🦅

FedRAMP Moderate Baseline (NIST 800-53 Rev 5)

The FedRAMP Moderate baseline — the NIST 800-53 Rev 5 control set a cloud service must meet to be authorized for U.S. federal use (the most common FedRAMP impact level). EchelonGraph live-scores the technical control set against your actual cloud posture so ConMon is continuous, not annual.

1 critical10 high1 medium
AC-2high

Account Management

Manage information-system accounts through their lifecycle.

AC-6high

Least Privilege

Enforce least privilege across all accounts and roles.

AC-17critical

Remote Access

Authorize, monitor, and control all remote-access methods.

AU-2high

Event Logging

Log auditable events across all components for ConMon.

IA-2high

Multifactor Authentication

Require MFA for network and local access to privileged accounts.

SC-7high

Boundary Protection

Control communications at the authorization boundary.

SC-8high

Transmission Confidentiality & Integrity

Protect data in transit with FIPS-validated TLS.

SC-13high

Cryptographic Protection

Use FIPS-validated cryptography for protection.

SC-28high

Protection of Information at Rest

Protect federal information at rest.

SI-4medium

System Monitoring

Detect attacks and unauthorized activity for ConMon.

CM-6high

Configuration Settings

Establish and enforce a secure baseline configuration.

IA-5high

Authenticator Management

Manage credentials including rotation and strength.