# ThousandEyes for Government: FedRAMP® Moderate

This article supplements the commercial Cisco ThousandEyes documentation, including our API documentation found at [Cisco DevNet](https://developer.cisco.com/docs/thousandeyes/v7/). It highlights the sections of the product documentation that apply to the Cisco ThousandEyes for Government product, and provides additional guidance applicable only to Cisco ThousandEyes for Government customers.

## Getting Support from ThousandEyes

Cisco ThousandEyes for Government customers should reach out to <https://mycase.frmod.cisco/> for support. This support is only for Cisco ThousandEyes for Government customers and meets the US Persons requirements as defined under Title 22, Chapter 69, Sec. 6010 (22 USC 6010). Further information can be found in the [Cisco ThousandEyes Support Policy](https://www.thousandeyes.com/pdf/ThousandEyes_Support_Policy.pdf).

## ThousandEyes for Government Cookies

The table below describes the cookies collected by the Cisco ThousandEyes for Government instance and applies only to ThousandEyes for Government and users within that instance. For further information, please review [Cisco’s Automatic Data Collection Tools (Cookies, etc.)](https://www.cisco.com/c/en/us/about/legal/automatic-data-collection-cookies.html).

**Cookies for All Users (Authenticated and Unauthenticated)**

| Cookie Name | Duration & Retention | Host                | Cookie Type        | Description                                                           |
| ----------- | -------------------- | ------------------- | ------------------ | --------------------------------------------------------------------- |
| \_csrf      | 14 days              | app.thousandeyes.us | Strictly Necessary | This cookie is used for Cross-site Request Forgery (CSRF) protection. |
| JSESSIONID  | Session              | app.thousandeyes.us | Strictly Necessary | This cookie is used for identity and access management.               |
| route       | Session              | app.thousandeyes.us | Strictly Necessary | This cookie is used for session affinity for load-balancing.          |
| teUserid    | 14 days              | app.thousandeyes.us | Strictly Necessary | This cookie is used for remember me functionality for the login page. |

## Agent Deployment

### Cloud Agents

The following Cloud Agents are available in the ThousandEyes for Government product:

{% hint style="warning" %}
Customers may deploy tests for Cloud Agents under a ThousandEyes for Government subscription, but any such deployment would be outside of ThousandEyes’ FedRAMP®-authorized boundary. ThousandEyes' obligations under the Authorization to Operate and the FedRAMP baseline requirements would not apply to the Cloud Agents or the data transmitted to or from the Cloud Agents. Customers are solely responsible for accessing and utilizing the Cloud Agent in accordance with their security policies and applicable FedRAMP and federal compliance requirements.
{% endhint %}

* Asia Pacific (ap-northeast-1) (Tokyo)
* Asia Pacific (ap-northeast-2) (Seoul)
* Europe (eu-central-1) (Frankfurt)
* Europe (eu-west-1) (Ireland)
* Europe (eu-west-2) (London)
* Europe (eu-west-3) (Paris)
* Middle East (me-central-1) (UAE)
* US East (us-east-1) (N. Virginia)
* US East (us-east-2) (Ohio)
* US West (us-west-1) (N. California)
* US West (us-west-2) (Oregon)

For more information about Cloud Agents, see [Cloud Agents](https://docs.thousandeyes.com/product-documentation/global-vantage-points/cloud-agents).

### Enterprise Agents

You can install Enterprise Agents in ThousandEyes for Government environments using the following deployment methods:

* Cisco Application Hosting
* Docker Agent
* Linux Package

Review all prerequisites and configuration requirements listed below for your deployment type before beginning installation, then use the links provided for the supported devices and installation instructions.

#### Cisco Application Hosting

**Prerequisites**

* FIPS-compatible OpenSSL installed on the device with FIPS-mode enabled on the system.
* NTP enabled on the device.

