From 25c4e4773cdd10a11374a05567ff666c8644ef93 Mon Sep 17 00:00:00 2001 From: pete-gov Date: Tue, 23 Jun 2026 16:53:03 -0400 Subject: [PATCH 1/6] tuning --- fedramp-consolidated-rules.json | 81 +++++++++------------------------ 1 file changed, 21 insertions(+), 60 deletions(-) diff --git a/fedramp-consolidated-rules.json b/fedramp-consolidated-rules.json index ecbac12..4f62e13 100644 --- a/fedramp-consolidated-rules.json +++ b/fedramp-consolidated-rules.json @@ -2,8 +2,8 @@ "info": { "title": "FedRAMP Consolidated Rules for 2026 Public Preview", "description": "This datafile contains the Consolidated Rules for FedRAMP in structured machine-readable text. It includes definitions, requirements, recommendations, and key security indicators.", - "version": "2026.06.21.01-preview", - "last_updated": "2026-06-21", + "version": "2026.06.23.01-preview", + "last_updated": "2026-06-23", "default_artifacts": { "FRR": [ "Explanation of how the rule is followed, or an explanation of the reason and resulting risk to customers for not following the rule.", @@ -3622,49 +3622,23 @@ }, "FRC-CSO-PKG": { "name": "FedRAMP Certification Package", - "varies_by_class": { - "a": { - "statement": "Providers seeking a Class A Certification MUST supply a complete FedRAMP Certification Package to FedRAMP for initial certification; the FedRAMP Certification Package MUST include at least the following information:", - "following_information": [ - "A Certification Package Overview", - "An External Framework Mapping" - ], - "force": "MUST" - }, - "b": { - "statement": "Providers seeking a Class B Certification MUST supply a complete FedRAMP Certification Package to FedRAMP for initial certification; the FedRAMP Certification Package MUST include at least the following information:", - "following_information": [ - "A Certification Package Overview", - "A Security Decision Record", - "A real or example Ongoing Certification Report following CCM-OCR-AVL (Report Availability)" - ], - "force": "MUST" - }, - "c": { - "statement": "Providers seeking a Class C Certification MUST supply a complete FedRAMP Certification Package to FedRAMP for initial certification; the FedRAMP Certification Package MUST include at least the following information:", - "following_information": [ - "A Certification Package Overview", - "A Security Decision Record", - "A real or example Ongoing Certification Report following CCM-OCR-AVL (Report Availability)" - ], - "force": "MUST" - }, - "d": { - "statement": "Providers seeking a Class D Certification MUST supply a complete FedRAMP Certification Package to FedRAMP for initial certification; the FedRAMP Certification Package MUST include at least the following information:", - "following_information": [ - "A Certification Package Overview", - "A Security Decision Record", - "A real or example Ongoing Certification Report following CCM-OCR-AVL (Report Availability)" - ], - "force": "MUST" - } - }, + "statement": "Providers seeking a Class B Certification MUST supply a complete FedRAMP Certification Package to FedRAMP for initial certification; the FedRAMP Certification Package MUST include at least the following information:", + "following_information": [ + "A Certification Package Overview", + "A Security Decision Record", + "A real or example Ongoing Certification Report following CCM-OCR-AVL (Report Availability)" + ], "related": ["CCM-OCR-AVL"], + "force": "MUST", "affects": ["Providers"], "terms": [ "Certification Package", + "FedRAMP Certification Report", "Initial Certification", - "Provider" + "Ongoing Certification", + "Ongoing Certification Report (OCR)", + "Provider", + "Security Decision Record (SDR)" ], "updated": [ { @@ -5334,7 +5308,7 @@ }, "FRC-CSF-RDY": { "name": "FedRAMP Ready Conversion", - "statement": "Providers with FedRAMP Rev5 Ready status MUST convert to a FedRAMP Certification before the furthest date of the expiration of their most recently yearly assessment or November 17, 2026; the legacy FedRAMP Ready status will be entirely removed on December 31, 2027.", + "statement": "Providers with FedRAMP Rev5 Ready status MUST convert to a FedRAMP Certification by whichever of the follow dates is later: the expiration of their annual assessment or November 17, 2026 (the legacy FedRAMP Ready status will be entirely removed on December 31, 2027).", "notes": [ "The simplest conversion in most cases would be to a FedRAMP 20x Class A Certification.", "Cloud services that do not wish to convert or do not meet conversion criteria will be renamed Legacy FedRAMP Ready and otherwise retired from FedRAMP Ready." @@ -6760,19 +6734,19 @@ "force": "MUST" }, "b": { - "statement": "Providers with 20x Class B Certifications MUST include all Key Security Indicators in a FedRAMP independent assessment at least one per year.", + "statement": "Providers with 20x Class B Certifications MUST include all Key Security Indicators in a FedRAMP independent assessment at least once per year.", "force": "MUST", "timeframe_type": "years", "timeframe_num": 1 }, "c": { - "statement": "Providers with 20x Class C Certifications MUST include all Key Security Indicators in a FedRAMP independent assessment at least one per year.", + "statement": "Providers with 20x Class C Certifications MUST include all Key Security Indicators in a FedRAMP independent assessment at least once per year.", "force": "MUST", "timeframe_type": "years", "timeframe_num": 1 }, "d": { - "statement": "Providers with 20x Class D Certifications MUST include all Key Security Indicators in a FedRAMP independent assessment at least one per year.", + "statement": "Providers with 20x Class D Certifications MUST include all Key Security Indicators in a FedRAMP independent assessment at least once per year.", "force": "MUST", "timeframe_type": "years", "timeframe_num": 1 @@ -7848,7 +7822,7 @@ { "party": "FedRAMP", "method": "form", - "target": "https://help.fedramp.gov/forms/assessors/foci-declaration", + "target": "https://help.fedramp.gov/hc/en-us/requests/new?ticket_form_id=52006681154587", "name": "FedRAMP Foreign Ownership, Control, or Influence Declaration Form" } ], @@ -7871,7 +7845,7 @@ { "party": "FedRAMP", "method": "form", - "target": "https://help.fedramp.gov/forms/assessors/foci-declaration", + "target": "https://help.fedramp.gov/hc/en-us/requests/new?ticket_form_id=52006681154587", "name": "FedRAMP Foreign Ownership, Control, or Influence Declaration Form" } ], @@ -7889,7 +7863,7 @@ "following_information": [ "Complete Assessment Packages: Supplies complete and thoroughly prepared documents on the first submission.", "Deliverable Quality: Ensures documentation content is clear, complete, concise, and consistent.", - "Deliverable Format: Uses current FedRAMP templates, procedures, and required formats for assessor-authored deliverables unless FedRAMP publishes an alternate format for a specific path, pilot, or process, and does not alter or delete required template content.", + "Deliverable Format: Follows applicable FedRAMP rules.", "Timeliness and Responsiveness: Delivers documents on time according to the schedule agreed to by the federal government, provider, and assessor.", "Testing Accuracy and Completeness: Ensures accurate and complete testing of a cloud service offering in accordance with ISO 17020 and FedRAMP security rules.", "Assessment Integrity: Submits independent assessments of provider security implementations that are not influenced by provider demands.", @@ -9078,19 +9052,6 @@ "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] - }, - "SDR-CSF-ODP": { - "name": "Organization-Defined Parameters", - "statement": "Providers MUST define all required organization-defined parameters tied to all Rev5 Controls, following FedRAMP rules if applicable, UNLESS the parameter is assigned by FedRAMP.", - "force": "MUST", - "affects": ["Providers"], - "terms": ["Provider"], - "updated": [ - { - "date": "2026-06-23", - "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." - } - ] } } } From f53a0f31d7668529462e33ff4148e75644c49658 Mon Sep 17 00:00:00 2001 From: dan-fedramp Date: Tue, 23 Jun 2026 22:56:59 -0400 Subject: [PATCH 2/6] Changed fedramp-consolidated-rules.json: added schema reference fields to 15 FRR rules (CCM-OCR-AVL, CDS-CSO-SVC, CDS-CSO-UTC, FRC-CSO-PKG, IEC-CSO-IIR, IEC-CSO-OIR, IEC-CSO-FIR, IEC-CSO-EFI, MAS-CSO-TPR, SCG-CSO-RSC, SCN-CSO-EVA, SCN-CSO-INF, VER-RPT-PER, VER-RPT-VDT, VER-RPT-AVI) and updated schema references on CDS-CSO-PUB and VER-TFR-MRH --- fedramp-consolidated-rules.json | 110 ++++++++++++++++++++++++-------- 1 file changed, 85 insertions(+), 25 deletions(-) diff --git a/fedramp-consolidated-rules.json b/fedramp-consolidated-rules.json index 4f62e13..6b51048 100644 --- a/fedramp-consolidated-rules.json +++ b/fedramp-consolidated-rules.json @@ -84,11 +84,11 @@ }, "FRD-AGY": { "term": "Agency", - "definition": "Has the meaning given in 44 U.S. Code § 3502 (1), which is \"any executive department, military department, Government corporation, Government controlled corporation, or other establishment in the executive branch of the Government (including the Executive Office of the President), or any independent regulatory agency, but does not include—(A) the Government Accountability Office; (B) Federal Election Commission; (C) the governments of the District of Columbia and of the territories and possessions of the United States, and their various subdivisions; or (D) Government-owned contractor-operated facilities, including laboratories engaged in national defense research and production activities.\"", + "definition": "Has the meaning given in 44 U.S. Code \u00a7 3502 (1), which is \"any executive department, military department, Government corporation, Government controlled corporation, or other establishment in the executive branch of the Government (including the Executive Office of the President), or any independent regulatory agency, but does not include\u2014(A) the Government Accountability Office; (B) Federal Election Commission; (C) the governments of the District of Columbia and of the territories and possessions of the United States, and their various subdivisions; or (D) Government-owned contractor-operated facilities, including laboratories engaged in national defense research and production activities.\"", "tag": "Stakeholder", "alts": ["agency", "agencies"], "do_not_link": true, - "reference": "44 U.S. Code § 3502 (1)", + "reference": "44 U.S. Code \u00a7 3502 (1)", "reference_url": "https://www.govinfo.gov/app/details/USCODE-2023-title44/USCODE-2023-title44-chap35-subchapI-sec3502", "updated": [ { @@ -198,11 +198,11 @@ }, "FRD-CRP": { "term": "Certification Package", - "definition": "Has meaning from 44 USC § 3607 (b)(8) given to \"authorization package\", which is \"the essential information that can be used by an agency to determine whether to authorize the operation of an information system or the use of a designated set of common controls for all cloud computing products and services [certified] by FedRAMP.