We wish to make our mobile apps Fedramp compliant, need guidance on how to begin?

CodePudding user response：

Start with the CIA principles . you can refer the official baselines for FEDRAMP here

and some guidelines from here

Since you tagged with azure , Azure cloud is builtin with FEDRAMP and you can find lot of information from here

Lastly I would suggest you to connect with some good consultant also as this subject is not that simple to answer through this kind of channel.

CodePudding user response：

• Your mobile applications will be native iOS/android public client applications mostly running on Xamarin like platforms. Thus, they need to be FedRAMP High compliant to be hosted on Azure Government cloud. Thus, to be FedRAMP High compliant, you need to follow the guidelines mentioned below in official documentation and set the policies in your Azure tenant accordingly.

• These policies are divided into several categories, viz., Access control, Audit and accountability, Configuration Management, Contingency planning, Identification and Authentication, Incident Response, Risk assessment, System and communications protection and System and Information integrity. These policies are further divided into Account Management, Automated System Account Management, Role-based Schemes, Account Monitoring / Atypical Usage, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Review of User Privileges, Remote Access, etc. as such.

Thus, please refer to the official documentation link below for detailed information on its configuration and compliance satisfaction: -

https://docs.microsoft.com/en-us/azure/governance/policy/samples/fedramp-high