ThousandEyes for Government: FedRAMP Moderate
This article supplements the commercial Cisco ThousandEyes documentation, including our API documentation found at Cisco DevNet. It highlights the sections of the product documentation that apply to the Cisco ThousandEyes for Government product, and provides additional guidance applicable only to Cisco ThousandEyes for Government customers.
Getting Support from ThousandEyes
Cisco ThousandEyes for Government customers should reach out to https://mycase.frmod.cisco/ for support. This support is only for Cisco ThousandEyes for Government customers and meets the US Persons requirements as defined under Title 22, Chapter 69, Sec. 6010 (22 USC 6010). Further information can be found in the Cisco ThousandEyes Support Policy.
ThousandEyes for Government Cookies
The table below describes the cookies collected by the Cisco ThousandEyes for Government instance and applies only to ThousandEyes for Government and users within that instance. For further information, please review Cisco’s Automatic Data Collection Tools (Cookies, etc.).
Cookies for All Users (Authenticated and Unauthenticated)
_csrf
14 days
app.thousandeyes.us
Strictly Necessary
This cookie is used for Cross-site Request Forgery (CSRF) protection.
JSESSIONID
Session
app.thousandeyes.us
Strictly Necessary
This cookie is used for identity and access management.
route
Session
app.thousandeyes.us
Strictly Necessary
This cookie is used for session affinity for load-balancing.
teUserid
14 days
app.thousandeyes.us
Strictly Necessary
This cookie is used for remember me functionality for the login page.
Agent Deployment
Cloud Agents
The following Cloud Agents are available in the ThousandEyes for Government product:
Customers may deploy tests for Cloud Agents under a ThousandEyes for Government subscription, but any such deployment would be outside of ThousandEyes’ FedRAMP-authorized boundary. ThousandEyes' obligations under the Authorization to Operate and the FedRAMP baseline requirements would not apply to the Cloud Agents or the data transmitted to or from the Cloud Agents. Customers are solely responsible for accessing and utilizing the Cloud Agent in accordance with their security policies and applicable FedRAMP and federal compliance requirements.
Asia Pacific (ap-northeast-1) (Tokyo)
Asia Pacific (ap-northeast-2) (Seoul)
Europe (eu-central-1) (Frankfurt)
Europe (eu-west-1) (Ireland)
Europe (eu-west-2) (London)
Europe (eu-west-3) (Paris)
Middle East (me-central-1) (UAE)
US East (us-east-1) (N. Virginia)
US East (us-east-2) (Ohio)
US West (us-west-1) (N. California)
US West (us-west-2) (Oregon)
For more information about Cloud Agents, see Cloud Agents.
Enterprise Agents
You can install Enterprise Agents in ThousandEyes for Government environments using the following deployment methods:
Cisco Application Hosting
Docker Agent
Linux Package
Review all prerequisites and configuration requirements listed below for your deployment type before beginning installation, then use the links provided for the supported devices and installation instructions.
Cisco Application Hosting
Prerequisites
FIPS-compatible OpenSSL installed on the device with FIPS-mode enabled on the system.
NTP enabled on the device.
Configuration
To configure a ThousandEyes Enterprise Agent for a Cisco ThousandEyes for Government environment, you must add the following environment variable when configuring the Enterprise Agent:
If FIPS or FEDRAMP mode is enabled but the host OS doesn't have a FIPS-compatible OpenSSL installed with FIPS-mode enabled on the system, the Agent will fail to start and log the error.
Refer to the links below for a list of supported devices and links to the relevant Cisco Application Hosting installation instructions:
For Cisco Catalyst Switches, see Catalyst Switches.
For Cisco Catalyst Routers, see Catalyst Routers.
For Cisco Nexus Switches, see Nexus Switches.
For Cisco Aggregation Services Routers and Cisco Integrated Services Routers, see Service Routers.
For Cisco Industrial Ethernet Switches, see Industrial Ethernet Switches.
For Cisco Industrial Routers, see Industrial Routers.
Docker Agent
Prerequisites
NTP enabled on the device.
Baseline OS configuration must meet NIST 800-53 or DoD STIG.
