FedRAMP Authorized — Moderate Impact
Red Hat OpenShift for Government by Red Hat. 6 compliance features verified.
Red Hat OpenShift for Government
by Red Hat
Impact Level
Moderate
Status
Authorized
Pricing
enterprise
Authorization Date: August 30, 2021 | Sponsoring Agency: DHS
Overview
Red Hat OpenShift for Government is an enterprise Kubernetes platform with FedRAMP authorization for building and managing containerized applications. It provides a consistent application platform across hybrid and multi-cloud environments. OpenShift includes built-in CI/CD, monitoring, and security scanning.
Key Features
Certifications & Authorizations
Deployment Options
NIST 800-171 Compliance Coverage
How to Procure Red Hat OpenShift for Government for Defense Contracts
Red Hat OpenShift for Government is available through GSA MAS (Multiple Award Schedule) contract GS-35F-382BA and SEWP V contract NNG15SC03B. Government pricing includes significant discounts compared to commercial rates, with additional cost savings through Red Hat's federal commitment pricing models. The authorization boundary encompasses the OpenShift container platform, integrated security scanning tools, and cluster management components—ensure your SSP clearly delineates inherited controls versus customer-implemented controls. Contracting officers must approve the specific deployment model (cloud service provider selection), data classification levels, and integration requirements with existing government networks. Typical procurement timeline spans 90-180 days including security assessment validation, ATO package review, and technical architecture approval. For CMMC assessments, include OpenShift infrastructure within your assessment boundary if processing CUI—document container isolation mechanisms, network segmentation controls, and encryption implementations. Red Hat provides comprehensive CMMC mapping documentation and compliance artifacts. Ensure your procurement includes Red Hat Advanced Cluster Security for Kubernetes to meet enhanced security requirements and consider Professional Services for initial deployment and security configuration validation.
Compliance Cross-References
Red Hat OpenShift for Government directly supports DFARS 252.204-7012 compliance through comprehensive audit logging (AU family controls), container-level access controls (AC-2, AC-3, AC-6), and encryption of CUI at rest and in transit (SC-8, SC-13). For DFARS 252.239-7010 cloud computing requirements, the platform's FedRAMP authorization satisfies government cloud security standards while enabling rapid deployment of containerized applications. NIST 800-171 control families are addressed through OpenShift's integrated security features: Access Control (AC) via RBAC and service accounts, System and Communications Protection (SC) through network policies and pod security standards, and Audit and Accountability (AU) via comprehensive logging and monitoring. CMMC Level 2 domains are supported including Access Control (AC), Audit and Accountability (AU), Configuration Management (CM), and System and Communications Protection (SC). The DoD Cloud Computing SRG Impact Level 2 requirements are met through the platform's container isolation, network segmentation, and security scanning capabilities, enabling secure multi-tenant application deployment in government environments.
Defense Contractor Use Case
Defense contractors use Red Hat OpenShift Government for modernizing legacy applications into microservices, running containerized workloads, and maintaining consistent DevSecOps pipelines across environments.
Related Products
More Platform as a Service Products
Frequently Asked Questions
What is the FedRAMP authorization level for Red Hat OpenShift for Government?
Red Hat OpenShift for Government is authorized at the FedRAMP Moderate impact level, with authorization granted on 2021-08-30 sponsored by DHS. The FedRAMP Moderate baseline includes approximately 325 security controls covering confidentiality, integrity, and availability.
Can defense contractors use Red Hat OpenShift for Government for CUI?
Red Hat OpenShift for Government is authorized at the FedRAMP Moderate baseline. While FedRAMP Moderate covers a broad range of government data, defense contractors handling CUI should carefully evaluate whether Moderate controls meet their specific DFARS 252.204-7012 and NIST 800-171 requirements. Some CUI categories may require FedRAMP High authorization depending on the sensitivity of the data and contract requirements.
How does Red Hat OpenShift for Government pricing compare to commercial?
Red Hat OpenShift for Government government pricing is typically negotiated on an enterprise basis and may differ from commercial list prices. Government and defense contractor pricing often includes compliance overhead that can make it 15-30% higher than commercial equivalents. However, volume discounts, GSA Schedule pricing, and multi-year commitments can help offset these costs. Contact Red Hat directly or check GSA Advantage for current government pricing.
Browse All FedRAMP Authorized Tools
Search and filter 80+ FedRAMP authorized products for your defense contracting needs.
Open FedRAMP FinderTrack Red Hat OpenShift for Government FedRAMP compliance updates with AI-powered intelligence
Signals matches SAM.gov opportunities to your profile, monitors regulatory changes, and alerts you before competitors. Free for 90 days.
Start Free — 90 Days