Skip to content

FedRAMP Mode

Control OSINT source gating and per-source acknowledgments for federally-regulated deployments.

FedRAMP Mode

When FedRAMP mode is enabled, third-party OSINT sources (AlienVault OTX, crt.sh, Shodan InternetDB) are collapsed behind a disclosure on the red-team launcher and require per-source acknowledgment before use. Federally-operated sources (NVD — National Vulnerability Database, operated by NIST; CISA AIS; and DISA STIGs) are unaffected — they are available regardless of FedRAMP mode.

Third-party source acknowledgments

When FedRAMP mode is enabled, these sources require acknowledgment before they can be used in red-team simulations. The actual acknowledgment flow happens on the launcher (clicking a locked checkbox). This page lists which sources have current acknowledgments and lets you revoke them.

AlienVault OTX— operated by LevelBlue

Open threat intelligence platform. Commercial service operated by AT&T Cybersecurity; not FedRAMP authorized.

crt.sh— operated by Sectigo (crt.sh is operated by Sectigo Limited)

Certificate transparency log search. Commercial service operated by Sectigo Limited; not FedRAMP authorized.

Shodan InternetDB— operated by Shodan LLC

Internet-wide port and service exposure index. Commercial service operated by Shodan LLC; not FedRAMP authorized.