FedRAMP Authorized — Moderate Impact
Google App Engine (Government) by Google. 6 compliance features verified.
Google App Engine (Government)
by Google
Impact Level
Moderate
Status
Authorized
Pricing
varies
Authorization Date: April 18, 2022 | Sponsoring Agency: GSA
Overview
Google App Engine for Government provides a serverless application platform within the Google Cloud for Government boundary. It enables developers to build and deploy applications without managing servers, with automatic scaling and built-in security. The service supports Python, Java, Go, Node.js, and PHP.
Key Features
Certifications & Authorizations
Deployment Options
NIST 800-171 Compliance Coverage
How to Procure Google App Engine (Government) for Defense Contracts
Google App Engine for Government is available through GSA MAS (Multiple Award Schedule) under SIN 518210C and SEWP VI. Government pricing includes volume discounts and sustained use discounts that differ from commercial rates, with committed use contracts providing additional savings. The authorization boundary includes the serverless runtime environment, managed services, and underlying Google Cloud infrastructure within the government boundary. Contracting officers must approve the use of Google's government-specific terms of service, data processing addendum, and ensure the Statement of Work explicitly defines the government boundary deployment. The procurement timeline typically spans 60-90 days including security assessment documentation review, legal terms negotiation, and technical configuration validation. For CMMC assessments, App Engine serverless functions and associated data flows must be documented within your assessment boundary, particularly focusing on data processing locations, encryption in transit/at rest, and access control integration with your identity management system. Ensure your System Security Plan documents the shared responsibility model where Google manages infrastructure security while your organization maintains responsibility for application-level security configurations, identity management integration, and data classification handling within the serverless environment.
Compliance Cross-References
Google App Engine for Government supports DFARS 252.204-7012 compliance through its FedRAMP Moderate authorization and government boundary deployment, ensuring controlled unclassified information processing meets required safeguards. For DFARS 252.239-7010 cloud computing requirements, the service provides government-only tenancy, data sovereignty, and incident reporting aligned with DoD Cloud Computing SRG IL-2 requirements. NIST 800-171 control family mapping includes Access Control (AC) through Google Cloud Identity integration, System and Communications Protection (SC) via encryption at rest/transit and network segmentation, and Audit and Accountability (AU) through Cloud Logging and Cloud Monitoring services. CMMC Level 2 domain coverage spans Access Control (AC.L2), Audit and Accountability (AU.L2), Configuration Management (CM.L2), and System and Communications Protection (SC.L2) through the platform's inherent security controls and government boundary isolation. The serverless architecture satisfies DoD Cloud Computing SRG requirements for infrastructure abstraction while maintaining visibility into security controls and compliance monitoring necessary for defense contractor environments.
Defense Contractor Use Case
Defense contractors use Google App Engine Government for deploying serverless applications that process moderate-sensitivity federal data, especially those leveraging Google AI/ML services.
Related Products
More Platform as a Service Products
Related Compliance Assessments
Frequently Asked Questions
What is the FedRAMP authorization level for Google App Engine (Government)?
Google App Engine (Government) is authorized at the FedRAMP Moderate impact level, with authorization granted on 2022-04-18 sponsored by GSA. The FedRAMP Moderate baseline includes approximately 325 security controls covering confidentiality, integrity, and availability.
Can defense contractors use Google App Engine (Government) for CUI?
Google App Engine (Government) is authorized at the FedRAMP Moderate baseline. While FedRAMP Moderate covers a broad range of government data, defense contractors handling CUI should carefully evaluate whether Moderate controls meet their specific DFARS 252.204-7012 and NIST 800-171 requirements. Some CUI categories may require FedRAMP High authorization depending on the sensitivity of the data and contract requirements.
How does Google App Engine (Government) pricing compare to commercial?
Google App Engine (Government) offers flexible pricing tiers that vary based on usage, features, and organization size. Government pricing may differ from commercial rates due to FedRAMP compliance overhead and dedicated infrastructure requirements. Google offers various consumption models that can be cost-effective depending on your usage patterns. Request a government-specific quote from Google or check GSA Advantage for available pricing.
Browse All FedRAMP Authorized Tools
Search and filter 80+ FedRAMP authorized products for your defense contracting needs.
Open FedRAMP FinderTrack Google App Engine (Government) FedRAMP compliance updates with AI-powered intelligence
Signals matches SAM.gov opportunities to your profile, monitors regulatory changes, and alerts you before competitors. Free for 90 days.
Start Free — 90 Days