Configuration
To configure a ThousandEyes Enterprise Agent for Cisco ThousandEyes for Government, you must add the following environment variable when configuring the Enterprise Agent:
If FIPS or FEDRAMP mode is enabled but the host OS doesn't have a FIPS-compatible OpenSSL installed with FIPS-mode enabled on the system, the Agent will fail to start and log the error.
For installation instructions, see Docker Enterprise Agents.
Linux Package
Prerequisites
FIPS-compatible OpenSSL installed on the device with FIPS-mode enabled on the system.
NTP enabled on the device.
Baseline OS configuration must meet NIST 800-53 or DoD STIG.
Configuration
To configure a ThousandEyes Linux-Based Enterprise Agent for Cisco ThousandEyes for Government, you must add the -m advanced option to the installation script, and set the value to FEDRAMP:
If FIPS or FEDRAMP mode is enabled but the host OS doesn't have a FIPS-compatible OpenSSL installed with FIPS-mode enabled on the system, the Agent will fail to start and log the error.
For installation instructions, see Linux Package Installation.
For the list of advanced configuration options, see Linux Package Advanced Options.
Endpoint Agents
Transfer of Agents across Regions
FedRAMP compliant organizations cannot transfer agents across different regions using the connection string.
For more information, see Transfer Ownership Across Different Regions Using Connection Strings.
ThousandEyes and GenAI
Generative artificial intelligence-powered capabilities ("GenAI") are not available for ThousandEyes for Government.
Cloud and Enterprise Agent Settings
BrowserBot is not available in the ThousandEyes for Government instance.
For more information, see Enterprise Agent Settings.
Cloud and Enterprise Agent Tests
Browser tests, including page load and transaction tests, are not available in the ThousandEyes for Government instance.
Endpoint Agent Tests
Real user tests are not available in the ThousandEyes for Government instance.
Dashboards
Email support for scheduled snapshots is not available in the ThousandEyes for Government instance.
For more information, see Scheduling a Recurring Snapshot.
Embedded widgets and shared dashboard snapshots are not available in the ThousandEyes for Government instance.
Snapshots
Public snapshots are not available in the ThousandEyes for Government instance.
Path Visualization
Cloud network enrichments for the path visualization are not available in the ThousandEyes for Government instance.
Event Detection
Event Summarization using Large Language Models (LLMs) is not available in the ThousandEyes for Government instance. This impacts both event summaries and recurring event summaries.
For more information, see Event Detection.
Integrations
Microsoft Teams Integration
The Microsoft Teams Call Quality Dashboard integration is not available in the ThousandEyes for Government instance.
ThousandEyes for OpenTelemetry
ThousandEyes for OpenTelemetry is not available in the ThousandEyes for Government instance.
Alert Integrations
Webhooks (including custom webhooks) are not available in the ThousandEyes for Government instance for alert notifications.
Alerts
The following alert sources are not available in the ThousandEyes for Government instance:
Cloud Insights
Internet Insights
WAN Insights
In addition, the following Network & App Synthetics alert rule types are not available in the ThousandEyes for Government instance:
Web - Page Load
Web - Transaction
Web - Transaction (Classic)
For more information, see Creating and Editing Alert Rules and Default Alert Rules.
Insights Portfolio
The entire Insights portfolio is not available in the ThousandEyes for Government instance. That includes:
Cloud Insights
Traffic Insights
WAN Insights
Internet Insights
For more information, see Cloud Insights, Enterprise Traffic Insights, WAN Insights, and Internet Insights.
APIs
ThousandEyes for Government users must use the api-thousandeyes.us URI when calling APIs.
The following APIs are not available for ThousandEyes for Government:
APIs:
Cloud Insights
Internet Insights
ThousandEyes for OpenTelemetry
Emulation
Credentials
API Operations:
Within Tests API:
Page Load Tests.
API Tests.
Web Transaction Tests.
Within Endpoint Agents API: *Endpoint Agents Transfer.
Within Templates API:
API operations for the creation or retrieval of API tests, page load tests, or transaction tests are not available for ThousandEyes for Government.
Within Alerts API:
API operations for the creation or retrieval of API, page load, or web transaction alert rules are not available for ThousandEyes for Government.
Within BGP Monitors API:
Private monitor data is not available for ThousandEyes for Government.
Last updated