\"", + "definition": "Has meaning from 44 USC \u00a7 3607 (b)(8) given to \"authorization package\", which is \"the essential information that can be used by an agency to determine whether to authorize the operation of an information system or the use of a designated set of common controls for all cloud computing products and services [certified] by FedRAMP.\"", "note": "In FedRAMP documentation, certification package always refers to a FedRAMP Certification Package unless otherwise specified.", "tag": "Certification", "alts": ["certification package", "certification packages"], - "reference": "44 USC § 3607 (b)(8)", + "reference": "44 USC \u00a7 3607 (b)(8)", "reference_url": "https://fedramp.gov/docs/authority/law/#b-additional-definitions", "updated": [ { @@ -277,7 +277,7 @@ "FRD-DTM": { "term": "Deterministic Telemetry", "definition": "Verifiable data collected directly from an authoritative source that represents a factual and reproducible observation of the attributes of a system such as the system's state, configuration, or behavior.", - "note": "Probabilistic inferences, generative outputs, or predictive assessments such as those produced using generative transformer models (commonly referred to as “Generative AI”) do not constitute a factual record of the system state and must not be used to generate deterministic telemetry.", + "note": "Probabilistic inferences, generative outputs, or predictive assessments such as those produced using generative transformer models (commonly referred to as \u201cGenerative AI\u201d) do not constitute a factual record of the system state and must not be used to generate deterministic telemetry.", "alts": ["deterministic telemetry"], "updated": [ { @@ -349,7 +349,7 @@ "FedRAMP certification report", "certification report" ], - "reference": "FedRAMP Certification Act (44 USC § 3608)", + "reference": "FedRAMP Certification Act (44 USC \u00a7 3608)", "reference_url": "https://www.fedramp.gov/docs/authority/law/#sec-3608-federal-risk-and-authorization-management-program", "updated": [ { @@ -371,7 +371,7 @@ "FedRAMP Authorized", "authorized" ], - "reference": "FedRAMP Certification Act (44 USC § 3608)", + "reference": "FedRAMP Certification Act (44 USC \u00a7 3608)", "reference_url": "https://www.fedramp.gov/docs/authority/law/#sec-3608-federal-risk-and-authorization-management-program", "updated": [ { @@ -488,10 +488,10 @@ }, "FRD-INT": { "term": "Incident", - "definition": "Has the meaning given in 44 USC § 3552 (b)(2) which is \"an occurrence that (A) actually or imminently jeopardizes, without lawful authority, the integrity, confidentiality, or availability of information or an information system; or (B) constitutes a violation or imminent threat of violation of law, security policies, security procedures, or acceptable use policies.\"", + "definition": "Has the meaning given in 44 USC \u00a7 3552 (b)(2) which is \"an occurrence that (A) actually or imminently jeopardizes, without lawful authority, the integrity, confidentiality, or availability of information or an information system; or (B) constitutes a violation or imminent threat of violation of law, security policies, security procedures, or acceptable use policies.\"", "tag": "Incident", "alts": ["incident", "incidents"], - "reference": "44 USC § 3552 (b)(2)", + "reference": "44 USC \u00a7 3552 (b)(2)", "reference_url": "https://www.govinfo.gov/app/details/USCODE-2024-title44/USCODE-2024-title44-chap35-subchapII-sec3552", "updated": [ { @@ -502,11 +502,11 @@ }, "FRD-IRS": { "term": "Information Resource", - "definition": "Has the meaning from 44 USC § 3502 (6): \"information and related resources, such as personnel, equipment, funds, and information technology.\" This includes any aspect of the cloud service offering, both technical and managerial, including everything that makes up the business of the offering from non-machine-based information resources like organizational policies, procedures, employees, etc. to machine-based information resources like hardware, software, cloud services, code, etc.", + "definition": "Has the meaning from 44 USC \u00a7 3502 (6): \"information and related resources, such as personnel, equipment, funds, and information technology.\" This includes any aspect of the cloud service offering, both technical and managerial, including everything that makes up the business of the offering from non-machine-based information resources like organizational policies, procedures, employees, etc. to machine-based information resources like hardware, software, cloud services, code, etc.", "note": "Information resources are either machine-based or non-machine-based; any requirement or recommendation that references information resources without specifying a type is inclusive of all information resources.", "tag": "Information Resource", "alts": ["information resource", "information resources"], - "reference": "44 USC § 3502 (6)", + "reference": "44 USC \u00a7 3502 (6)", "reference_url": "https://www.govinfo.gov/app/details/USCODE-2023-title44/USCODE-2023-title44-chap35-subchapI-sec3502", "updated": [ { @@ -635,7 +635,7 @@ }, "FRD-MBI": { "term": "Machine-Based (Information Resources)", - "definition": "Any information technology information resource—including systems, processes, software, hardware, services, cloud-native capabilities, and any other such capability, component, or resource—that relies primarily on mechanical or electronic devices (i.e. computers) for operation.", + "definition": "Any information technology information resource\u2014including systems, processes, software, hardware, services, cloud-native capabilities, and any other such capability, component, or resource\u2014that relies primarily on mechanical or electronic devices (i.e. computers) for operation.", "note": "All other information resources that do not rely on computers are non-machine-based information resources.", "tag": "Information Resource", "alts": ["machine-based", "machine based"], @@ -659,9 +659,9 @@ }, "FRD-MRD": { "term": "Machine-Readable", - "definition": "Has the meaning from 44 U.S. Code § 3502 (18) which is \"the term \"machine-readable\", when used with respect to data, means data in a format that can be easily processed by a computer without human intervention while ensuring no semantic meaning is lost\"", + "definition": "Has the meaning from 44 U.S. Code \u00a7 3502 (18) which is \"the term \"machine-readable\", when used with respect to data, means data in a format that can be easily processed by a computer without human intervention while ensuring no semantic meaning is lost\"", "alts": ["machine-readable"], - "reference": "44 U.S. Code § 3502 (18)", + "reference": "44 U.S. Code \u00a7 3502 (18)", "reference_url": "https://www.govinfo.gov/app/details/USCODE-2023-title44/USCODE-2023-title44-chap35-subchapI-sec3502", "updated": [ { @@ -1050,10 +1050,10 @@ }, "FRD-VUL": { "term": "Vulnerability", - "definition": "Has the meaning given to \"security vulnerability\" in 6 USC § 650 (25), which is \"any attribute of hardware, software, process, or procedure that could enable or facilitate the defeat of [...] management, operational, and technical controls used to protect against an unauthorized effort to adversely affect the confidentiality, integrity, and availability of an information system or its information.\" This includes gaps in Rev5 Controls and 20x Key Security Indicators, software vulnerabilities, misconfigurations, exposures, weak credentials, insecure services, and all other such potential weaknesses in protection (intentional or unintentional).", + "definition": "Has the meaning given to \"security vulnerability\" in 6 USC \u00a7 650 (25), which is \"any attribute of hardware, software, process, or procedure that could enable or facilitate the defeat of [...] management, operational, and technical controls used to protect against an unauthorized effort to adversely affect the confidentiality, integrity, and availability of an information system or its information.\" This includes gaps in Rev5 Controls and 20x Key Security Indicators, software vulnerabilities, misconfigurations, exposures, weak credentials, insecure services, and all other such potential weaknesses in protection (intentional or unintentional).", "tag": "Vulnerability", "alts": ["vulnerability", "vulnerabilities"], - "reference": "6 USC § 650 (25)", + "reference": "6 USC \u00a7 650 (25)", "reference_url": "https://www.govinfo.gov/app/details/USCODE-2024-title6/USCODE-2024-title6-chap1-subchapXVIII-sec650", "updated": [ { @@ -1764,7 +1764,7 @@ "AGU-USE-ROR": { "name": "Review Ongoing Certification Reports", "statement": "Agencies SHOULD review each Ongoing Certification Report to understand how changes to the cloud service offering may impact the risk tolerance documented in the agency Authorization to Operate for the federal information system that includes the cloud service offering in its boundary.", - "note": "This agency review supports agency responsibilities under 44 USC § 35, OMB Circular A-130, FIPS-200, and OMB Memorandum M-24-15.", + "note": "This agency review supports agency responsibilities under 44 USC \u00a7 35, OMB Circular A-130, FIPS-200, and OMB Memorandum M-24-15.", "force": "SHOULD", "affects": ["Agencies"], "terms": [ @@ -1960,7 +1960,7 @@ "CCM-AGM-ROR": { "name": "Review Ongoing Reports", "statement": "Agencies MUST review each Ongoing Certification Report to understand how changes to the cloud service offering may impact the previously agreed-upon risk tolerance documented in the agency's Authorization to Operate of a federal information system that includes the cloud service offering in its boundary.", - "note": "This is required by 44 USC § 35, OMB A-130, FIPS-200, and M-24-15.", + "note": "This is required by 44 USC \u00a7 35, OMB A-130, FIPS-200, and M-24-15.", "force": "MUST", "affects": ["Agencies"], "terms": [ @@ -2002,7 +2002,7 @@ "CCM-AGM-NAR": { "name": "No Additional Requirements", "statement": "Agencies MUST NOT place additional security requirements on cloud service providers beyond those required by FedRAMP UNLESS the head of the agency or an authorized delegate makes a determination that there is a demonstrable need for such; this does not apply to seeking clarification or asking general questions about FedRAMP