**Configuration**

To configure a ThousandEyes Enterprise Agent for a Cisco ThousandEyes for Government environment, you must add the following environment variable when configuring the Enterprise Agent:

```
TEAGENT_SECURITY_MODE=FEDRAMP
```

{% hint style="warning" %}
If FIPS or FEDRAMP mode is enabled but the host OS doesn't have a FIPS-compatible OpenSSL installed with FIPS-mode enabled on the system, the Agent will fail to start and log the error.
{% endhint %}

Refer to the links below for a list of supported devices and links to the relevant Cisco Application Hosting installation instructions:

* For Cisco Catalyst Switches, see [Catalyst Switches](https://docs.thousandeyes.com/product-documentation/global-vantage-points/enterprise-agents/installing/cisco-devices/catalyst-switches).
* For Cisco Catalyst Routers, see [Catalyst Routers](https://docs.thousandeyes.com/product-documentation/global-vantage-points/enterprise-agents/installing/cisco-devices/catalyst-routers).
* For Cisco Nexus Switches, see [Nexus Switches](https://docs.thousandeyes.com/product-documentation/global-vantage-points/enterprise-agents/installing/cisco-devices/nexus-switches).
* For Cisco Aggregation Services Routers and Cisco Integrated Services Routers, see [Service Routers](https://docs.thousandeyes.com/product-documentation/global-vantage-points/enterprise-agents/installing/cisco-devices/service-routers).
* For Cisco Industrial Ethernet Switches, see [Industrial Ethernet Switches](https://docs.thousandeyes.com/product-documentation/global-vantage-points/enterprise-agents/installing/cisco-devices/industrial-ethernet-switches).
* For Cisco Industrial Routers, see [Industrial Routers](https://docs.thousandeyes.com/product-documentation/global-vantage-points/enterprise-agents/installing/cisco-devices/industrial-routers).

#### Docker Agent

**Prerequisites**

* NTP enabled on the device.
* Baseline OS configuration must meet NIST 800-53 or DoD STIG.

**Configuration**

To configure a ThousandEyes Enterprise Agent for Cisco ThousandEyes for Government, you must add the following environment variable when configuring the Enterprise Agent:

```
TEAGENT_SECURITY_MODE=FEDRAMP
```

{% hint style="warning" %}
If FIPS or FEDRAMP mode is enabled but the host OS doesn't have a FIPS-compatible OpenSSL installed with FIPS-mode enabled on the system, the Agent will fail to start and log the error.
{% endhint %}

For installation instructions, see [Docker Enterprise Agents](https://docs.thousandeyes.com/product-documentation/global-vantage-points/enterprise-agents/installing/docker-agents/installing-enterprise-agents-with-docker).

#### Linux Package

**Prerequisites**

* FIPS-compatible OpenSSL installed on the device with FIPS-mode enabled on the system.
* NTP enabled on the device.
* Baseline OS configuration must meet NIST 800-53 or DoD STIG.

**Configuration**

To configure a ThousandEyes Linux-Based Enterprise Agent for Cisco ThousandEyes for Government, you must add the -m advanced option to the installation script, and set the value to `FEDRAMP`:

```
$ ./install_thousandeyes.sh -m --help

 -m <SECURITY_MODE>    Sets the security mode, format depends on SECURITY_MODE

  DEFAULT

    Standard Enterprise Agent; default value if -m is not set.

  FIPS

    Utilize FIPS OpenSSL capabilities when communicating with the ThousandEyes Platform.

  FEDRAMP

    Utilize FIPS OpenSSL capabilities when communicating with the FedRAMP ThousandEyes Platform.
```

{% hint style="warning" %}
If FIPS or FEDRAMP mode is enabled but the host OS doesn't have a FIPS-compatible OpenSSL installed with FIPS-mode enabled on the system, the Agent will fail to start and log the error.
{% endhint %}

For installation instructions, see [Linux Package Installation](https://docs.thousandeyes.com/product-documentation/global-vantage-points/enterprise-agents/installing/linux-packages/enterprise-agent-deployment-using-linux-package-method).

For the list of advanced configuration options, see [Linux Package Advanced Options](https://docs.thousandeyes.com/product-documentation/global-vantage-points/enterprise-agents/installing/linux-packages/enterprise-agent-deployment-using-linux-package-method#advanced-options).

### Endpoint Agents

#### Transfer of Agents across Regions

{% hint style="warning" %}
FedRAMP compliant organizations cannot transfer agents across different regions using the connection string.
{% endhint %}

For more information, see [Transfer Ownership Across Different Regions Using Connection Strings](https://docs.thousandeyes.com/product-documentation/global-vantage-points/endpoint-agents/managing/manage-endpoint-agent-settings#transfer-ownership-across-different-regions-using-connection-string).

## ThousandEyes and GenAI

{% hint style="warning" %}
Generative artificial intelligence-powered capabilities ("GenAI") are not available for ThousandEyes for Government.
{% endhint %}

## Cloud and Enterprise Agent Settings

{% hint style="warning" %}
BrowserBot is not available in the ThousandEyes for Government instance.
{% endhint %}

For more information, see [Enterprise Agent Settings](https://docs.thousandeyes.com/product-documentation/global-vantage-points/working-with-agent-settings).

