From a6f2e83c7204e575c690b8fefa55bc974369adac Mon Sep 17 00:00:00 2001
From: Nawaz Dhandala <hello@nawazdhandala.com>
Date: Tue, 3 Mar 2026 12:12:31 +0000
Subject: [PATCH] feat: Add FedRAMP legal section and corresponding view

---
 Home/Routes.ts         | 15 +++++++++++++++
 Home/Views/fedramp.ejs | 42 ++++++++++++++++++++++++++++++++++++++++++
 Home/Views/legal.ejs   | 10 ++++++++++
 3 files changed, 67 insertions(+)
 create mode 100644 Home/Views/fedramp.ejs

diff --git a/Home/Routes.ts b/Home/Routes.ts
index 58975e38b5..ec7e7a8dda 100755
--- a/Home/Routes.ts
+++ b/Home/Routes.ts
@@ -1777,6 +1777,21 @@ const HomeFeatureSet: FeatureSet = {
       });
     });
 
+    app.get(
+      "/legal/fedramp",
+      (_req: ExpressRequest, res: ExpressResponse) => {
+        res.render(`${ViewsPath}/legal.ejs`, {
+          footerCards: true,
+          support: false,
+          enableGoogleTagManager: IsBillingEnabled,
+          cta: true,
+          blackLogo: false,
+          section: "fedramp",
+          requestDemoCta: false,
+        });
+      },
+    );
+
     app.get("/legal/sla", (_req: ExpressRequest, res: ExpressResponse) => {
       res.render(`${ViewsPath}/legal.ejs`, {
         footerCards: true,
diff --git a/Home/Views/fedramp.ejs b/Home/Views/fedramp.ejs
new file mode 100644
index 0000000000..655d08b6cb
--- /dev/null
+++ b/Home/Views/fedramp.ejs
@@ -0,0 +1,42 @@
+<header>
+
+    <h1>FedRAMP</h1>
+
+    <p>Federal Risk and Authorization Management Program</p>
+</header>
+
+<section>
+
+    <h3>Introduction</h3>
+
+    <p>The Federal Risk and Authorization Management Program (FedRAMP) is a U.S. government-wide program that provides a
+        standardized approach to security assessment, authorization, and continuous monitoring for cloud products and
+        services used by federal agencies.</p>
+
+    <h3>FedRAMP and Self-Hosted Deployments</h3>
+
+    <p>FedRAMP certification applies specifically to cloud service providers (CSPs) that offer hosted services to U.S.
+        federal government agencies. It certifies that a cloud-hosted offering meets specific security standards defined
+        by NIST.</p>
+
+    <p><strong>FedRAMP is not required for self-hosted OneUptime customers.</strong> When you deploy OneUptime in your
+        own infrastructure — whether on-premises or in your own cloud environment — the responsibility for security
+        authorization falls under your organization's own Authority to Operate (ATO) process, not FedRAMP.</p>
+
+    <h3>Why FedRAMP Does Not Apply to Self-Hosted Deployments</h3>
+
+    <ul>
+        <li><strong>FedRAMP certifies cloud service providers</strong>, not software that is self-hosted within your own
+            authorized environment.</li>
+        <li><strong>Your infrastructure, your authorization</strong> — if a federal agency self-hosts OneUptime within
+            their own FedRAMP-authorized cloud or on-premises environment, the agency's existing infrastructure
+            authorization covers the deployment.</li>
+        <li><strong>Self-hosted software is evaluated as part of your ATO</strong>, not as a separate cloud service
+            requiring its own FedRAMP authorization.</li>
+    </ul>
+
+    <h3>Questions</h3>
+
+    <p>If you have questions about deploying OneUptime in a government or regulated environment, please
+        contact: <a href="mailto:security@oneuptime.com">security@oneuptime.com</a></p>
+</section>
\ No newline at end of file
diff --git a/Home/Views/legal.ejs b/Home/Views/legal.ejs
index c23fc49689..518da64ca7 100755
--- a/Home/Views/legal.ejs
+++ b/Home/Views/legal.ejs
@@ -319,6 +319,7 @@
                 <option value="/legal/soc-2" <%= section === 'soc-2' ? 'selected' : '' %>>SOC 2</option>
                 <option value="/legal/soc-3" <%= section === 'soc-3' ? 'selected' : '' %>>SOC 3</option>
                 <option value="/legal/pci" <%= section === 'pci' ? 'selected' : '' %>>PCI DSS</option>
+                <option value="/legal/fedramp" <%= section === 'fedramp' ? 'selected' : '' %>>FedRAMP</option>
                 <option value="/legal/vpat" <%= section === 'vpat' ? 'selected' : '' %>>VPAT (Accessibility)</option>
               </optgroup>
               <optgroup label="Other">
@@ -443,6 +444,11 @@
                     PCI DSS
                   </a>
                 </li>
+                <li>
+                  <a href="/legal/fedramp" class="toc-link flex items-center rounded-lg px-3 py-2 text-sm font-medium transition-colors <%= section === 'fedramp' ? 'nav-item-active bg-gray-100 text-gray-900' : 'text-gray-600 hover:bg-gray-100 hover:text-gray-900' %>">
+                    FedRAMP
+                  </a>
+                </li>
                 <li>
                   <a href="/legal/vpat" class="toc-link flex items-center rounded-lg px-3 py-2 text-sm font-medium transition-colors <%= section === 'vpat' ? 'nav-item-active bg-gray-100 text-gray-900' : 'text-gray-600 hover:bg-gray-100 hover:text-gray-900' %>">
                     VPAT (Accessibility)
@@ -573,6 +579,10 @@
           <%- include('dpa') -%>
           <% } %>
 
+          <% if(section === "fedramp") { %>
+          <%- include('fedramp') -%>
+          <% } %>
+
           <% if(section === "vpat") { %>
           <%- include('vpat') -%>
           <% } %>