Oracle Cloud Infrastructure US Government Cloud with FedRAMP Authorization
This topic contains information specific to Oracle Cloud Infrastructure US Government Cloud with FedRAMP High Joint Authorization Board.
Oracle Cloud Infrastructure US Government Cloud has obtained the following authorizations:
- FedRAMP High
- DISA Impact Level 4
For information about the US Government Cloud, see For All US Government Cloud Customers.
The region names and identifiers for the US Government Cloud with FedRAMP High Joint Authorization Board are shown in the following table:
|Region Name||Region Identifier||Region Location||Region Key||Realm Key||Availability Domains|
|US Gov East (Ashburn)||us-langley-1||Ashburn, VA||LFI||OC2||1|
|US Gov West (Phoenix)||us-luke-1||Phoenix, AZ||LUF||OC2||1|
After your tenancy is created in one of these regions, you can subscribe to the other region. Tenancies in the FedRAMP-authorized regions cannot subscribe to the commercial regions, or to the US Federal Cloud regions. For information about subscribing to a region, see Managing Regions.
Console Sign-in URLs
To sign in to the FedRAMP-authorized US Government Cloud, enter one of the following URLs in a supported browser:
When you're logged in to the Console for one of the US Government Cloud regions, the browser times out after 15 minutes of inactivity, and you need to sign in again to use the Console.
US Government Cloud with FedRAMP Authorization API Reference and Endpoints
US Government Cloud with FedRAMP High Joint Authorization Board has these APIs and corresponding regional endpoints:
Use the Endpoint of Your Home Region for All IAM API Calls
When you sign up for Oracle Cloud Infrastructure, Oracle creates a tenancy for you in one region. This is your home region. Your home region is where your IAM resources are defined. When you subscribe to a new region, your IAM resources are replicated in the new region, however, the master definitions reside in your home region and can only be changed there. Make all IAM API calls against your home region endpoint. The changes automatically replicate to all regions. If you try to make an IAM API call against a region that is not your home region, you will receive an error. See How do I find my tenancy home region?
In addition to these endpoints, each vault has a unique endpoint for create, update, and list operations for keys. This endpoint is referred to as the control plane URL or management endpoint. Each vault also has a unique endpoint for cryptographic operations. This endpoint is known as the data plane URL or the cryptographic endpoint.
The source service must be available in US Government Cloud regions for messages to be successfully sent through the Notifications service. If the source service is not available in these regions, then the message is not sent. For a list of unavailable services, see Services Not Supported in US Government Cloud with FedRAMP Authorization.
Both Object Storage and Archive Storage are accessible with the following APIs:
See Understanding Object Storage Namespaces for information regarding how to find your Object Storage namespace.
Oracle YUM Repo Endpoints
The Oracle YUM repo regional endpoints for US Government Cloud with FedRAMP High Joint Authorization Board are shown in the following table
|Region||YUM Server Endpoint|
|US Gov East (Ashburn)||
|US Gov West (Phoenix)||
SMTP Authentication and Connection Endpoints
Email Delivery only supports the AUTH PLAIN command when using SMTP authentication. If the sending application is not flexible with the AUTH command, an SMTP proxy/relay can be used. For more information about the AUTH command, see AUTH Command and its Mechanisms.
|Region||SMTP Connection Endpoint|
|US Gov East (Ashburn)||smtp.email.us-langley-1.oci.oraclegovcloud.com|
|US Gov West (Phoenix)||smtp.email.us-luke-1.oci.oraclegovcloud.com|
SPF Record Syntax
An SPF record is a TXT record on your sending domain that authorizes Email Delivery IP addresses to send on your behalf. SPF
is required for subdomains of
oraclegovcloud.com and recommended in
other cases. The SPF record syntax for each sending region is shown in the following
|Realm Key||SPF Record|
Services Not Supported in US Government Cloud with FedRAMP Authorization
The following services are currently not available or not supported for tenancies in the US Government Cloud with FedRAMP High Joint Authorization Board.
Networking services and features not available:
- DNS Zone Management
- Traffic Management Steering Policies
Oracle Database services not available:
- Autonomous Data Warehouse
- Autonomous Transaction Processing
- Data Safe
Analytics & AI services not available:
- Analytics Cloud
- Fusion Analytics Warehouse
- Application Migration
Developer Services features not supported:
- Content and Experience
Identity & Security services not available:
- Compliance Documents
Observability & Management services not available:
- Health Checks
Governance & Administration features not supported:
- Auto-federation with Oracle Identity Cloud Service
- WAF service
Integration with Oracle SaaS and PaaS services, including those listed here: Getting Started with Oracle Platform Services
Additional Information for US Government Cloud with FedRAMP Authorization Customers
- Shared Responsibilities
- Setting Up an Identity Provider for Your Tenancy
- Using a Common Access Card/Personal Identity Verification Card to Sign in to the Console
- IPv6 Support for Virtual Cloud Networks
- Setting Up Secure Access for Compute Hosts
- Enabling FIPS Mode for Your Operating System
- Required VPN Connect Parameters for Government Cloud
- Oracle's BGP ASN
- Requesting a Service Limit Increase for Government Cloud Tenancies