government data, defense contractors handling CUI should carefully evaluate whether Moderate controls meet their specific DFARS 252.204-7012 and NIST 800-171 requirements. Some CUI categories may require FedRAMP High authorization depending on the sensitivity of the data and contract requirements.
How does DocuSign for Government pricing compare to commercial?
DocuSign for Government government pricing is generally competitive with commercial pricing, though the government edition may carry a premium of 10-20% to cover FedRAMP compliance and dedicated infrastructure costs. Mid-market organizations can often access government pricing through GSA Schedule contracts or reseller partners. Contact DocuSign for a quote tailored to your organization size and requirements.
Browse All FedRAMP Authorized Tools
Search and filter 80+ FedRAMP authorized products for your defense contracting needs.
Open FedRAMP FinderTrack DocuSign for Government FedRAMP compliance updates with AI-powered intelligence
Signals matches SAM.gov opportunities to your profile, monitors regulatory changes, and alerts you before competitors. Free for 90 days.
Start Free — 90 Days