This page describes how government agencies can deploy Gemini for Government under FedRAMP 20x Class B (Low) criteria. The FedRAMP 20x Class B (Low) authorization covers publicly releasable information with minimal sensitivity. If your agency requires processing data at a FedRAMP Moderate or High level, see Deployment guidance for Gemini for Government.
To request access to detailed Gemini for Government FedRAMP 20x Low documentation, email fedramp@google.com and state your interest in obtaining the package materials.
FedRAMP 20x Low certified services
The following services are listed as certified within the Gemini for Government FedRAMP 20x Low boundary:
- Gemini Enterprise
- Generative AI on Gemini Enterprise Agent Platform (formerly Generative AI on Vertex AI)
- BigQuery
- Cloud Storage
- Looker (Google Cloud core)
- Conversational Agents
- Gemini Code Assist
- NotebookLM Enterprise
- Agent Search on Gemini Enterprise Agent Platform (formerly Agent Search)
This certification level is intended for unclassified information with minimal sensitivity.
FedRAMP 20x Low certified services and features
The following table lists the services and features that you can use within Gemini for Government for FedRAMP 20x Class B (Low).
| Models | Generally available Gemini models |
|---|---|
| Agents and galleries |
|
| Analytics and dependent features |
|
| Data connectors and stores |
|
| Grounding |
|
| Generative features | |
| User, session, and UI features |
|
| Other features |
Configure your environment
Complete the following tasks within the Google Cloud organization of your agency.
- Create a Google Cloud project to host your Gemini Enterprise data stores and applications.
- Configure your APIs and solutions in Gemini Enterprise. Your subscription settings automatically enable Gemini for Government. Gemini for Government includes the Gemini Enterprise Standard Edition and prevents unexpected costs by stopping requests after a quota is reached, rather than billing for overages. You can manage these settings within the subscriptions console.
Configure security features for Gemini for Government as described in the Gemini Enterprise security overview. To help ensure compliance with FedRAMP 20x, configure the following based on your agency's policies:
- Identity and Access Management (IAM)
- Gemini Enterprise data security, particularly VPC Service Controls and customer managed encryption keys (CMEK)
- Gemini Enterprise compliance, particularly access transparency and audit logging
Optionally, review and apply additional security best practices for Google Cloud:
Manage your compliance for FedRAMP 20x
To maintain your FedRAMP 20x Class B (Low) compliance posture for Gemini for Government, you can use Compliance Manager. Compliance Manager includes a FedRAMP Low 20x framework that you can deploy in your environment and use for auditing.
- In the console, select the United States regional toggle, and adjust the view to Global. Locate the relevant domain address and select Configure to proceed.
- Activate Security Command Center Premium to enable Compliance Manager.
- In Compliance Manager, deploy the FedRAMP 20x framework. For instructions, see Deploy a framework. Deploying the framework lets you monitor for compliance.
Audit the FedRAMP 20x framework to compile compliance evidence. For instructions, see Audit your environment with Compliance Manager. An audit can take several hours to run.
Note: The artifacts produced during an audit are provided to support your own audit preparation and process. They aren't guaranteed to satisfy all auditor or regulatory requirements. It is your responsibility to collaborate with your auditors to ensure compliance.
Review the detailed audit assessments against each resource and rule. Optionally, download the evidence to support your FedRAMP package submission.