## Cloud and Enterprise Agent Tests

{% hint style="warning" %}
Browser tests, including page load and transaction tests, are not available in the ThousandEyes for Government instance.
{% endhint %}

## Endpoint Agent Tests

{% hint style="warning" %}
Real user tests are not available in the ThousandEyes for Government instance.
{% endhint %}

## Dashboards

{% hint style="warning" %}
Email support for scheduled snapshots is not available in the ThousandEyes for Government instance.
{% endhint %}

For more information, see [Scheduling a Recurring Snapshot](https://docs.thousandeyes.com/product-documentation/dashboards/dashboard-shares-snapshots#scheduling-a-recurring-snapshot).

{% hint style="warning" %}
Embedded widgets and shared dashboard snapshots are not available in the ThousandEyes for Government instance.
{% endhint %}

## Snapshots

{% hint style="warning" %}
Public snapshots are not available in the ThousandEyes for Government instance.
{% endhint %}

## Path Visualization

{% hint style="warning" %}
Cloud network enrichments for the path visualization are not available in the ThousandEyes for Government instance.
{% endhint %}

## Event Detection

{% hint style="warning" %}
Event Summarization using Large Language Models (LLMs) is not available in the ThousandEyes for Government instance. This impacts both event summaries and recurring event summaries.
{% endhint %}

For more information, see [Event Detection](https://docs.thousandeyes.com/product-documentation/event-detection).

## Integrations

### Microsoft Teams Integration

{% hint style="warning" %}
The Microsoft Teams Call Quality Dashboard integration is not available in the ThousandEyes for Government instance.
{% endhint %}

### ThousandEyes for OpenTelemetry

{% hint style="warning" %}
ThousandEyes for OpenTelemetry is not available in the ThousandEyes for Government instance.
{% endhint %}

### Alert Integrations

{% hint style="warning" %}
Webhooks (including custom webhooks) are not available in the ThousandEyes for Government instance for alert notifications.
{% endhint %}

## Alerts

{% hint style="warning" %}
The following alert sources are not available in the ThousandEyes for Government instance:

* Cloud Insights
* Internet Insights
* WAN Insights

In addition, the following Network & App Synthetics alert rule types are not available in the ThousandEyes for Government instance:

* Web - Page Load
* Web - Transaction
* Web - Transaction (Classic)
  {% endhint %}

For more information, see [Creating and Editing Alert Rules](https://docs.thousandeyes.com/product-documentation/alerts/creating-and-editing-alert-rules) and [Default Alert Rules](https://docs.thousandeyes.com/product-documentation/alerts/default-alert-rules).

## Insights Portfolio

{% hint style="warning" %}
The entire Insights portfolio is not available in the ThousandEyes for Government instance. That includes:

* Cloud Insights
* Traffic Insights
* WAN Insights
* Internet Insights
  {% endhint %}

For more information, see [Cloud Insights](https://docs.thousandeyes.com/product-documentation/cloud-insights), [Enterprise Traffic Insights](https://docs.thousandeyes.com/product-documentation/traffic-insights), [WAN Insights](https://docs.thousandeyes.com/product-documentation/wan-insights), and [Internet Insights](https://docs.thousandeyes.com/product-documentation/internet-insights).

## APIs

ThousandEyes for Government users should only use the `api.thousandeyes.us` URI when calling APIs. Users are solely responsible for accessing APIs in accordance with their security policies and applicable FedRAMP and federal compliance requirements.

The following APIs are not available for ThousandEyes for Government:

APIs:

* Cloud Insights
* Internet Insights
* ThousandEyes for OpenTelemetry
* Emulation
* Credentials

API Operations:

* Within Tests API:
  * Page Load Tests.
  * API Tests.
  * Web Transaction Tests.
* Within Endpoint Agents API: \*Endpoint Agents Transfer.
* Within Templates API:
  * API operations for the creation or retrieval of API tests, page load tests, or transaction tests are not available for ThousandEyes for Government.
* Within Alerts API:
  * API operations for the creation or retrieval of API, page load, or web transaction alert rules are not available for ThousandEyes for Government.
* Within BGP Monitors API:
  * Private monitor data is not available for ThousandEyes for Government.