FutureFeed Shared Responsibility: Customer Responsibility Matrix

FutureFeed published a Customer Responsibility Matrix (CRM) that documents how security and compliance responsibilities are divided between FutureFeed and its customers.

The full matrix is available at: https://futurefeed.co/shared-responsibility/

What the CRM Covers

The matrix is organized into five responsibility areas:

Platform and Infrastructure Security — FutureFeed owns hosting, encryption, logging, patch management, and business continuity for the platform.

Identity and Access Management — FutureFeed enforces MFA and role-based access controls. Customers are responsible for user provisioning, deprovisioning, and periodic access reviews.

Data Governance and CUI Boundary Integrity — Customers must maintain a policy prohibiting the upload of CUI to FutureFeed. FutureFeed is a governance platform, not an authorized CUI repository.

CMMC Scoping and Compliance Documentation — Customers must classify FutureFeed as a Contractor Risk Managed Asset (CRMA) in their System Security Plan (SSP). Treating FutureFeed as out-of-scope is a common scoping error.

Operational Governance and Training — Customers are responsible for acceptable use policies, user training, and reporting security incidents to FutureFeed.

Recommended Asset Classification

FutureFeed recommends customers classify the platform as a Contractor Risk Managed Asset (CRMA). FutureFeed is hosted in AWS GovCloud (US) and has achieved FedRAMP Moderate Equivalency, audited independently by Lunarline.

Note: A Customer Responsibility Matrix is not a regulatory requirement for CRMAs. FutureFeed provides this document as a customer convenience tool to reduce assessment friction.

For the Full Matrix

Download or review the complete Customer Responsibility Matrix, including all control mappings and required customer actions, at https://futurefeed.co/shared-responsibility/

Questions? Contact FutureFeed Support at support@futurefeed.co