From 42cb197925ed9d653aae2053fb696a9bbd85ca18 Mon Sep 17 00:00:00 2001 From: dan-fedramp Date: Thu, 2 Jul 2026 12:37:50 -0400 Subject: [PATCH 1/3] Update terminology from "Response" to "Communication" in FedRAMP Incident Evaluation rules across multiple definitions and statements. --- fedramp-consolidated-rules.json | 35 +++++++++++++++++++++++++-------- 1 file changed, 27 insertions(+), 8 deletions(-) diff --git a/fedramp-consolidated-rules.json b/fedramp-consolidated-rules.json index 0f5134f..b79d599 100644 --- a/fedramp-consolidated-rules.json +++ b/fedramp-consolidated-rules.json @@ -444,7 +444,7 @@ }, "FRD-FIR": { "term": "Final Incident Report (FIR)", - "definition": "A final report after recovery from an incident that is supplied by FedRAMP Certified cloud service providers to FedRAMP and agency customers, following FedRAMP Incident Evaluation and Response rules.", + "definition": "A final report after recovery from an incident that is supplied by FedRAMP Certified cloud service providers to FedRAMP and agency customers, following FedRAMP Incident Evaluation and Communication rules.", "tag": "Incident", "alts": [ "final incident report", @@ -453,6 +453,10 @@ "FIRs" ], "updated": [ + { + "date": "2026-07-02", + "comment": "Update terminology from \"Response\" to \"Communication\" in FedRAMP Incident Evaluation rules." + }, { "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." @@ -541,7 +545,7 @@ }, "FRD-IIR": { "term": "Initial Incident Report (IIR)", - "definition": "An initial report about an incident that is supplied by FedRAMP Certified cloud service providers to FedRAMP and agency customers, following FedRAMP FedRAMP Incident Evaluation and Response rules.", + "definition": "An initial report about an incident that is supplied by FedRAMP Certified cloud service providers to FedRAMP and agency customers, following FedRAMP FedRAMP Incident Evaluation and Communication rules.", "tag": "Incident", "alts": [ "initial incident report", @@ -550,6 +554,10 @@ "IIRs" ], "updated": [ + { + "date": "2026-07-02", + "comment": "Update terminology from \"Response\" to \"Communication\" in FedRAMP Incident Evaluation rules." + }, { "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." @@ -719,7 +727,7 @@ }, "FRD-OIR": { "term": "Ongoing Incident Report (OIR)", - "definition": "A recurring report about an ongoing incident that is supplied by FedRAMP Certified cloud service providers to FedRAMP and agency customers, following the FedRAMP Incident Evaluation and Response rules.", + "definition": "A recurring report about an ongoing incident that is supplied by FedRAMP Certified cloud service providers to FedRAMP and agency customers, following the FedRAMP Incident Evaluation and Communication rules.", "tag": "Incident", "alts": [ "ongoing incident report", @@ -728,6 +736,10 @@ "OIRs" ], "updated": [ + { + "date": "2026-07-02", + "comment": "Update terminology from \"Response\" to \"Communication\" in FedRAMP Incident Evaluation rules." + }, { "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." @@ -5476,15 +5488,19 @@ "FRP": { "IEC-FRP-ORV": { "name": "Ongoing Review", - "statement": "FedRAMP MUST periodically review FedRAMP Incident Evaluation and Response implementation with providers based on lack of reporting or other information.", + "statement": "FedRAMP MUST periodically review FedRAMP Incident Evaluation and Communication implementation with providers based on lack of reporting or other information.", "corrective_actions": [ "FedRAMP will request a Corrective Action Plan when a provider is unaware of the rules or has failed to implement proper procedures.", "FedRAMP will grant a 3 month grace period to implement proper procedures pending remediation and possible revocation of FedRAMP Certification." ], "force": "MUST", "affects": ["FedRAMP"], - "terms": ["Incident", "Provider", "Vulnerability Response"], + "terms": ["Incident", "Provider"], "updated": [ + { + "date": "2026-07-02", + "comment": "Update terminology from \"Response\" to \"Communication\" in FedRAMP Incident Evaluation rules." + }, { "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." @@ -5495,7 +5511,7 @@ "CSO": { "IEC-CSO-EFR": { "name": "Evaluate FedRAMP Reportability", - "statement": "Providers MUST promptly evaluate incidents to determine if they affect confidentiality or integrity of federal customer data or are likely to affect confidentiality or integrity of federal customer data; such incidents are FedRAMP Reportable Incidents and must be reported following the FedRAMP Incident Evaluation and Response rules.", + "statement": "Providers MUST promptly evaluate incidents to determine if they affect confidentiality or integrity of federal customer data or are likely to affect confidentiality or integrity of federal customer data; such incidents are FedRAMP Reportable Incidents and must be reported following the FedRAMP Incident Evaluation and Communication rules.", "force": "MUST", "affects": ["Providers"], "artifacts": { @@ -5509,10 +5525,13 @@ "Incident", "Likely", "Promptly", - "Provider", - "Vulnerability Response" + "Provider" ], "updated": [ + { + "date": "2026-07-02", + "comment": "Update terminology from \"Response\" to \"Communication\" in FedRAMP Incident Evaluation rules." + }, { "date": "2026-06-24", "comment": "Official launch of the FedRAMP Consolidated Rules for 2026." From bac79a3dd51d98484200de47305ad71592ff5b3f Mon Sep 17 00:00:00 2001 From: dan-fedramp Date: Thu, 2 Jul 2026 14:21:49 -0400 Subject: [PATCH 2/3] Fix typo in "significant change evaluation" description in FedRAMP consolidated rules. --- fedramp-consolidated-rules.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fedramp-consolidated-rules.json b/fedramp-consolidated-rules.json index b79d599..b4350cf 100644 --- a/fedramp-consolidated-rules.json +++ b/fedramp-consolidated-rules.json @@ -8391,7 +8391,7 @@ "affects": ["Providers"], "artifacts": { "all": [ - "Evidence of signifincat change evaluation including a description fo the change, the determined type, and an explanation for the decision. At least one example must be provided for each type of change. Real examples are prefered but the provider may use fictitious examples as long as the example provides evidence of the decision making process." + "Evidence of significant change evaluation including a description fo the change, the determined type, and an explanation for the decision. At least one example must be provided for each type of change. Real examples are prefered but the provider may use fictitious examples as long as the example provides evidence of the decision making process." ] }, "schema": { From a27eac89e9d54d1e9211ca2e5be86af7540da59e Mon Sep 17 00:00:00 2001 From: dan-fedramp Date: Thu, 2 Jul 2026 14:57:19 -0400 Subject: [PATCH 3/3] Update metadata version and last_updated field in FedRAMP consolidated rules. --- fedramp-consolidated-rules.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fedramp-consolidated-rules.json b/fedramp-consolidated-rules.json index b4350cf..e828c0b 100644 --- a/fedramp-consolidated-rules.json +++ b/fedramp-consolidated-rules.json @@ -2,8 +2,8 @@ "info": { "title": "FedRAMP Consolidated Rules for 2026", "description": "This datafile contains the Consolidated Rules for FedRAMP in structured machine-readable text. It includes definitions, requirements, recommendations, and key security indicators.", - "version": "2026.07.01.01", - "last_updated": "2026-07-01", + "version": "2026.07.02.02", + "last_updated": "2026-07-02", "default_artifacts": { "FRR": [ "Explanation of how the rule is followed, or an explanation of the reason and resulting risk to customers for not following the rule.",