FedRAMP Authorized — Moderate Impact
JFrog Government Cloud by JFrog. 6 compliance features verified.
JFrog Government Cloud
by JFrog
Impact Level
Moderate
Status
Authorized
Pricing
mid market
Authorization Date: July 20, 2022 | Sponsoring Agency: GSA
Overview
JFrog Government Cloud provides FedRAMP Moderate authorized software supply chain management including artifact management, container registry, and security scanning. It serves as a universal artifact repository supporting all major package formats. The platform enables secure software distribution and DevSecOps automation.
Key Features
Certifications & Authorizations
Deployment Options
NIST 800-171 Compliance Coverage
How to Procure JFrog Government Cloud for Defense Contracts
JFrog Government Cloud is available through GSA Multiple Award Schedule (MAS) under SIN 518210C (IT Professional Services) and SIN 132-51 (IT Software). The product is also procurable via SEWP V contracts and CIO-SP3 OASIS. Government pricing includes significant discounts from commercial rates, typically 15-25% below standard enterprise pricing. The authorization boundary encompasses the complete JFrog Artifactory, Xray security scanning, and Distribution services within AWS GovCloud infrastructure. Contracting officers must approve the Software Supply Chain Management categorization and validate that artifact storage meets organizational data classification requirements. The SSP clearly defines the tenant isolation model and data residency within AWS GovCloud regions. Procurement timeline typically spans 60-90 days including technical evaluation, security review, and contract negotiation. For CMMC assessments, include JFrog Government Cloud within your assessment boundary as a cloud service provider, documenting the shared responsibility model for security controls. The FedRAMP authorization provides significant control inheritance, reducing assessment scope. Ensure your CMMC assessment includes artifact integrity verification processes and supply chain risk management controls implemented through JFrog's security scanning capabilities.
Compliance Cross-References
JFrog Government Cloud directly supports DFARS 252.204-7012 compliance through comprehensive artifact scanning and vulnerability management capabilities, addressing covered defense information protection requirements. For DFARS 252.239-7010 cloud services clause, the FedRAMP Moderate authorization satisfies government-approved cloud service requirements. The platform supports multiple NIST 800-171 control families: Access Control (AC) through role-based permissions and authentication integration, System and Communications Protection (SC) via encrypted artifact storage and transmission, and Audit and Accountability (AU) through comprehensive logging of all artifact operations. For CMMC Level 2, JFrog Government Cloud addresses Asset Management (AM), Access Control (AC), and System and Information Integrity (SI) domains through centralized artifact governance, fine-grained access controls, and continuous security scanning. The DoD Cloud Computing SRG IL2 requirements are met through the AWS GovCloud infrastructure and additional JFrog security controls for software supply chain protection. The service's artifact integrity verification and provenance tracking directly support supply chain risk management requirements across all compliance frameworks.
Defense Contractor Use Case
Defense contractors use JFrog Government for managing build artifacts, securing their software supply chain, and ensuring only approved components are used in government deliverables.
Related Products
More DevOps & Development Products
Frequently Asked Questions
What is the FedRAMP authorization level for JFrog Government Cloud?
JFrog Government Cloud is authorized at the FedRAMP Moderate impact level, with authorization granted on 2022-07-20 sponsored by GSA. The FedRAMP Moderate baseline includes approximately 325 security controls covering confidentiality, integrity, and availability.
Can defense contractors use JFrog Government Cloud for CUI?
JFrog Government Cloud is authorized at the FedRAMP Moderate baseline. While FedRAMP Moderate covers a broad range of government data, defense contractors handling CUI should carefully evaluate whether Moderate controls meet their specific DFARS 252.204-7012 and NIST 800-171 requirements. Some CUI categories may require FedRAMP High authorization depending on the sensitivity of the data and contract requirements.
How does JFrog Government Cloud pricing compare to commercial?
JFrog Government Cloud government pricing is generally competitive with commercial pricing, though the government edition may carry a premium of 10-20% to cover FedRAMP compliance and dedicated infrastructure costs. Mid-market organizations can often access government pricing through GSA Schedule contracts or reseller partners. Contact JFrog for a quote tailored to your organization size and requirements.
Browse All FedRAMP Authorized Tools
Search and filter 80+ FedRAMP authorized products for your defense contracting needs.
Open FedRAMP FinderTrack JFrog Government Cloud FedRAMP compliance updates with AI-powered intelligence
Signals matches SAM.gov opportunities to your profile, monitors regulatory changes, and alerts you before competitors. Free for 90 days.
Start Free — 90 Days