Policy and Inventory¶
Generating Inventories¶
KSI-PIY-GIV
Changelog:
- 2026-06-24: Official launch of the FedRAMP Consolidated Rules for 2026.
Authoritative sources are used to automatically generate real-time inventories of all information resources when needed.
Related SP 800-53 Controls: CM-02 (02), CM-07 (05), CM-08, CM-08 (01), CM-12, CM-12 (01), CP-02 (08)
Terms: Information Resource
Reviewing Executive Support¶
KSI-PIY-RES
Changelog:
- 2026-06-24: Official launch of the FedRAMP Consolidated Rules for 2026.
Executive support for achieving the provider's security goals is persistently reviewed and demonstrated.
Terms: Persistently
Reviewing Investments in Security¶
KSI-PIY-RIS
Changelog:
- 2026-06-24: Official launch of the FedRAMP Consolidated Rules for 2026.
The effectiveness of the provider's investments in achieving security goals is persistently reviewed.
Related SP 800-53 Controls: AC-05, CA-02, CP-02 (01), CP-04 (01), IR-03 (02), PM-03, SA-02, SA-03, SR-02 (01)
Terms: Persistently
Reviewing Security in the SDLC¶
KSI-PIY-RSD
Changelog:
- 2026-06-24: Official launch of the FedRAMP Consolidated Rules for 2026.
The effectiveness of building security and privacy considerations into the Software Development Lifecycle and aligning with CISA Secure By Design principles is persistently reviewed.
Related SP 800-53 Controls: AC-05, AU-03 (03), CM-03 (04), PL-08, PM-07, SA-03, SA-08, SC-04, SC-18, SI-10, SI-11, SI-16
Terms: Persistently
Reviewing Vulnerability Disclosures¶
KSI-PIY-RVD
Changelog:
- 2026-06-24: Official launch of the FedRAMP Consolidated Rules for 2026.
The effectiveness of the provider's vulnerability disclosure program is persistently reviewed.
Related SP 800-53 Controls: RA-05 (11)
Terms: Persistently, Vulnerability