Skip to content
  • There are no suggestions because the search field is empty.

FedRAMP Moderate Equivalent Certification Program Summary (as of 12/19/2025)

FutureFeed continues to strengthen its security posture to meet the highest federal compliance expectations. A central objective of this effort is achieving FedRAMP Moderate Equivalent status—a critical milestone that reinforces how we protect sensitive and confidential information entrusted to our platform.

Below is an updated overview of our progress, what has been completed, and what subscribers can expect next.

Migration to AWS GovCloud

In 2021, FutureFeed migrated all application code and data to AWS GovCloud, an environment authorized for DoD Impact Levels 2, 4, and 5. AWS GovCloud complies with the Department of Defense (DoD) Security Requirements Guide (SRG) and supports the secure handling of Controlled Unclassified Information (CUI) and other sensitive data categories.

This migration materially improved our infrastructure security and aligned the platform with federal and defense-sector expectations.

Additional details on AWS GovCloud’s DoD compliance are available through AWS’s official DoD Compliance resources.

Alignment with the DoD Memorandum on FedRAMP Equivalency

FutureFeed’s compliance approach follows the DoD memorandum on FedRAMP Equivalency, which allows cloud service providers to demonstrate alignment with FedRAMP Moderate security controls without pursuing a full Joint Authorization Board (JAB) authorization.

While FutureFeed does not recommend storing CUI directly within the platform, achieving FedRAMP Moderate equivalency provides subscribers with confidence in securely storing System Security Plans (SSPs) and other confidential compliance documentation that describe how CUI is protected within their environments.

Partnering with Project Hosts

In early 2024, FutureFeed engaged Project Hosts, a trusted FedRAMP services provider, to lead the implementation of the FedRAMP Moderate Equivalent control set. Project Hosts brings long-standing experience supporting both Azure and AWS FedRAMP environments and is listed in the FedRAMP Marketplace.

Their work prepared FutureFeed for independent third-party assessment against FedRAMP Moderate requirements.

3PAO Assessment by Lunarline — In Progress and Successfully Executed

Lunarline, an accredited Third-Party Assessment Organization (3PAO), began its independent audit on November 10, 2025.

The assessment has been completed successfully, proceeded smoothly, and concluded without incident. No unexpected issues arose during the audit process, and expectations for final deliverables were clearly established.

Security Assessment Report (SAR) Timeline

Lunarline has set expectations for delivery of the Security Assessment Report (SAR) in February 2026.

The SAR is the formal document produced by the 3PAO that:

  • Documents the scope of the assessment
  • Details the security controls tested
  • Records testing results and observations

The SAR serves as the authoritative record supporting FedRAMP Moderate equivalency.

Interim Attestation Letter

While the SAR follows Lunarline’s standard delivery timeline, FutureFeed has requested an unofficial attestation letter confirming the successful completion of the audit.

This interim letter will be made available upon request to subscribers, partners, and stakeholders who require near-term confirmation of FutureFeed’s FedRAMP Moderate Equivalent posture.

What This Means for Subscribers

Completion of the Lunarline audit represents a significant milestone in FutureFeed’s security program. It reinforces that the platform is appropriate for managing high-value compliance artifacts, including SSPs and related documentation, within an environment aligned to federal security standards.

FutureFeed will continue to communicate transparently as formal assessment artifacts are finalized and delivered.

Updated: 12/19/2025 MEB

 

FutureFeed Footer – Newest