Splunk Observability Cloud FedRAMP Support
The FedRAMP overview provides insights into the U.S. government program that standardizes security for cloud services.
Alpha features described in this document are provided by Splunk to you "as is" without any warranties, maintenance and support, or service-level commitments. Splunk makes this alpha feature available in its sole discretion and may discontinue it at any time. These documents are not yet publicly available and we ask that you keep such information confidential. Use of alpha features is subject to the Splunk Pre-Release Agreement for Hosted Services.
The Federal Risk and Authorization Management Program (FedRAMP) is a U.S. government initiative that provides a cost-effective, risk-based framework for federal agencies to adopt and use cloud services. Established in 2011, FedRAMP aims to accelerate the adoption of secure cloud solutions by ensuring that cloud services meet stringent security requirements.
- Consistent security standards: Tailored to the sensitivity of each agency's data and mission.
- Independent assessments: Third-party organizations rigorously evaluate Cloud Service Providers' security controls.
- Streamlined procurement: Standard contract language and best practices support efficient and secure acquisition.
- Centralized resources: Agencies can access and reuse authorization packages, reducing time and effort for new cloud deployments.
FedRAMP compliancy
The Splunk Observability Cloud is compliant with FedRAMP, ensuring it meets the rigorous security standards required for cloud services used by the U.S. government.
Alpha features described in this document are provided by Splunk to you "as is" without any warranties, maintenance and support, or service-level commitments. Splunk makes this alpha feature available in its sole discretion and may discontinue it at any time. These documents are not yet publicly available and we ask that you keep such information confidential. Use of alpha features is subject to the Splunk Pre-Release Agreement for Hosted Services.
Splunk Observability Cloud is a Software as a Service (SaaS) solution that includes features for infrastructure monitoring, application performance monitoring (APM), real user monitoring (RUM), and synthetic monitoring. Splunk Observability Cloud is in the process of achieving FedRAMP Authorization at the Moderate impact level.
See our FedRAMP marketplace package Splunk Observability Cloud for FedRAMP Moderate for details.
Supported environments
This section outlines the supported environments for FedRAMP compliance with the Splunk Observability Cloud.
Alpha features described in this document are provided by Splunk to you "as is" without any warranties, maintenance and support, or service-level commitments. Splunk makes this alpha feature available in its sole discretion and may discontinue it at any time. These documents are not yet publicly available and we ask that you keep such information confidential. Use of alpha features is subject to the Splunk Pre-Release Agreement for Hosted Services.
us-gov) environments:-
us-gov-east-1 -
us-gov-west-1
Any service used by Splunk Observability Cloud is also required to be FedRAMP authorized. Only US citizens on US territory can access the Splunk Observability Cloud environments to be compliant with FedRAMP.
Features supported for FedRAMP
This topic outlines the features supported by Splunk Observability Cloud for FedRAMP compliance, including Application Performance Monitoring, Infrastructure Monitoring, and more.
Alpha features described in this document are provided by Splunk to you "as is" without any warranties, maintenance and support, or service-level commitments. Splunk makes this alpha feature available in its sole discretion and may discontinue it at any time. These documents are not yet publicly available and we ask that you keep such information confidential. Use of alpha features is subject to the Splunk Pre-Release Agreement for Hosted Services.
Splunk Observability Cloud supports the following features for FedRAMP. For each feature, there may be services that are not supported for FedRAMP.
Splunk OpenTelemetry components for FedRAMP
This topic provides an overview of the Splunk OpenTelemetry components tailored for FedRAMP compliance, including the FIPS-enabled version of the OpenTelemetry Collector.
Alpha features described in this document are provided by Splunk to you "as is" without any warranties, maintenance and support, or service-level commitments. Splunk makes this alpha feature available in its sole discretion and may discontinue it at any time. These documents are not yet publicly available and we ask that you keep such information confidential. Use of alpha features is subject to the Splunk Pre-Release Agreement for Hosted Services.
The Splunk Distribution of the OpenTelemetry Collector enables you to ingest, process, and export metric, trace, log data, and metadata into Splunk Observability Cloud. See Get started with the Splunk Distribution of the OpenTelemetry Collector for more information.