Certification Data.", - "note": "This is a statutory requirement in 44 USC § 3613 (e) related to the Presumption of Adequacy for a FedRAMP Certification.", + "note": "This is a statutory requirement in 44 USC \u00a7 3613 (e) related to the Presumption of Adequacy for a FedRAMP Certification.", "force": "MUST NOT", "affects": ["Agencies"], "notification": [ @@ -2069,6 +2069,10 @@ "How the report will be delivered" ] }, + "schema": { + "name": "FedRAMP Ongoing Certification Report (CCM-OCR-AVL)", + "url": "https://fedramp.gov/schemas/fedramp-ongoing-certification-report-schema-2026-06-24.json" + }, "terms": [ "Accepted Vulnerability", "Agency", @@ -2563,8 +2567,8 @@ ] }, "schema": { - "name": "FedRAMP Public Marketplace Information Schema", - "url": "https://fedramp.gov/schemas/fedramp-public-marketplace-information-schema-v2026.06.06.01.json" + "name": "FedRAMP Certification Overview Package (FRC-CSO-PKG)", + "url": "https://fedramp.gov/schemas/fedramp-certification-overview-package-schema-2026-06-24.json" }, "terms": [ "Cloud Service Offering", @@ -2594,6 +2598,10 @@ "URL to the machine-readable data (if applicable)." ] }, + "schema": { + "name": "FedRAMP Certification Overview Package (FRC-CSO-PKG)", + "url": "https://fedramp.gov/schemas/fedramp-certification-overview-package-schema-2026-06-24.json" + }, "terms": [ "Certification Data", "Cloud Service Offering", @@ -2695,6 +2703,10 @@ "note": "Rules for FedRAMP-Compatible Trust Centers are explained in the Certification Data Sharing Rules under the FedRAMP-Compatible Trust Centers section (id: CDS-TRC).", "force": "MUST", "affects": ["Providers"], + "schema": { + "name": "FedRAMP Certification Overview Package (FRC-CSO-PKG)", + "url": "https://fedramp.gov/schemas/fedramp-certification-overview-package-schema-2026-06-24.json" + }, "terms": [ "All Necessary Parties", "Certification Data", @@ -3631,6 +3643,10 @@ "related": ["CCM-OCR-AVL"], "force": "MUST", "affects": ["Providers"], + "schema": { + "name": "FedRAMP Certification Overview Package (FRC-CSO-PKG)", + "url": "https://fedramp.gov/schemas/fedramp-certification-overview-package-schema-2026-06-24.json" + }, "terms": [ "Certification Package", "FedRAMP Certification Report", @@ -5748,6 +5764,10 @@ }, "related": ["IEC-CSO-EFI"], "affects": ["Providers"], + "schema": { + "name": "FedRAMP Incident Report (IEC-CSO-IIR / IEC-CSO-OIR / IEC-CSO-FIR)", + "url": "https://fedramp.gov/schemas/fedramp-incident-report-schema-2026-06-24.json" + }, "notification": [ { "party": "FedRAMP", @@ -6000,6 +6020,10 @@ } }, "affects": ["Providers"], + "schema": { + "name": "FedRAMP Incident Report (IEC-CSO-IIR / IEC-CSO-OIR / IEC-CSO-FIR)", + "url": "https://fedramp.gov/schemas/fedramp-incident-report-schema-2026-06-24.json" + }, "notification": [ { "party": "FedRAMP", @@ -6224,6 +6248,10 @@ } }, "affects": ["Providers"], + "schema": { + "name": "FedRAMP Incident Report (IEC-CSO-IIR / IEC-CSO-OIR / IEC-CSO-FIR)", + "url": "https://fedramp.gov/schemas/fedramp-incident-report-schema-2026-06-24.json" + }, "notification": [ { "party": "FedRAMP", @@ -6277,6 +6305,10 @@ "An incident log showing an example of one or more incidents being evaluated including the reason for the determination. The log can be from real incidents, simulated incidents, or a combination of sources." ] }, + "schema": { + "name": "FedRAMP Incident Report (IEC-CSO-IIR / IEC-CSO-OIR / IEC-CSO-FIR)", + "url": "https://fedramp.gov/schemas/fedramp-incident-report-schema-2026-06-24.json" + }, "terms": [ "Agency", "Debilitating Customer Effect", @@ -7221,6 +7253,10 @@ "The code for the automated process used to generate the machine readable output." ] }, + "schema": { + "name": "FedRAMP Certification Overview Package (FRC-CSO-PKG)", + "url": "https://fedramp.gov/schemas/fedramp-certification-overview-package-schema-2026-06-24.json" + }, "terms": [ "Cloud Service Offering", "Federal Customer Data", @@ -7545,7 +7581,7 @@ "name": "Agency Use Cases", "statement": "Providers MUST demonstrate that a cloud service offering is intended for one of the following use cases:", "following_information": [ - "Direct Use: The product will be used directly by agency customers for integration into a federal information system that falls within the scope of 44 USC § 3506 and will receive an agency Authorization to Operate.", + "Direct Use: The product will be used directly by agency customers for integration into a federal information system that falls within the scope of 44 USC \u00a7 3506 and will receive an agency Authorization to Operate.", "Indirect Use: The product will be included as a third-party information resource in other cloud service offerings that are directly used by agency customers." ], "notes": [ @@ -8002,6 +8038,10 @@ "URL to the machine-readable data." ] }, + "schema": { + "name": "FedRAMP Certification Overview Package (FRC-CSO-PKG)", + "url": "https://fedramp.gov/schemas/fedramp-certification-overview-package-schema-2026-06-24.json" + }, "terms": [ "Cloud Service Offering", "Privileged Account", @@ -8313,6 +8353,10 @@ "Evidence of signifincat change evaluation including a description fo the change, the determined type, and an explanation for the decision. At least one example must be provided for each type of change. Real examples are prefered but the provider may use fictitious examples as long as the example provides evidence of the decision making process." ] }, + "schema": { + "name": "FedRAMP Significant Change Notification (SCN-CSO-INF)", + "url": "https://fedramp.gov/schemas/fedramp-significant-change-notification-schema-2026-06-24.json" + }, "terms": [ "Adaptive Change", "Certification Class", @@ -8376,6 +8420,10 @@ "A recent Significant Change Notification or sample Significant Change Notification" ] }, + "schema": { + "name": "FedRAMP Significant Change Notification (SCN-CSO-INF)", + "url": "https://fedramp.gov/schemas/fedramp-significant-change-notification-schema-2026-06-24.json" + }, "terms": [ "Assessor", "Provider", @@ -10060,7 +10108,7 @@ "VER-AGM-DRE": { "name": "Do Not Request Extra Info", "statement": "Agencies SHOULD NOT request additional information from cloud service providers that is not required by the FedRAMP Vulnerability Detection and Response rules UNLESS the head of the agency or an authorized delegate makes a determination that there is a demonstrable need for such.", - "note": "This is related to the Presumption of Adequacy directed by 44 USC § 3613 (e).", + "note": "This is related to the Presumption of Adequacy directed by 44 USC \u00a7 3613 (e).", "force": "SHOULD NOT", "affects": ["Agencies"], "notification": [ @@ -10259,6 +10307,10 @@ "statement": "Providers MUST report vulnerability detection and response activity (including persistent verification and validation) to all necessary parties persistently, summarizing ALL activity since the previous report; these reports are FedRAMP Certification Data and are subject to FedRAMP Certification Data Sharing rules.", "force": "MUST", "affects": ["Providers"], + "schema": { + "name": "FedRAMP Vulnerability Detail Report (VER-RPT-VDT)", + "url": "https://fedramp.gov/schemas/fedramp-vulnerability-detail-report-schema-2026-06-24.json" + }, "terms": [ "All Necessary Parties", "Certification Data", @@ -10300,6 +10352,10 @@ "A recent vulnerability report or a sample vulnerability report" ] }, + "schema": { + "name": "FedRAMP Vulnerability Detail Report (VER-RPT-VDT)", + "url": "https://fedramp.gov/schemas/fedramp-vulnerability-detail-report-schema-2026-06-24.json" + }, "terms": [ "Accepted Vulnerability", "Agency", @@ -10343,6 +10399,10 @@ "A recent vulnerability report or a sample vulnerability report" ] }, + "schema": { + "name": "FedRAMP Accepted Vulnerability Info (VER-RPT-AVI)", + "url": "https://fedramp.gov/schemas/fedramp-accepted-vulnerability-info-schema-2026-06-24.json" + }, "terms": [ "Accepted Vulnerability", "Agency", @@ -10512,8 +10572,8 @@ }, "affects": ["Providers"], "schema": { - "name": "FedRAMP Historical VDR Activity Schema", - "url": "https://fedramp.gov/schemas/fedramp-historical-VER-activity-schema-v2026.06.06.01.json" + "name": "FedRAMP Historical Vulnerability Evaluation and Reporting Activity (VER-TFR-MRH)", + "url": "https://fedramp.gov/schemas/fedramp-historical-ver-activity-schema-2026-06-24.json" }, "terms": [ "All Necessary Parties", From 200219a176bf769e0e977c089ee4d9a70997f7f6 Mon Sep 17 00:00:00 2001 From: pete-gov Date: Wed, 24 Jun 2026 10:15:45 -0400 Subject: [PATCH 3/6] placeholder --- fedramp-consolidated-rules.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fedramp-consolidated-rules.json b/fedramp-consolidated-rules.json index 6b51048..8aa0b19 100644 --- a/fedramp-consolidated-rules.json +++ b/fedramp-consolidated-rules.json @@ -7177,7 +7177,7 @@ "statement": "Providers MUST identify a set of information resources to assess for FedRAMP Certification that includes all information resources that are likely to handle federal customer data or likely to impact the confidentiality, integrity, or availability of federal customer data handled by the cloud service offering; this set of information resources is the cloud service offering.", "notes": [ "Certain categories of cloud computing products and services are specified as entirely outside the scope of FedRAMP by the Director of the Office of Management and Budget. All such products and services are therefore not included in the cloud service offering for FedRAMP. For more, see https://fedramp.gov/scope.", - "Software produced by cloud service providers that is delivered separately for installation on agency systems and not operated in a shared responsibility model (typically including agents, application clients, mobile applications, etc. that are not fully managed by the cloud service provider) is not a cloud computing product or service and is entirely outside the scope of FedRAMP under the FedRAMP Certification Act. All such software is therefore not included in the cloud service offering for FedRAMP. For more, see fedramp.gov/scope.", + "Software produced by cloud service providers that is delivered separately for installation on agency systems and not operated in a shared responsibility model (typically including agents, application clients, mobile applications, etc. that are not fully managed by the cloud service provider) is not a cloud computing product or service and is entirely outside the scope of FedRAMP under the FedRAMP Certification Act. All such software is therefore not included in the cloud service offering for FedRAMP. For more, see https://fedramp.gov/scope.", "All aspects of the cloud service offering are determined and maintained by the cloud