Rev. 5 - Additional Documents Released
February 16 | 2024
To modernize baselines, the National Institute of Standards and Technology (NIST) released the Special Publication (SP) 800-53 Revision (Rev.) 5 template and documentation updates last summer, previously covered on our site. As a continuation of Rev. 5, FedRAMP has released the following new and updated documentation:
- Cloud Service Provider (CSP) Annual Assessment Guidance (Updated) – Clarified periodicity requirements for non-core controls, updated references and criteria from NIST SP 800-53 Rev. 4 to Rev. 5, updated links to the latest versions of FedRAMP templates, updated the rationale for NIST SP 800-53 Rev. 5 core controls selection, and added references to the OSCAL versions of FedRAMP templates.
- CSP Annual Assessment Controls Selection Worksheet (Updated 3/4/2024) – Added columns to the “Control Selection” tab to identify control selections from prior assessments and included tabs with NIST 800-53 Rev. 5 core (annually required) control lists.
- CSP Authorization Playbook (Updated) – Aligned with recent changes made to other FedRAMP documents/templates related to NIST SP 800-53 Rev. 5.
- Agency Authorization Playbook (Updated)– Aligned guidance with recent changes made to other FedRAMP documents/templates related to NIST SP 800-53 Rev. 5.
- FedRAMP Continuous Monitoring Deliverables Template (New, Updated 3/4/2024) – This template is used to identify the schedule and documentation location for monthly and annual continuous monitoring deliverables.
- FedRAMP Vulnerability Deviation Request Form (Updated) – Clarified language on vendor dependencies regarding how a vendor dependency can not remain a High vulnerability and how vendor dependencies can be operational requirements in very specific circumstances with federal agency authorizing official (AO) approval.
- Vulnerability Scanning Requirements (Updated) – Consolidated all required scanning requirements into one document, added and refined language for container scanning/reporting, and added language clarifying how to report supplemental scanning remediation.
- FedRAMP Rev. 4 to Rev. 5 Assessment Controls Selection Template (Updated) – Revised to add CA-8 (2) as a new control to the “High” and “Moderate” tabs.
The documents and templates released today can be found on the Rev. 5 Transition page along with other Rev. 5 support resources. They can also be found on the FedRAMP website under the Documents & Templates page.
Should you have any additional questions or concerns, please email us at info@fedramp.gov.