Rev. 5 - Additional Documents Released
August 30 | 2023
FedRAMP has released the fourth wave of updated documents and templates to support the transition and compliance from Rev. 4 to Rev. 5 of the National Institute of Standards and Technology’s Special Publication (SP) 800-53 Rev. 5 Catalog of Security and Privacy Controls for Information Systems and Organizations and SP 800-53B Control Baselines for Information Systems and Organizations.
The documents and templates released today are outlined below and can be found on the Rev. 5 Transition page along with other Rev. 5 support resources.
This release includes:
- Collaborative ConMon Quick Guide
- Replaces Guide for Multi-agency Continuous Monitoring (ConMon)
- Includes FedRAMP Additional Requirement for cloud service offerings (CSOs) authorized via the agency path. CSOs with more than one agency Authorization to Operate are required to implement the collaborative ConMon approach described in the guide (ref: CA-7)
- CSP Continuous Monitoring Performance Management Guide
- Added a section for agency Authorizing Officials with recommendations on how to use the guidance to manage ConMon performance for CSOs that were authorized via the agency path
- Made additional updates for clarity and consistency
- FedRAMP General Document Acceptance Guidance
- Made minor editorial and formatting changes
- System Security Plan Appendix A: FedRAMP Security Controls (LI-SaaS, Low, Moderate and High Baselines)
- In the Control Summary Information table, separate parameter fields were added for control sub-parts with multiple parameters [e.g., PS-5(d)-1 and PS-5(d)-2]
- Corrects an issue where control implementation statements are dissected beyond the first sub-part level
- Made minor editorial and formatting changes
If you have any questions, please email info@fedramp.gov and/or join our next Rev. 5 Office Hours on September 20, 2023 from 12:00 -1:00PM.
We request that you submit your questions in advance of the Office Hours by filling out this form. Please note this question should benefit the larger Rev. 5 stakeholder community. Questions about a specific Rev. 5 requirement or scenario should be directed to info@fedramp.gov.
You can also find answers to questions in the Rev. 5 section of the FedRAMP FAQ page.