service provider in accordance with related FedRAMP Certification rules and documented by the cloud service provider in their FedRAMP Certification Package." ], "force": "MUST", @@ -7404,7 +7404,7 @@ "name": "Scope of FedRAMP", "statement": "FedRAMP MUST NOT list cloud service offerings in the Marketplace or perform any FedRAMP Certification activities unless it determines the cloud service offering is within the scope of FedRAMP.", "reference": "Scope of FedRAMP", - "reference_url": "https://fedramp.gov/docs/authority/scope", + "reference_url": "https://fedramp.gov/scope", "force": "MUST NOT", "affects": ["FedRAMP"], "terms": ["Cloud Service Offering"], From d9c21f2df5d7bbde7ccc13361867c560fb08c4a1 Mon Sep 17 00:00:00 2001 From: pete-gov Date: Wed, 24 Jun 2026 10:17:27 -0400 Subject: [PATCH 4/6] updating date --- fedramp-consolidated-rules.json | 746 ++++++++++++++++---------------- 1 file changed, 373 insertions(+), 373 deletions(-) diff --git a/fedramp-consolidated-rules.json b/fedramp-consolidated-rules.json index 8aa0b19..0da3a50 100644 --- a/fedramp-consolidated-rules.json +++ b/fedramp-consolidated-rules.json @@ -1,9 +1,9 @@ { "info": { - "title": "FedRAMP Consolidated Rules for 2026 Public Preview", + "title": "FedRAMP Consolidated Rules for 2026", "description": "This datafile contains the Consolidated Rules for FedRAMP in structured machine-readable text. It includes definitions, requirements, recommendations, and key security indicators.", - "version": "2026.06.23.01-preview", - "last_updated": "2026-06-23", + "version": "2026.06.24.01", + "last_updated": "2026-06-24", "default_artifacts": { "FRR": [ "Explanation of how the rule is followed, or an explanation of the reason and resulting risk to customers for not following the rule.", @@ -51,7 +51,7 @@ "alts": ["accepted vulnerability", "accepted vulnerabilities"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -64,7 +64,7 @@ "alts": ["adaptive", "adaptive change", "adaptive changes"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -77,7 +77,7 @@ "do_not_link": true, "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -92,7 +92,7 @@ "reference_url": "https://www.govinfo.gov/app/details/USCODE-2023-title44/USCODE-2023-title44-chap35-subchapI-sec3502", "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -104,7 +104,7 @@ "alts": ["all affected parties"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -116,7 +116,7 @@ "alts": ["all necessary assessors"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -128,7 +128,7 @@ "alts": ["all necessary parties"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -140,7 +140,7 @@ "alts": ["artifact", "artifacts"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -154,7 +154,7 @@ "do_not_link": true, "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -166,7 +166,7 @@ "alts": ["Certification Class", "Certification Classes"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -178,7 +178,7 @@ "alts": ["certification class change", "certification class changes"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -191,7 +191,7 @@ "alts": ["certification data"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -206,7 +206,7 @@ "reference_url": "https://fedramp.gov/docs/authority/law/#b-additional-definitions", "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -218,7 +218,7 @@ "alts": ["Certification Path", "Certification Paths"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -230,7 +230,7 @@ "alts": ["Certification Profile", "Certification Profiles"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -242,7 +242,7 @@ "alts": ["Certification Type", "Certification Types"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -254,7 +254,7 @@ "alts": ["cloud service offering", "cloud service offerings"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -269,7 +269,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -281,7 +281,7 @@ "alts": ["deterministic telemetry"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -293,7 +293,7 @@ "alts": ["disruptive customer effect", "disruptive customer effects"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -304,7 +304,7 @@ "alts": ["drift", "drifts", "drifting"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -323,7 +323,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -335,7 +335,7 @@ "alts": ["federal customer data"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -353,7 +353,7 @@ "reference_url": "https://www.fedramp.gov/docs/authority/law/#sec-3608-federal-risk-and-authorization-management-program", "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -375,7 +375,7 @@ "reference_url": "https://www.fedramp.gov/docs/authority/law/#sec-3608-federal-risk-and-authorization-management-program", "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -389,7 +389,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -400,7 +400,7 @@ "alts": ["FedRAMP Practice", "FedRAMP Practices"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -411,7 +411,7 @@ "alts": ["FedRAMP Recognized", "FedRAMP Recognition"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -426,7 +426,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -437,7 +437,7 @@ "alts": ["security inbox", "security inboxes", "FSI"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -454,7 +454,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -470,7 +470,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -481,7 +481,7 @@ "alts": ["handle", "handles", "handled", "handling"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -495,7 +495,7 @@ "reference_url": "https://www.govinfo.gov/app/details/USCODE-2024-title44/USCODE-2024-title44-chap35-subchapII-sec3552", "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -510,7 +510,7 @@ "reference_url": "https://www.govinfo.gov/app/details/USCODE-2023-title44/USCODE-2023-title44-chap35-subchapI-sec3502", "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -522,7 +522,7 @@ "alts": ["initial certification", "initial certifications"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -534,7 +534,7 @@ "alts": ["initial FedRAMP assessment", "IFRA"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -551,7 +551,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -575,7 +575,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -594,7 +594,7 @@ "reference_url": "https://www.cisa.gov/news-events/directives/bod-26-04-prioritizing-security-updates-based-risk", "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -605,7 +605,7 @@ "alts": ["likely", "likelihood"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -628,7 +628,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -641,7 +641,7 @@ "alts": ["machine-based", "machine based"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -652,7 +652,7 @@ "alts": ["machine-generated"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -665,7 +665,7 @@ "reference_url": "https://www.govinfo.gov/app/details/USCODE-2023-title44/USCODE-2023-title44-chap35-subchapI-sec3502", "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -677,7 +677,7 @@ "alts": ["minimal customer effect", "minimal customer effects"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -689,7 +689,7 @@ "alts": ["narrow customer effect", "narrow customer effects"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -701,7 +701,7 @@ "alts": ["ongoing certification", "ongoing certifications"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -712,7 +712,7 @@ "alts": ["ongoing certification report", "OCR", "OCRs"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -729,7 +729,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -741,7 +741,7 @@ "alts": ["overdue vulnerability", "overdue vulnerabilities"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -757,7 +757,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -769,7 +769,7 @@ "alts": ["persistent FedRAMP assessment", "PFRA"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -781,7 +781,7 @@ "alts": ["persistently", "persistent"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -797,7 +797,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -810,7 +810,7 @@ "alts": ["privileged account", "privileged accounts"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -822,7 +822,7 @@ "alts": ["promptly", "prompt"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -841,7 +841,7 @@ "do_not_link": true, "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -853,7 +853,7 @@ "alts": ["quarterly review", "quarterly reviews"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -864,7 +864,7 @@ "alts": ["regularly", "regular"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -880,7 +880,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -892,7 +892,7 @@ "alts": ["responsibly"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -908,7 +908,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -926,7 +926,7 @@ "reference_url": "https://csrc.nist.gov/pubs/fips/199/final", "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -941,7 +941,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -955,7 +955,7 @@ "reference_url": "https://csrc.nist.gov/pubs/sp/800/37/r2/final", "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -970,7 +970,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -986,7 +986,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -1003,7 +1003,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -1015,7 +1015,7 @@ "alts": ["trust center", "trust centers"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -1029,7 +1029,7 @@ "reference_url": "https://www.iso.org/standard/27001", "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -1043,7 +1043,7 @@ "reference_url": "https://www.iso.org/standard/27001", "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -1057,7 +1057,7 @@ "reference_url": "https://www.govinfo.gov/app/details/USCODE-2024-title6/USCODE-2024-title6-chap1-subchapXVIII-sec650", "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -1076,7 +1076,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -1095,7 +1095,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -1159,7 +1159,7 @@ "terms": ["Provider"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -1178,7 +1178,7 @@ "terms": ["FedRAMP Security Inbox", "Incident", "Provider"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -1190,7 +1190,7 @@ "affects": ["FedRAMP"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -1217,7 +1217,7 @@ "terms": ["Likely"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -1229,7 +1229,7 @@ "affects": ["FedRAMP"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -1253,7 +1253,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -1265,7 +1265,7 @@ "affects": ["FedRAMP"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -1278,7 +1278,7 @@ "terms": ["Provider"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -1302,7 +1302,7 @@ "terms": ["FedRAMP Security Inbox", "Provider"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -1328,7 +1328,7 @@ "terms": ["FedRAMP Security Inbox", "Provider"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -1347,7 +1347,7 @@ "terms": ["FedRAMP Security Inbox", "Provider"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -1361,7 +1361,7 @@ "terms": ["Provider"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -1375,7 +1375,7 @@ "terms": ["Certification Class", "Provider"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -1395,7 +1395,7 @@ "terms": ["Provider"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -1409,7 +1409,7 @@ "terms": ["Certification Class", "Provider"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -1422,7 +1422,7 @@ "terms": ["FedRAMP Security Inbox", "Promptly", "Provider"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -1496,7 +1496,7 @@ "terms": ["Agency"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -1521,7 +1521,7 @@ "terms": ["Agency"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -1538,7 +1538,7 @@ "terms": ["Agency", "Artifacts", "Machine-Readable"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -1564,7 +1564,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -1591,7 +1591,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -1619,7 +1619,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -1632,7 +1632,7 @@ "terms": ["Agency"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -1647,7 +1647,7 @@ "terms": ["Agency"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -1661,7 +1661,7 @@ "terms": ["Agency"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -1683,7 +1683,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -1696,7 +1696,7 @@ "terms": ["Agency", "Certification Package"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -1709,7 +1709,7 @@ "terms": ["Agency", "Provider"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -1726,7 +1726,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -1756,7 +1756,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -1776,7 +1776,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -1794,7 +1794,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -1824,7 +1824,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -1842,7 +1842,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -1859,7 +1859,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -1874,7 +1874,7 @@ "terms": ["Agency"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -1972,7 +1972,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -1994,7 +1994,7 @@ "terms": ["Agency", "Provider"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -2021,7 +2021,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -2041,7 +2041,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -2090,7 +2090,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -2109,7 +2109,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -2132,7 +2132,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -2155,7 +2155,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -2175,7 +2175,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -2194,7 +2194,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -2215,7 +2215,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -2280,7 +2280,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -2300,7 +2300,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -2313,7 +2313,7 @@ "terms": ["Certification Data", "Provider", "Quarterly Review"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -2331,7 +2331,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -2351,7 +2351,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -2364,7 +2364,7 @@ "terms": ["Agency", "Provider", "Quarterly Review"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -2381,7 +2381,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -2401,7 +2401,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -2421,7 +2421,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -2440,7 +2440,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -2582,7 +2582,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -2610,7 +2610,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -2631,7 +2631,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -2653,7 +2653,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -2692,7 +2692,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -2715,7 +2715,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -2728,7 +2728,7 @@ "terms": ["Certification Data", "Machine-Readable", "Provider"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -2766,7 +2766,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -2796,7 +2796,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -2820,7 +2820,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -2873,7 +2873,7 @@ "terms": ["Agency", "Provider"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -2897,7 +2897,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -2917,7 +2917,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -2933,7 +2933,7 @@ "terms": ["Certification Data", "Trust Center"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -2951,7 +2951,7 @@ "terms": ["Agency", "Certification Data", "Trust Center"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -2969,7 +2969,7 @@ "terms": ["Certification Data", "Trust Center"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -2986,7 +2986,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -3008,7 +3008,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -3033,7 +3033,7 @@ "terms": ["Agency", "Certification Data", "Provider"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -3052,7 +3052,7 @@ "terms": ["Agency", "Certification Package", "Provider"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -3088,7 +3088,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -3164,7 +3164,7 @@ "terms": ["Federal Customer Data", "Provider", "Validation"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -3213,7 +3213,7 @@ "terms": ["Federal Customer Data", "Provider", "Validation"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -3231,7 +3231,7 @@ "terms": ["Agency", "Provider", "Validation"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -3367,7 +3367,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -3386,7 +3386,7 @@ "terms": ["Certification Package", "Provider"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -3431,7 +3431,7 @@ "terms": ["Certification Package", "Persistently", "Provider"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -3482,7 +3482,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -3627,7 +3627,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -3658,7 +3658,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -3672,7 +3672,7 @@ "terms": ["Machine-Readable", "Provider"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -3685,7 +3685,7 @@ "terms": ["Assessor", "Certification Package", "Provider"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -3699,7 +3699,7 @@ "terms": ["Agency", "Cloud Service Offering", "Provider"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -3719,7 +3719,7 @@ "terms": ["Provider", "Security Category"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -3737,7 +3737,7 @@ "terms": ["All Necessary Parties", "Provider", "Verification"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -3828,7 +3828,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -3881,7 +3881,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -3926,7 +3926,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -3946,7 +3946,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -3973,7 +3973,7 @@ "terms": ["Agency", "Provider"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -3988,7 +3988,7 @@ "terms": ["Provider"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -4007,7 +4007,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -4048,7 +4048,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -4065,7 +4065,7 @@ "terms": ["Provider"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -4084,7 +4084,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -4099,7 +4099,7 @@ "terms": ["Agency", "Cloud Service Offering", "Provider"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -4118,7 +4118,7 @@ "terms": ["Certification Class", "Provider"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -4140,7 +4140,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -4154,7 +4154,7 @@ "terms": ["Agency", "All Necessary Parties", "Provider"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -4192,7 +4192,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -4227,7 +4227,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -4263,7 +4263,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -4276,7 +4276,7 @@ "terms": ["Cloud Service Offering", "Provider"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -5291,7 +5291,7 @@ "terms": ["Provider", "Security Decision Record (SDR)"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -5304,7 +5304,7 @@ "terms": ["Provider", "Security Decision Record (SDR)"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -5317,7 +5317,7 @@ "terms": ["Provider"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -5334,7 +5334,7 @@ "terms": ["Provider"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -5480,7 +5480,7 @@ "terms": ["Incident", "Provider", "Vulnerability Response"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -5508,7 +5508,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -5529,7 +5529,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -5798,7 +5798,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -6054,7 +6054,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -6281,7 +6281,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -6323,7 +6323,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -6342,7 +6342,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -6485,7 +6485,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -6505,7 +6505,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -6526,7 +6526,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -6549,7 +6549,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -6563,7 +6563,7 @@ "terms": ["Provider", "Validation", "Verification"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -6582,7 +6582,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -6601,7 +6601,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -6620,7 +6620,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -6641,7 +6641,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -6655,7 +6655,7 @@ "terms": ["Assessor", "FedRAMP Practices", "Validation"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -6675,7 +6675,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -6696,7 +6696,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -6717,7 +6717,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -6730,7 +6730,7 @@ "terms": ["Assessor", "Provider"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -6749,7 +6749,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -6794,7 +6794,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -7068,7 +7068,7 @@ "terms": ["FedRAMP Independent Assessment", "Provider"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -7083,7 +7083,7 @@ "terms": ["FedRAMP Independent Assessment", "Provider"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -7096,7 +7096,7 @@ "terms": ["FedRAMP Independent Assessment", "Provider"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -7109,7 +7109,7 @@ "terms": ["FedRAMP Independent Assessment", "Provider"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -7201,7 +7201,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -7229,7 +7229,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -7267,7 +7267,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -7293,7 +7293,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -7314,7 +7314,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -7410,7 +7410,7 @@ "terms": ["Cloud Service Offering"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -7429,7 +7429,7 @@ "terms": ["Certification Data", "Provider"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -7451,7 +7451,7 @@ "terms": ["Provider"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -7466,7 +7466,7 @@ "terms": ["Assessor", "FedRAMP Recognized"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -7495,7 +7495,7 @@ "terms": ["Assessor"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -7508,7 +7508,7 @@ "terms": ["Assessor"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -7539,7 +7539,7 @@ "terms": ["Advisor", "Machine-Readable"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -7552,7 +7552,7 @@ "terms": ["Advisor"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -7570,7 +7570,7 @@ "terms": ["Advisor"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -7600,7 +7600,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -7614,7 +7614,7 @@ "terms": ["Provider", "Trust Center"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -7630,7 +7630,7 @@ "terms": ["Certification Class", "Provider"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -7694,7 +7694,7 @@ "terms": ["Assessor", "FedRAMP Recognized"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -7712,7 +7712,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -7725,7 +7725,7 @@ "terms": ["Assessor", "FedRAMP Recognized"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -7741,7 +7741,7 @@ "terms": ["Assessor", "FedRAMP Recognized"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -7761,7 +7761,7 @@ "terms": ["Assessor", "FedRAMP Recognized"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -7776,7 +7776,7 @@ "terms": ["Assessor", "FedRAMP Recognized"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -7794,7 +7794,7 @@ "terms": ["Assessor", "FedRAMP Recognized"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -7812,7 +7812,7 @@ "terms": ["Assessor", "FedRAMP Recognized"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -7826,7 +7826,7 @@ "terms": ["Assessor", "FedRAMP Recognized"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -7842,7 +7842,7 @@ "terms": ["Assessor"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -7865,7 +7865,7 @@ "terms": ["Assessor"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -7888,7 +7888,7 @@ "terms": ["Assessor"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -7915,7 +7915,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -7928,7 +7928,7 @@ "terms": ["Assessor"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -7941,7 +7941,7 @@ "terms": ["Assessor"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -7963,7 +7963,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -8050,7 +8050,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -8070,7 +8070,7 @@ "terms": ["Certification Package", "Provider"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -8089,7 +8089,7 @@ "terms": ["Provider"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -8112,7 +8112,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -8137,7 +8137,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -8156,7 +8156,7 @@ "terms": ["Machine-Readable", "Provider"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -8175,7 +8175,7 @@ "terms": ["Provider"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -8194,7 +8194,7 @@ "terms": ["Machine-Readable", "Provider"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -8217,7 +8217,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -8329,7 +8329,7 @@ "terms": ["Provider", "Significant Change"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -8368,7 +8368,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -8392,7 +8392,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -8434,7 +8434,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -8452,7 +8452,7 @@ "terms": ["Certification Data", "Provider", "Significant Change"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -8475,7 +8475,7 @@ "terms": ["Provider", "Significant Change"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -8489,7 +8489,7 @@ "terms": ["Provider", "Significant Change"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -8509,7 +8509,7 @@ "terms": ["Agency", "Certification Package", "Provider"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -8530,7 +8530,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -8591,7 +8591,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -8648,7 +8648,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -8683,7 +8683,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -8715,7 +8715,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -8747,7 +8747,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -8787,7 +8787,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -8812,7 +8812,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -8855,7 +8855,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -8969,7 +8969,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -8987,7 +8987,7 @@ "terms": ["Provider", "Security Decision Record (SDR)"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -9020,7 +9020,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -9062,7 +9062,7 @@ "terms": ["Provider", "Security Decision Record (SDR)"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -9096,7 +9096,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -9176,7 +9176,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -9205,7 +9205,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -9223,7 +9223,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -9242,7 +9242,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -9260,7 +9260,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -9278,7 +9278,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -9296,7 +9296,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -9315,7 +9315,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -9334,7 +9334,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -9355,7 +9355,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -9400,7 +9400,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -9445,7 +9445,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -9767,7 +9767,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -9780,7 +9780,7 @@ "terms": ["Provider", "Vulnerability"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -9799,7 +9799,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -9843,7 +9843,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -9884,7 +9884,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -9925,7 +9925,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -10019,7 +10019,7 @@ "terms": ["Agency", "Provider", "Vulnerability"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -10037,7 +10037,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -10061,7 +10061,7 @@ "terms": ["Agency", "Provider", "Vulnerability"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -10081,7 +10081,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -10100,7 +10100,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -10129,7 +10129,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -10156,7 +10156,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -10182,7 +10182,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -10213,7 +10213,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -10226,7 +10226,7 @@ "terms": ["Provider", "Vulnerability"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -10246,7 +10246,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -10265,7 +10265,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -10295,7 +10295,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -10324,7 +10324,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -10374,7 +10374,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -10420,7 +10420,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -10439,7 +10439,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -10458,7 +10458,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -10471,7 +10471,7 @@ "terms": ["Likely", "Provider", "Responsibly", "Vulnerability"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -10499,7 +10499,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -10514,7 +10514,7 @@ "terms": ["Accepted Vulnerability", "Provider", "Vulnerability"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -10585,7 +10585,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -10622,7 +10622,7 @@ "terms": ["Provider", "Vulnerability", "Vulnerability Detection"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -10661,7 +10661,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -10700,7 +10700,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -10738,7 +10738,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ], @@ -10767,7 +10767,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ], @@ -10787,7 +10787,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ], @@ -10802,7 +10802,7 @@ "controls": ["cm-3", "cm-3.2", "cm-3.4", "cm-5", "cm-7.1", "cm-9"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ], @@ -10814,7 +10814,7 @@ "controls": ["cm-3", "cm-3.2", "cm-4.2", "si-2"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ], @@ -10835,7 +10835,7 @@ "controls": ["cm-2", "si-3"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -10845,7 +10845,7 @@ "controls": ["ca-2.1", "ca-7.1"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ], @@ -10869,7 +10869,7 @@ "controls": ["ac-17.3", "cm-2", "pl-10"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ], @@ -10901,7 +10901,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ], @@ -10917,7 +10917,7 @@ "controls": [], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ], @@ -10933,7 +10933,7 @@ "controls": ["ac-17.3", "ca-9", "cm-7.1", "sc-7.5", "si-8"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ], @@ -10949,7 +10949,7 @@ "controls": ["sc-5", "si-8", "si-8.2"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ], @@ -10974,7 +10974,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ], @@ -11005,7 +11005,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -11030,7 +11030,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -11076,7 +11076,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ], @@ -11127,7 +11127,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ], @@ -11147,7 +11147,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ], @@ -11167,7 +11167,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ], @@ -11188,7 +11188,7 @@ "controls": ["ir-3", "ir-4", "ir-4.1", "ir-8"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ], @@ -11211,7 +11211,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ], @@ -11223,7 +11223,7 @@ "controls": ["ir-3", "ir-4", "ir-4.1", "ir-5", "ir-8"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ], @@ -11243,7 +11243,7 @@ "controls": ["si-11"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ], @@ -11263,7 +11263,7 @@ "controls": ["ca-7", "cm-2", "cm-6", "si-7.7"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ], @@ -11290,7 +11290,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ], @@ -11321,7 +11321,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ], @@ -11341,7 +11341,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ], @@ -11370,7 +11370,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ], @@ -11382,7 +11382,7 @@ "controls": [], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ], @@ -11404,7 +11404,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ], @@ -11429,7 +11429,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ], @@ -11441,7 +11441,7 @@ "controls": ["ra-5.11"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ], @@ -11462,7 +11462,7 @@ "controls": ["cm-2.3", "cp-6", "cp-9", "cp-10", "cp-10.2", "si-12"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ], @@ -11495,7 +11495,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ], @@ -11507,7 +11507,7 @@ "controls": ["cp-2.3", "cp-10"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ], @@ -11530,7 +11530,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ], @@ -11564,7 +11564,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ], @@ -11587,7 +11587,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ], @@ -11620,7 +11620,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ], @@ -11637,7 +11637,7 @@ "controls": ["ac-17.2", "ia-5.2", "ia-5.6", "sc-12", "sc-17"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ], @@ -11659,7 +11659,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ], @@ -11670,7 +11670,7 @@ "controls": ["sc-4"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ], @@ -11694,7 +11694,7 @@ "controls": ["si-12.3", "si-18.4"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ], @@ -11727,7 +11727,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ] @@ -11737,7 +11737,7 @@ "controls": ["sc-23", "si-7.1"], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ], @@ -11770,7 +11770,7 @@ ], "updated": [ { - "date": "2026-06-23", + "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." } ], From e2900d0d29b02925bab29b01ce54417c335b4097 Mon Sep 17 00:00:00 2001 From: pete-gov Date: Wed, 24 Jun 2026 11:32:01 -0400 Subject: [PATCH 5/6] forms links --- fedramp-consolidated-rules.json | 62 +++++++++++++++++++++------------ 1 file changed, 39 insertions(+), 23 deletions(-) diff --git a/fedramp-consolidated-rules.json b/fedramp-consolidated-rules.json index 0da3a50..ead062e 100644 --- a/fedramp-consolidated-rules.json +++ b/fedramp-consolidated-rules.json @@ -84,11 +84,11 @@ }, "FRD-AGY": { "term": "Agency", - "definition": "Has the meaning given in 44 U.S. Code \u00a7 3502 (1), which is \"any executive department, military department, Government corporation, Government controlled corporation, or other establishment in the executive branch of the Government (including the Executive Office of the President), or any independent regulatory agency, but does not include\u2014(A) the Government Accountability Office; (B) Federal Election Commission; (C) the governments of the District of Columbia and of the territories and possessions of the United States, and their various subdivisions; or (D) Government-owned contractor-operated facilities, including laboratories engaged in national defense research and production activities.\"", + "definition": "Has the meaning given in 44 U.S. Code § 3502 (1), which is \"any executive department, military department, Government corporation, Government controlled corporation, or other establishment in the executive branch of the Government (including the Executive Office of the President), or any independent regulatory agency, but does not include—(A) the Government Accountability Office; (B) Federal Election Commission; (C) the governments of the District of Columbia and of the territories and possessions of the United States, and their various subdivisions; or (D) Government-owned contractor-operated facilities, including laboratories engaged in national defense research and production activities.\"", "tag": "Stakeholder", "alts": ["agency", "agencies"], "do_not_link": true, - "reference": "44 U.S. Code \u00a7 3502 (1)", + "reference": "44 U.S. Code § 3502 (1)", "reference_url": "https://www.govinfo.gov/app/details/USCODE-2023-title44/USCODE-2023-title44-chap35-subchapI-sec3502", "updated": [ { @@ -198,11 +198,11 @@ }, "FRD-CRP": { "term": "Certification Package", - "definition": "Has meaning from 44 USC \u00a7 3607 (b)(8) given to \"authorization package\", which is \"the essential information that can be used by an agency to determine whether to authorize the operation of an information system or the use of a designated set of common controls for all cloud computing products and services [certified] by FedRAMP.\"", + "definition": "Has meaning from 44 USC § 3607 (b)(8) given to \"authorization package\", which is \"the essential information that can be used by an agency to determine whether to authorize the operation of an information system or the use of a designated set of common controls for all cloud computing products and services [certified] by FedRAMP.\"", "note": "In FedRAMP documentation, certification package always refers to a FedRAMP Certification Package unless otherwise specified.", "tag": "Certification", "alts": ["certification package", "certification packages"], - "reference": "44 USC \u00a7 3607 (b)(8)", + "reference": "44 USC § 3607 (b)(8)", "reference_url": "https://fedramp.gov/docs/authority/law/#b-additional-definitions", "updated": [ { @@ -277,7 +277,7 @@ "FRD-DTM": { "term": "Deterministic Telemetry", "definition": "Verifiable data collected directly from an authoritative source that represents a factual and reproducible observation of the attributes of a system such as the system's state, configuration, or behavior.", - "note": "Probabilistic inferences, generative outputs, or predictive assessments such as those produced using generative transformer models (commonly referred to as \u201cGenerative AI\u201d) do not constitute a factual record of the system state and must not be used to generate deterministic telemetry.", + "note": "Probabilistic inferences, generative outputs, or predictive assessments such as those produced using generative transformer models (commonly referred to as “Generative AI”) do not constitute a factual record of the system state and must not be used to generate deterministic telemetry.", "alts": ["deterministic telemetry"], "updated": [ { @@ -349,7 +349,7 @@ "FedRAMP certification report", "certification report" ], - "reference": "FedRAMP Certification Act (44 USC \u00a7 3608)", + "reference": "FedRAMP Certification Act (44 USC § 3608)", "reference_url": "https://www.fedramp.gov/docs/authority/law/#sec-3608-federal-risk-and-authorization-management-program", "updated": [ { @@ -371,7 +371,7 @@ "FedRAMP Authorized", "authorized" ], - "reference": "FedRAMP Certification Act (44 USC \u00a7 3608)", + "reference": "FedRAMP Certification Act (44 USC § 3608)", "reference_url": "https://www.fedramp.gov/docs/authority/law/#sec-3608-federal-risk-and-authorization-management-program", "updated": [ { @@ -488,10 +488,10 @@ }, "FRD-INT": { "term": "Incident", - "definition": "Has the meaning given in 44 USC \u00a7 3552 (b)(2) which is \"an occurrence that (A) actually or imminently jeopardizes, without lawful authority, the integrity, confidentiality, or availability of information or an information system; or (B) constitutes a violation or imminent threat of violation of law, security policies, security procedures, or acceptable use policies.\"", + "definition": "Has the meaning given in 44 USC § 3552 (b)(2) which is \"an occurrence that (A) actually or imminently jeopardizes, without lawful authority, the integrity, confidentiality, or availability of information or an information system; or (B) constitutes a violation or imminent threat of violation of law, security policies, security procedures, or acceptable use policies.\"", "tag": "Incident", "alts": ["incident", "incidents"], - "reference": "44 USC \u00a7 3552 (b)(2)", + "reference": "44 USC § 3552 (b)(2)", "reference_url": "https://www.govinfo.gov/app/details/USCODE-2024-title44/USCODE-2024-title44-chap35-subchapII-sec3552", "updated": [ { @@ -502,11 +502,11 @@ }, "FRD-IRS": { "term": "Information Resource", - "definition": "Has the meaning from 44 USC \u00a7 3502 (6): \"information and related resources, such as personnel, equipment, funds, and information technology.\" This includes any aspect of the cloud service offering, both technical and managerial, including everything that makes up the business of the offering from non-machine-based information resources like organizational policies, procedures, employees, etc. to machine-based information resources like hardware, software, cloud services, code, etc.", + "definition": "Has the meaning from 44 USC § 3502 (6): \"information and related resources, such as personnel, equipment, funds, and information technology.