Splunk offers both commercial and Federal Information Processing Standards (FIPS) compliant versions of the OpenTelemetry (OTel) Collector. FedRAMP customers are required to use the FIPS-enabled version to meet FedRAMP security requirements. For each release of the OTel Collector, a corresponding FIPS-specific build is also published. This approach ensures that FedRAMP customers can always deploy the appropriate FIPS-compliant software.
The Splunk Distribution of the OpenTelemetry Collector is the primary asset outside the SaaS environment that requires special consideration for FedRAMP compliance. Customers are responsible for deploying the FIPS version when operating in a FedRAMP environment.
-
Linux (AMD 64)
-
Linux (ARM 64)
-
Windows (AMD 64)
To install the FIPS-compliant OpenTelemetry Collector with Helm Chart, see the the Splunk OpenTelemetry Collector Chart repository. Use the splunk-otel-collector-fips repository when installing the Collector with Helm Chart.
Services out of scope
This reference details unsupported services within the FedRAMP program, categorized by feature for clarity.
Alpha features described in this document are provided by Splunk to you "as is" without any warranties, maintenance and support, or service-level commitments. Splunk makes this alpha feature available in its sole discretion and may discontinue it at any time. These documents are not yet publicly available and we ask that you keep such information confidential. Use of alpha features is subject to the Splunk Pre-Release Agreement for Hosted Services.
This page lists the services under the FedRAMP program that are not supported in our FedRAMP program. The services are organized into sections by feature.
SSO integrations for Splunk Observability Cloud
You cannot use Splunk Cloud Platform as the SSO provider, but you can utilize a third-party SSO provider. See the supported SSO integrations on Configure SSO integrations for Splunk Observability Cloud.
Infrastructure Monitoring
Metrics Usage Analytics is not supported in the FedRAMP program.
Log Observer Connect
FedRAMP customers cannot set up Unified Identity. Only non-FedRAMP customers can use the benefits of Unified Identity. See Unified Identity: Splunk Cloud Platform and Splunk Observability Cloud.
However, FedRAMP customers can set up Log Observer Connect to analyze logs from Splunk platform in Splunk Observability Cloud through the use of a Service Account connection. See Set up Log Observer Connect for Splunk Cloud Platform or Set up Log Observer Connect for Splunk Enterprise.
Data Collection
Smart Agent receivers are not supported in the FIPS-enabled version of the Splunk Distribution of OpenTelemetry Collector and, therefore, are not available for FedRAMP.
The following Splunk OpenTelemetry Collector instrumentation agents aren't FIPS-compliant and, therefore, aren't supported for FedRAMP:
- AWS Lambda (APM)
- Go
-
C++
-
iOS
-
PHP
-
React Native (Mobile RUM)
-
Ruby
Synthetics monitoring
Private runners are supported with limitations. Private runners will be hosted in an agency boundary.
Integrations out of scope
Integrations that are not supported in FedRAMP include those that are not certified or are still under review, as well as those that do not meet specific compliance requirements.
Alpha features described in this document are provided by Splunk to you "as is" without any warranties, maintenance and support, or service-level commitments. Splunk makes this alpha feature available in its sole discretion and may discontinue it at any time. These documents are not yet publicly available and we ask that you keep such information confidential. Use of alpha features is subject to the Splunk Pre-Release Agreement for Hosted Services.
| Notification integrations | Data collection integrations |
|---|---|
| Amazon EventBridge | ActiveMQ |
| AWS Infinite Logging | Apache CouchDB |
| BigPanda | Apache Web Server |
| HipChat | Cassandra |
| Jira | Chrony |
| PagerDuty | Consul |
| Splunk Cloud Platform SSO | Conviva |
| Splunk HTTP Event Collector (HEC) | Couchbase |
| Splunk Service Apps | ECS Task Metadata (ECS Collector Deployments) |
| Elasticsearch | |
| etcd | |
| External link targets | |
| Hadoop | |
| Kafka | |
| Memcached | |
| Mesos | |
| Ngninx | |
| OpenStack | |
| RabbitMQ | |
| SAP HANA | |
| Snowflake | |
| Solr | |
| Spark | |
| Splunk link targets | |
| Traefik | |
| Varnish | |
| vSphere VMs | |
| Windows IIS Servers |
Frequently Asked Questions
This document provides answers to common questions regarding FedRAMP compliance and support for Splunk Observability Cloud.
