FedRAMP Compliance
The Federal Risk and Authorization Management Program (FedRAMP) is a U.S. Federal government program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. FedRAMP leverages a standardized set of requirements, established in accordance with the Federal Information Security Management Act (FISMA), to improve consistency and confidence in the security of cloud solutions. The FedRAMP program helps U.S. Federal government agencies to accelerate their adoption of secure cloud solutions across their organization through the reuse of FedRAMP security packages.
LogicMonitor supports U.S. Federal government customers and is responsible for implementing and complying with the requirements established by the FedRAMP program. LogicMonitor maintains a FedRAMP Moderate certification, see LMforGov in the FedRAMP Marketplace.
Customer FedRAMP Obligations
To leverage LogicMonitor’s FedRAMP environment, you need the following:
- FedRAMP approval
LogicMonitor’s FedRAMP Moderate authorized environment is only available for approved customers. - Single Sign-On (SSO) Identity Provider
You must use your own SSO provider.
For more information about how LogicMonitor manages customer interactions, sales, support, and data in a way that adheres to the stringent security and privacy standards, download LogicMonitor for Gov Platform – CRM from the LogicMonitor Trust Center.
Simultaneous FedRAMP and Commercial Accounts
You may have FedRAMP and non-FedRAMP enabled accounts as required by your business needs. To add accounts, contact your LogicMonitor account manager.
Child Accounts inherit FedRAMP enablement by the parent account. You must have distinct parent level accounts to have both a LM FedRAMP and LM Commercial account.
Important: Accounts and the data within cannot be moved between the FedRAMP and Commercial environments. For example, a pre-existing Commercial account cannot be migrated into the FedRAMP environment.
Feature In Scope
Not all LogicMonitor services or features are compliant with FedRAMP. The following table lists those services not in scope of FedRAMP compliance:
| Product, Service, or Feature Category | Out of Scope/Non-Compliant Feature | Product Documentation |
| Resource Management | Remote Sessions | Remote Session |
| Alert Delivery | SMS and voice for alert delivery | Methods of Alert Delivery |
| SiteMonitor Regions | Regions outside the United States | Data Monitor for Websites |
| LM APM | Tracing | LM APM Overview |
| Synthetics | LM Synthetics Overview | |
| Edwin AI | Edwin AI | Introduction to Edwin AI |
| User Access | Local User Management not permitted | Single Sign-on Overview |
| LM Cloud Note: For more information about the specific cloud providers, see LM Cloud Feature Compliance by Cloud Provider | Cost Optimization | Cost Optimization – Billing Cost Optimization – Recommendations |
| Portal Support | Inline Support | Accessing Support Resources |
| LM Logs | Log Analysis | Log Analysis |
| Query Tracking | Logs Query Tracking |
LM Cloud Feature Compliance by Cloud Provider
The following table details FedRAMP compliance by cloud provider:
| Cloud Provider | Supported with LM Cloud | Supported with LM Collector | FIPS Enabled |
| Amazon Web Services Commercial (AWS) | No | Yes* | n/a |
| Amazon Web Services GovCloud (AWS GovCloud) | Yes | Yes* | Yes |
| Google Cloud Platform (GCP) | Yes | Yes* | No |
| Microsoft Azure Cloud Platform (Azure) | Yes | Yes* | No |
* No PaaS (Platform as a Service) resources (for example, S3, MSK, EKS, GKS, GCS, or Object Storage)
For more information, see Introduction to Cloud Monitoring and About the LogicMonitor Collector in the product documentation.
FedRAMP API Usage
When using LogicMonitor’s API, you must replace any occurrence of “logicmonitor.com” with “lmgov.us”.
REST API
When using LogicMonitor’s REST API, the base URL for FedRAMP is the following:https://ACCOUNTNAME.lmgov.us/santaba/rest
You must replace ACCOUNTNAME with your LMforGov account name.
The following example displays how the base URL must be changed:
# Account Info: LogicMonitor recommends to NEVER hardcode the credentials. Instead, retrieve the values from a secure storage.
# Note: The below is provided for illustration purposes only.
accessId = getpass.getpass("Enter your accessId: ")
accessKey = getpass.getpass("Enter your accessKey: ")
company = 'customername'
baseUrl = 'lmgov.us/santaba/rest'
# Request Info
httpVerb = 'POST'
resourcePath = '/setting/opsnotes'
queryParams = ''
data = '{"note":"deploy version 3.4.5","tags":[{"name":"reporting"}],"scopes":[{"type":"device","deviceId":530}]}'
# Construct URL
url = 'https://' + company + baseUrl + resourcePath + queryParams
...For more information, see Using LogicMonitor’s REST API in the product documentation.
SDK
When using LogicMonitor’s SDK you must override the default domain.
Set the _host property in the following configuration and skip setting configuration.company:
configuration._host = "https://COMPANYNAME.lmgov.us/santaba/rest"