FedRAMP Authorized — Moderate Impact
Fortinet FortiGate Government Cloud by Fortinet. 6 compliance features verified.
Fortinet FortiGate Government Cloud
by Fortinet
Impact Level
Moderate
Status
Authorized
Pricing
mid market
Authorization Date: December 5, 2018 | Sponsoring Agency: DHS
Overview
Fortinet FortiGate Government Cloud provides FedRAMP Moderate authorized next-generation firewall and network security services. It offers unified threat management, SD-WAN, and security fabric integration for government networks. The platform delivers high-performance network security with specialized government threat feeds.
Key Features
Certifications & Authorizations
Deployment Options
NIST 800-171 Compliance Coverage
How to Procure Fortinet FortiGate Government Cloud for Defense Contracts
FortiGate Government Cloud is available through GSA MAS (Schedule 70 IT Services) under Special Item Number 132-51 for information security services and 132-62 for IT security training. Also procurable via SEWP V Contract vehicles through NASA GSFC. Government pricing includes significant discounts from commercial rates, typically 15-25% reduction with volume licensing tiers. The authorization boundary encompasses the complete SaaS offering including management consoles, threat intelligence feeds, and API gateways - contracting officers must ensure the Statement of Work explicitly references the FedRAMP P-ATO boundary documentation (CSP-issued ATO letter and System Security Plan summary). Required contract language must include data location restrictions (US persons only), incident response procedures, and continuous monitoring obligations per FedRAMP requirements. Typical procurement timeline spans 45-90 days including technical evaluation, security assessment review, and ATO reciprocity approval from your agency's AO. For CMMC assessment boundary inclusion, document FortiGate Government Cloud as an external service provider (ESP) supporting CUI protection requirements - the service inherits security controls from the FedRAMP authorization, reducing your organization's control implementation burden. Ensure contract includes right to audit ESP security posture and continuous monitoring reports for CMMC compliance evidence.
Compliance Cross-References
FortiGate Government Cloud directly satisfies DFARS 252.204-7012 safeguarding requirements through its FedRAMP Moderate authorization, providing adequate security controls for CUI processing and storage. The cloud service meets DFARS 252.239-7010 cloud computing security requirements via DoD SRG IL2 compliance and US-person data handling restrictions. NIST 800-171 control family alignment includes: Access Control (AC) through identity federation and role-based permissions, System and Communications Protection (SC) via FIPS 140-2 encryption and boundary protection, and Audit and Accountability (AU) through comprehensive logging and SIEM integration capabilities. For CMMC Level 2 compliance, the service addresses Asset Management (AM), Access Control (AC), System and Information Integrity (SI), and Risk Management (RM) domains through inherited cloud security controls. DoD Cloud Computing SRG IL2 requirements are satisfied including data-at-rest encryption, secure multi-tenancy, and government-only cloud infrastructure deployment within CONUS boundaries.
Defense Contractor Use Case
Defense contractors use Fortinet Government Cloud for network perimeter security, branch office connectivity, and segmenting networks that process CUI from commercial traffic.
Related Products
More Security Products
Related Compliance Assessments
Frequently Asked Questions
What is the FedRAMP authorization level for Fortinet FortiGate Government Cloud?
Fortinet FortiGate Government Cloud is authorized at the FedRAMP Moderate impact level, with authorization granted on 2018-12-05 sponsored by DHS. The FedRAMP Moderate baseline includes approximately 325 security controls covering confidentiality, integrity, and availability.
Can defense contractors use Fortinet FortiGate Government Cloud for CUI?
Fortinet FortiGate Government Cloud is authorized at the FedRAMP Moderate baseline. While FedRAMP Moderate covers a broad range of government data, defense contractors handling CUI should carefully evaluate whether Moderate controls meet their specific DFARS 252.204-7012 and NIST 800-171 requirements. Some CUI categories may require FedRAMP High authorization depending on the sensitivity of the data and contract requirements.
How does Fortinet FortiGate Government Cloud pricing compare to commercial?
Fortinet FortiGate Government Cloud government pricing is generally competitive with commercial pricing, though the government edition may carry a premium of 10-20% to cover FedRAMP compliance and dedicated infrastructure costs. Mid-market organizations can often access government pricing through GSA Schedule contracts or reseller partners. Contact Fortinet for a quote tailored to your organization size and requirements.
Browse All FedRAMP Authorized Tools
Search and filter 80+ FedRAMP authorized products for your defense contracting needs.
Open FedRAMP FinderTrack Fortinet FortiGate Government Cloud FedRAMP compliance updates with AI-powered intelligence
Signals matches SAM.gov opportunities to your profile, monitors regulatory changes, and alerts you before competitors. Free for 90 days.
Start Free — 90 Days