General FedRAMP Information
Alpha features described in this document are provided by Splunk to you "as is" without any warranties, maintenance and support, or service-level commitments. Splunk makes this alpha feature available in its sole discretion and may discontinue it at any time. These documents are not yet publicly available and we ask that you keep such information confidential. Use of alpha features is subject to the Splunk Pre-Release Agreement for Hosted Services.
- What is FedRAMP?
- The Federal Risk and Authorization Management Program (FedRAMP) is a U.S. government initiative established in 2011. It provides a cost-effective, risk-based framework for federal agencies to adopt and use cloud services securely, ensuring they meet stringent security requirements.
- What does FedRAMP provide?
- FedRAMP provides:
- Standardized security requirements for the authorization and ongoing cybersecurity of cloud services.
- A conformity assessment program for independent, third-party evaluations of security controls.
- Standardized contract language to integrate FedRAMP requirements into agency acquisitions.
- A centralized repository of authorization packages for government-wide leverage.
Splunk Observability Cloud and FedRAMP Compliance
- Is Splunk Observability Cloud FedRAMP authorized?
- Splunk Observability Cloud is in the process of achieving FedRAMP Authorization at the Moderate impact level.
- Which cloud environments are supported for FedRAMP compliance with Splunk Observability Cloud?
- Splunk Observability Cloud for FedRAMP will only be hosted in Amazon Web Services (AWS) GovCloud.
- Can I use other AWS regions outside of GovCloud?
- Splunk Observability Cloud will not host from anywhere except the AWS GovCloud. If you use a region outside of AWS GovCloud, you will be using our commercial offering, which is not acceptable for Federal Agency use.
- Are Google Cloud Platform (GCP) or Azure supported for FedRAMP?
- No, FedRAMP support is not offered for Google Cloud Platform or Azure at this time.
- Who can access FedRAMP-compliant Splunk Cloud Observability environments?
- Only US citizens on US territory can access the Splunk Cloud Observability environments to be compliant with FedRAMP.
Supported Features and Components
- What features does Splunk Observability Cloud support for FedRAMP?
- Splunk Observability Cloud supports the following features for FedRAMP:
- Application Performance Monitoring (APM)
- Infrastructure Monitoring
- Log Observer Connect
- Splunk OpenTelemetry Collector
- Real User Monitoring (RUM)
- Synthetics Monitoring (private runners only)
- What is the Splunk OpenTelemetry Collector and its FedRAMP requirements?
- The Splunk Distribution of the OpenTelemetry Collector enables ingestion, processing, and export of metric, trace, log data, and metadata into Splunk Observability Cloud. FedRAMP customers must use the FIPS-enabled version of the OTel Collector to comply with FedRAMP requirements. Customers are responsible for using the FIPS version when operating in the FedRAMP environment.
- Which languages do not have FIPS-compliant versions of the Splunk Distribution of the OpenTelemetry Collector?
- The following languages do not have FIPS-compliant versions:
- AWS Lambda (APM)
- Go
- C++
- iOS
- PHP
- React Native (Mobile RUM)
- Ruby
Out-of-Scope Services and Integrations
- Are there any services or features that are out of scope for the FedRAMP support?
- Yes, certain services and features are out of scope:
- APM: You cannot use Splunk Cloud Platform as the SSO provider, but you can utilize a third-party SSO provider.
- Infrastructure Monitoring: FedRAMP customers cannot set up Unified Identity. However, they can set up Log Observer Connect to analyze logs from Splunk platform in Splunk Observability Cloud using a Service Account connection.
- Synthetics Monitoring: Private runners are supported with limitations, as they will be hosted in the agency boundary.
- Which integrations are out of scope for FedRAMP support?
- Several integrations are out of scope, including:
- AMAZON_EVENT_BRIDGE (does not support accepting events from partner datasources, though FedRAMP certified)
- JIRA (not certified, in roadmap)
- PAGER_DUTY (under review, not certified)
- BIG_PANDA (not FedRAMP certified)
- SPLUNK_CLOUD_PLATFORM_SSO
See Integrations out of scope for the complete list.