FedRAMP Public Notices
The FedRAMP Public Notices page includes updates and announcements that are typically too small for a dedicated blog post but are still important for the community to track.
Notices are also available in an RSS feed here.
| ID | Title | Description | Date |
|---|---|---|---|
| 0010 | FedRAMP Response to CISA V1 ED 25-03 | FedRAMP has been tasked with ensuring all federal agencies have the information they need from cloud services to respond to this Emergency Directive. This will avoid massive duplicative work for agencies and all cloud services. | 2026-04-23 |
| 0009 | Initial Outcome from RFC-0024 Rev5 Machine-Readable Packages | RFC-0024 Rev5 Machine-Readable Packages was closed on March 11, 2026. This notice explains the initial outcome from public comment and the next steps for FedRAMP. | 2026-03-25 |
| 0008 | Initial Outcome from RFC-0023 Rev5 Program Certifications | RFC-0023 Rev5 Program Certifications was closed on February 26, 2026. This notice explains the initial outcome from public comment and the next steps for FedRAMP. | 2026-03-06 |
| 0007 | Initial Outcome from RFC-0022 Leveraging External Frameworks | RFC-0022 Leveraging External Frameworks was closed on February 26, 2026. This notice explains the initial outcome from public comment and the next steps for FedRAMP. | 2026-03-03 |
| 0006 | Emergency Directive 26-03 Mitigate Vulnerabilities in Cisco-SD WAN Systems | This is a real emergency and action is required in response to CISA Emergency Directive 26-03: Mitigate Vulnerabilities in Cisco-SD WAN Systems. This is NOT a test. | 2026-02-25 |
| 0005 | Initial Outcome from RFC-0021 Expanding the FedRAMP Marketplace | RFC-0021 Expanding the FedRAMP Marketplace was closed on February 19, 2026. This notice explains the initial outcome from public comment and the next steps for FedRAMP. | 2026-02-25 |
| 0004 | Initial Outcome from RFC-0020 FedRAMP Authorization Designations | RFC-0020 FedRAMP Authorization Designations was closed on February 19, 2026. This notice explains the initial outcome from public comment and the next steps for FedRAMP. | 2026-02-25 |
| 0003 | Notification of Planned FY26 Q2 FedRAMP Security Inbox Test | FedRAMP will be performing a planned quarterly Emergency Test of the FedRAMP Security Inbox for all cloud service providers between March 2 and March 13, 2026. | 2026-02-18 |
| 0002 | Outcome from RFC-0019 Reporting Assessment Costs | RFC-0019 Reporting Assessment Costs was closed on February 12, 2026. After reviewing public comments, FedRAMP will not finalize or implement the proposed cost reporting requirements at this time. | 2026-02-18 |
| 0001 | Introducing FedRAMP Public Notices | Introducing FedRAMP Public Notices, a simple service to keep stakeholders in the loop on updates and announcements from FedRAMP. | 2026-02-18 |