Is FedRAMP High enough for DoD, or do I also need an Impact Level?
Generally both: FedRAMP High covers the commercial cloud-security baseline, but DoD layers its own Impact Levels (IL2/IL4/IL5/IL6) under the Cloud Computing SRG for the sensitivity of the workload — IL5/IL6 add NSS and classification requirements FedRAMP High…
Answer.
Generally both: FedRAMP High covers the commercial cloud-security baseline, but DoD layers its own Impact Levels (IL2/IL4/IL5/IL6) under the Cloud Computing SRG for the sensitivity of the workload — IL5/IL6 add NSS and classification requirements FedRAMP High alone does not address. So FedRAMP High is often a prerequisite, not a substitute, for the IL you need. Planisphere measures AI behaviour inside whichever boundary applies; it does not assign your Impact Level.
The mark behind the answer.
Federal cloud authorization · Low/Mod/High + 20x machine-readable KSIs.
More on FedRAMP.
Prepare evidence for FedRAMP review.
First evidence record within 21 days of access · re-runs in a single business day. Planisphere measures model behaviour and emits a reproducible, sha-pinned record — it does not certify, file, or give legal advice.