What is FedRAMP Moderate Equivalence?
Defense contractors that handle Controlled Unclassified Information (CUI) are required to obtain CMMC certification. As part of that requirement, DFARS 252.204-7012 mandates that cloud service providers meet the FedRAMP Moderate security baseline.
FedRAMP Moderate Equivalence, established under the DoD CIO Memorandum, is the path for providers like 1factory to demonstrate this compliance through independent 3PAO audit rather than direct government sponsorship.
As of April 1, 2026, 1factory has achieved FedRAMP Moderate Equivalence for our GOV hosting environment. The certification followed a significant investment in security infrastructure and a successful audit by an independent, FedRAMP-accredited Third-Party Assessment Organization (3PAO).
Security Controls & Continuous Monitoring
The 3PAO assessment verified full implementation of all required controls, covering access control, incident response, configuration management, and data integrity. Documentation was reviewed and confirmed to meet the DoD CIO Memorandum's "Equivalency" formatting requirements. Beyond point-in-time certification, 1factory also operates a continuous monitoring (ConMon) program.
Compliance Documentation
The 3PAO Letter of Attestation (LoA), our System Security Plan (SSP), and the complete Body of Evidence (BoE) are available to support your organization's CMMC 2.0 Level 2 assessment:
- Current customers may request the full documentation package through their Account Manager.
- Prospective customers may request access under a mutual NDA. Contact us to begin that process.
Hosting Environments
1factory, Inc. operates three hosting environments - General Purpose, Validated, and Gov - designed to meet the specific compliance requirements of different customer segments.
The General Purpose and Validated Hosting environments maintain SOC 2 Type II certification and are additionally compliant with NIST SP 800-171, providing controls aligned with NIST recommended security standards.
The Gov Hosting environment is specifically built for defense manufacturers with CUI requirements and meets FedRAMP Moderate Equivalent standards.
| Environment | Industries | URL | Default Hosting | Compliance |
|---|---|---|---|---|
| GOV | Defense, Aerospace, Space. (Manufacturers with CUI data) | gov.1factory.com | AWS GovCloud | CMMC, FedRAMP Moderate Equivalent |
| Validated | Medical Device | val.1factory.com | AWS GovCloud | SOC 2 Type II, NIST-800-171, Software Validation |
| General Purpose | Industrial, Automotive, Semiconductor Equipment, Robotics etc. | 1factory.com | AWS GovCloud | SOC 2 Type II, NIST-800-171 |
Ready to evaluate 1factory for your quality operations? Schedule a demo to see the platform, or reach out to discuss your CMMC and hosting requirements directly.