feat: Add FedRAMP legal section and corresponding view

2026-04-06 00:32:12 +02:00 · 2026-03-03 12:12:31 +00:00
parent ac388aded1
commit a6f2e83c72
3 changed files with 67 additions and 0 deletions
--- a/Home/Routes.ts
+++ b/Home/Routes.ts
@@ -1777,6 +1777,21 @@ const HomeFeatureSet: FeatureSet = {
      });
    });

+    app.get(
+      "/legal/fedramp",
+      (_req: ExpressRequest, res: ExpressResponse) => {
+        res.render(`${ViewsPath}/legal.ejs`, {
+          footerCards: true,
+          support: false,
+          enableGoogleTagManager: IsBillingEnabled,
+          cta: true,
+          blackLogo: false,
+          section: "fedramp",
+          requestDemoCta: false,
+        });
+      },
+    );
+
    app.get("/legal/sla", (_req: ExpressRequest, res: ExpressResponse) => {
      res.render(`${ViewsPath}/legal.ejs`, {
        footerCards: true,
--- a/Home/Views/fedramp.ejs
+++ b/Home/Views/fedramp.ejs
@@ -0,0 +1,42 @@
+<header>
+
+    <h1>FedRAMP</h1>
+
+    <p>Federal Risk and Authorization Management Program</p>
+</header>
+
+<section>
+
+    <h3>Introduction</h3>
+
+    <p>The Federal Risk and Authorization Management Program (FedRAMP) is a U.S. government-wide program that provides a
+        standardized approach to security assessment, authorization, and continuous monitoring for cloud products and
+        services used by federal agencies.</p>
+
+    <h3>FedRAMP and Self-Hosted Deployments</h3>
+
+    <p>FedRAMP certification applies specifically to cloud service providers (CSPs) that offer hosted services to U.S.
+        federal government agencies. It certifies that a cloud-hosted offering meets specific security standards defined
+        by NIST.</p>
+
+    <p><strong>FedRAMP is not required for self-hosted OneUptime customers.</strong> When you deploy OneUptime in your
+        own infrastructure — whether on-premises or in your own cloud environment — the responsibility for security
+        authorization falls under your organization's own Authority to Operate (ATO) process, not FedRAMP.</p>
+
+    <h3>Why FedRAMP Does Not Apply to Self-Hosted Deployments</h3>
+
+    <ul>
+        <li><strong>FedRAMP certifies cloud service providers</strong>, not software that is self-hosted within your own
+            authorized environment.</li>
+        <li><strong>Your infrastructure, your authorization</strong> — if a federal agency self-hosts OneUptime within
+            their own FedRAMP-authorized cloud or on-premises environment, the agency's existing infrastructure
+            authorization covers the deployment.</li>
+        <li><strong>Self-hosted software is evaluated as part of your ATO</strong>, not as a separate cloud service
+            requiring its own FedRAMP authorization.</li>
+    </ul>
+
+    <h3>Questions</h3>
+
+    <p>If you have questions about deploying OneUptime in a government or regulated environment, please
+        contact: <a href="mailto:security@oneuptime.com">security@oneuptime.com</a></p>
+</section>
--- a/Home/Views/legal.ejs
+++ b/Home/Views/legal.ejs
@@ -319,6 +319,7 @@
                <option value="/legal/soc-2" <%= section === 'soc-2' ? 'selected' : '' %>>SOC 2</option>
                <option value="/legal/soc-3" <%= section === 'soc-3' ? 'selected' : '' %>>SOC 3</option>
                <option value="/legal/pci" <%= section === 'pci' ? 'selected' : '' %>>PCI DSS</option>
+                <option value="/legal/fedramp" <%= section === 'fedramp' ? 'selected' : '' %>>FedRAMP</option>
                <option value="/legal/vpat" <%= section === 'vpat' ? 'selected' : '' %>>VPAT (Accessibility)</option>
              </optgroup>
              <optgroup label="Other">
@@ -443,6 +444,11 @@
                    PCI DSS
                  </a>
                </li>
+                <li>
+                  <a href="/legal/fedramp" class="toc-link flex items-center rounded-lg px-3 py-2 text-sm font-medium transition-colors <%= section === 'fedramp' ? 'nav-item-active bg-gray-100 text-gray-900' : 'text-gray-600 hover:bg-gray-100 hover:text-gray-900' %>">
+                    FedRAMP
+                  </a>
+                </li>
                <li>
                  <a href="/legal/vpat" class="toc-link flex items-center rounded-lg px-3 py-2 text-sm font-medium transition-colors <%= section === 'vpat' ? 'nav-item-active bg-gray-100 text-gray-900' : 'text-gray-600 hover:bg-gray-100 hover:text-gray-900' %>">
                    VPAT (Accessibility)
@@ -573,6 +579,10 @@
          <%- include('dpa') -%>
          <% } %>

+          <% if(section === "fedramp") { %>
+          <%- include('fedramp') -%>
+          <% } %>
+
          <% if(section === "vpat") { %>
          <%- include('vpat') -%>
          <% } %>