\" This includes any aspect of the cloud service offering, both technical and managerial, including everything that makes up the business of the offering from non-machine-based information resources like organizational policies, procedures, employees, etc. to machine-based information resources like hardware, software, cloud services, code, etc.", "note": "Information resources are either machine-based or non-machine-based; any requirement or recommendation that references information resources without specifying a type is inclusive of all information resources.", "tag": "Information Resource", "alts": ["information resource", "information resources"], - "reference": "44 USC \u00a7 3502 (6)", + "reference": "44 USC § 3502 (6)", "reference_url": "https://www.govinfo.gov/app/details/USCODE-2023-title44/USCODE-2023-title44-chap35-subchapI-sec3502", "updated": [ { @@ -635,7 +635,7 @@ }, "FRD-MBI": { "term": "Machine-Based (Information Resources)", - "definition": "Any information technology information resource\u2014including systems, processes, software, hardware, services, cloud-native capabilities, and any other such capability, component, or resource\u2014that relies primarily on mechanical or electronic devices (i.e. computers) for operation.", + "definition": "Any information technology information resource—including systems, processes, software, hardware, services, cloud-native capabilities, and any other such capability, component, or resource—that relies primarily on mechanical or electronic devices (i.e. computers) for operation.", "note": "All other information resources that do not rely on computers are non-machine-based information resources.", "tag": "Information Resource", "alts": ["machine-based", "machine based"], @@ -659,9 +659,9 @@ }, "FRD-MRD": { "term": "Machine-Readable", - "definition": "Has the meaning from 44 U.S. Code \u00a7 3502 (18) which is \"the term \"machine-readable\", when used with respect to data, means data in a format that can be easily processed by a computer without human intervention while ensuring no semantic meaning is lost\"", + "definition": "Has the meaning from 44 U.S. Code § 3502 (18) which is \"the term \"machine-readable\", when used with respect to data, means data in a format that can be easily processed by a computer without human intervention while ensuring no semantic meaning is lost\"", "alts": ["machine-readable"], - "reference": "44 U.S. Code \u00a7 3502 (18)", + "reference": "44 U.S. Code § 3502 (18)", "reference_url": "https://www.govinfo.gov/app/details/USCODE-2023-title44/USCODE-2023-title44-chap35-subchapI-sec3502", "updated": [ { @@ -1050,10 +1050,10 @@ }, "FRD-VUL": { "term": "Vulnerability", - "definition": "Has the meaning given to \"security vulnerability\" in 6 USC \u00a7 650 (25), which is \"any attribute of hardware, software, process, or procedure that could enable or facilitate the defeat of [...] management, operational, and technical controls used to protect against an unauthorized effort to adversely affect the confidentiality, integrity, and availability of an information system or its information.\" This includes gaps in Rev5 Controls and 20x Key Security Indicators, software vulnerabilities, misconfigurations, exposures, weak credentials, insecure services, and all other such potential weaknesses in protection (intentional or unintentional).", + "definition": "Has the meaning given to \"security vulnerability\" in 6 USC § 650 (25), which is \"any attribute of hardware, software, process, or procedure that could enable or facilitate the defeat of [...] management, operational, and technical controls used to protect against an unauthorized effort to adversely affect the confidentiality, integrity, and availability of an information system or its information.\" This includes gaps in Rev5 Controls and 20x Key Security Indicators, software vulnerabilities, misconfigurations, exposures, weak credentials, insecure services, and all other such potential weaknesses in protection (intentional or unintentional).", "tag": "Vulnerability", "alts": ["vulnerability", "vulnerabilities"], - "reference": "6 USC \u00a7 650 (25)", + "reference": "6 USC § 650 (25)", "reference_url": "https://www.govinfo.gov/app/details/USCODE-2024-title6/USCODE-2024-title6-chap1-subchapXVIII-sec650", "updated": [ { @@ -1764,7 +1764,7 @@ "AGU-USE-ROR": { "name": "Review Ongoing Certification Reports", "statement": "Agencies SHOULD review each Ongoing Certification Report to understand how changes to the cloud service offering may impact the risk tolerance documented in the agency Authorization to Operate for the federal information system that includes the cloud service offering in its boundary.", - "note": "This agency review supports agency responsibilities under 44 USC \u00a7 35, OMB Circular A-130, FIPS-200, and OMB Memorandum M-24-15.", + "note": "This agency review supports agency responsibilities under 44 USC § 35, OMB Circular A-130, FIPS-200, and OMB Memorandum M-24-15.", "force": "SHOULD", "affects": ["Agencies"], "terms": [ @@ -1960,7 +1960,7 @@ "CCM-AGM-ROR": { "name": "Review Ongoing Reports", "statement": "Agencies MUST review each Ongoing Certification Report to understand how changes to the cloud service offering may impact the previously agreed-upon risk tolerance documented in the agency's Authorization to Operate of a federal information system that includes the cloud service offering in its boundary.", - "note": "This is required by 44 USC \u00a7 35, OMB A-130, FIPS-200, and M-24-15.", + "note": "This is required by 44 USC § 35, OMB A-130, FIPS-200, and M-24-15.", "force": "MUST", "affects": ["Agencies"], "terms": [ @@ -2002,7 +2002,7 @@ "CCM-AGM-NAR": { "name": "No Additional Requirements", "statement": "Agencies MUST NOT place additional security requirements on cloud service providers beyond those required by FedRAMP UNLESS the head of the agency or an authorized delegate makes a determination that there is a demonstrable need for such; this does not apply to seeking clarification or asking general questions about FedRAMP Certification Data.", - "note": "This is a statutory requirement in 44 USC \u00a7 3613 (e) related to the Presumption of Adequacy for a FedRAMP Certification.", + "note": "This is a statutory requirement in 44 USC § 3613 (e) related to the Presumption of Adequacy for a FedRAMP Certification.", "force": "MUST NOT", "affects": ["Agencies"], "notification": [ @@ -7502,9 +7502,17 @@ }, "MKT-IAS-LRQ": { "name": "Listing Requests for Assessors", - "statement": "Assessors MUST complete the Assessor Listing Request Form at https://fedramp.gov/forms/assessor-listing-request/ to request listing in the FedRAMP Marketplace.", + "statement": "Assessors MUST complete the Assessor Listing Request Form to request listing in the FedRAMP Marketplace.", "force": "MUST", "affects": ["Assessors"], + "notification": [ + { + "party": "FedRAMP", + "method": "form", + "target": "https://help.fedramp.gov/hc/en-us/requests/new?ticket_form_id=52060327520795", + "name": "[For Assessors/Advisors] Marketplace Listing Form" + } + ], "terms": ["Assessor"], "updated": [ { @@ -7546,9 +7554,17 @@ }, "MKT-CAS-LRQ": { "name": "Listing Requests for Advisors", - "statement": "Advisors MUST complete the Advisor Listing Request Form at https://fedramp.gov/forms/advisor-listing-request/ to request listing in the FedRAMP Marketplace.", + "statement": "Advisors MUST complete the Advisor Listing Request Form to request listing in the FedRAMP Marketplace.", "force": "MUST", "affects": ["Advisors"], + "notification": [ + { + "party": "FedRAMP", + "method": "form", + "target": "https://help.fedramp.gov/hc/en-us/requests/new?ticket_form_id=52060327520795", + "name": "[For Assessors/Advisors] Marketplace Listing Form" + } + ], "terms": ["Advisor"], "updated": [ { @@ -7581,7 +7597,7 @@ "name": "Agency Use Cases", "statement": "Providers MUST demonstrate that a cloud service offering is intended for one of the following use cases:", "following_information": [ - "Direct Use: The product will be used directly by agency customers for integration into a federal information system that falls within the scope of 44 USC \u00a7 3506 and will receive an agency Authorization to Operate.", + "Direct Use: The product will be used directly by agency customers for integration into a federal information system that falls within the scope of 44 USC § 3506 and will receive an agency Authorization to Operate.", "Indirect Use: The product will be included as a third-party information resource in other cloud service offerings that are directly used by agency customers." ], "notes": [ @@ -10108,7 +10124,7 @@ "VER-AGM-DRE": { "name": "Do Not Request Extra Info", "statement": "Agencies SHOULD NOT request additional information from cloud service providers that is not required by the FedRAMP Vulnerability Detection and Response rules UNLESS the head of the agency or an authorized delegate makes a determination that there is a demonstrable need for such.", - "note": "This is related to the Presumption of Adequacy directed by 44 USC \u00a7 3613 (e).", + "note": "This is related to the Presumption of Adequacy directed by 44 USC § 3613 (e).", "force": "SHOULD NOT", "affects": ["Agencies"], "notification": [ From 6a8af44f46b50ff20f899cfb7499b03e65990e9f Mon Sep 17 00:00:00 2001 From: pete-gov Date: Wed, 24 Jun 2026 11:47:31 -0400 Subject: [PATCH 6/6] let's go --- fedramp-consolidated-rules.json | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/fedramp-consolidated-rules.json b/fedramp-consolidated-rules.json index ead062e..bf87d16 100644 --- a/fedramp-consolidated-rules.json +++ b/fedramp-consolidated-rules.json @@ -3980,11 +3980,17 @@ }, "FRC-APP-AFC": { "name": "Applying for FedRAMP Certification", - "statement": "Providers MUST complete the FedRAMP Certification Application Form at https://fedramp.gov/forms/provider-listing-request/ in full to request an initial assessment by FedRAMP.", - "reference": "FedRAMP Certification Application Form", - "reference_url": "https://fedramp.gov/forms", + "statement": "Providers MUST complete the FedRAMP Certification Application Form in full to request an initial assessment by FedRAMP.", "force": "MUST", "affects": ["Providers"], + "notification": [ + { + "party": "FedRAMP", + "method": "form", + "target": "https://help.fedramp.gov/hc/en-us/requests/new?ticket_form_id=51137131584283", + "name": "[For CSPs] FedRAMP Certification Application Form" + } + ], "terms": ["Provider"], "updated": [ {