Skip to main content

Rev. 5 Transition

Understanding the Transition from Rev. 4 to Rev. 5

The FedRAMP Joint Authorization Board (JAB) updated the FedRAMP security controls baseline to align with National Institutes of Standards and Technology (NIST) Special Publication (SP) 800-53 (SP 800-53), Security and Privacy Controls for Federal Information Systems and Organizations, Revision 5 (Rev. 5). The FedRAMP Program Management Office (PMO) updated the FedRAMP documentation and templates to reflect the changes in NIST SP 800-53, Rev. 5, and developed guidance to assist Cloud Service Providers (CSPs) in transitioning to Rev. 5.

Please refer to the FAQ page for additional information.

Rev. 5 documents can be found on the Documents and Templates page.

On the Automation GitHub, the FedRAMP Open Security Controls Assessment Language (OSCAL) versions of the Rev. 5 baselines for High, Moderate, Low, and Tailored for Low Impact-Software as a Service (LI-SaaS), including XML, JSON, and YAML versions can be found.

In the table below, the archived Rev. 4 documents are crosswalked with their d Rev. 5 version to make it easy for stakeholders to locate the documents they need. New Rev. 5 documents are also listed, as well as retiring documents. This mapping illustrates the consolidation of some previous FedRAMP Rev. 4 documents into fewer Rev. 5 documents to reduce the burden on stakeholders.

Transition Documents

Documents

Rev. 4 Document Rev. 5 Document
3PAO Readiness Assessment Report Guide 3PAO Readiness Assessment Report Guide
FedRAMP Moderate Readiness Assessment Report (RAR) Template FedRAMP Moderate Readiness Assessment Report (RAR) Template
FedRAMP High Readiness Assessment Report (RAR) Template FedRAMP High Readiness Assessment Report (RAR) Template
FedRAMP System Security Plan (SSP) Low Baseline Template FedRAMP High, Moderate, Low, LI-SaaS Baseline System Security Plan (SSP)
FedRAMP System Security Plan (SSP) Moderate Baseline Template
FedRAMP System Security Plan (SSP) High Baseline Template
Appendix A - FedRAMP Tailored Security Controls Baseline SSP Appendix A: LI-SaaS FedRAMP Security Controls
Appendix B - FedRAMP Tailored Li-SaaS Template
Appendix C - FedRAMP Tailored Li-SaaS Ato Letter Template
Appendix D - FedRAMP Tailored Li-SaaS Continuous Monitoring Guide
Appendix E - FedRAMP Tailored Li- SaaS Self-Attestation Requirements
FedRAMP Tailored Li-SaaS Requirements
N/A- No Rev. 4 version SSP Appendix A: Low FedRAMP Security Controls
N/A- No Rev. 4 version SSP Appendix A: Moderate FedRAMP Security Controls
N/A- No Rev. 4 version SSP Appendix A: High FedRAMP Security Controls
SSP Attachment 5 - FedRAMP Rules of Behavior (RoB) Template SSP Appendix F: Rules of Behavior (RoB) Template
SSP Attachment 6 - FedRAMP Information System Contingency Plan (ISCP) Template SSP Appendix G: Information System Contingency Plan (ISCP) Template
SSP Attachment 9 - FedRAMP Low or Moderate Control Implementation Summary (CIS) Workbook Template SSP Appendix J: CIS and CRM Workbook
SSP Attachment 9 - FedRAMP High Control Implementation Summary (CIS) Workbook Template
SSP Attachment 13 - FedRAMP Integrated Inventory Workbook Template SSP Appendix M: Integrated Inventory Workbook Template
N/A- No Rev. 4 version SSP Appendix Q: Cryptographic Modules Table
FedRAMP Security Assessment Report (SAR) Template FedRAMP Security Assessment Report (SAR) Template
FedRAMP Annual Security Assessment Report (SAR) Template
SAR Appendix A - FedRAMP Risk Exposure Table Template SAR Appendix A: FedRAMP Risk Exposure Table (RET) Template
FedRAMP Security Assessment Plan (SAP) Template FedRAMP Security Assessment Plan (SAP) Template
FedRAMP Annual Security Assessment Plan (SAP) Template
SAP Appendix A - FedRAMP Low Security Test Case Procedures Template FedRAMP SAR Appendix B: Low Security Requirements Traceability Matrix Template

Please note this template was moved from the SAP to the SAR and renamed from SAP Appendix A to SAR Appendix B.

SAP Appendix A - FedRAMP Moderate Security Test Case Procedures Template FedRAMP SAR Appendix B: Moderate Security Requirements Traceability Matrix Template

Please note this template was moved from the SAP to the SAR and renamed from SAP Appendix A to SAR Appendix B.

SAP Appendix A - FedRAMP High Security Test Case Procedures Template FedRAMP SAR Appendix B: High Security Requirements Traceability Matrix Template

Please note this template was moved from the SAP to the SAR and renamed from SAP Appendix A to SAR Appendix B.

FedRAMP Security Controls Baseline FedRAMP Security Controls Baseline
N/A- No Rev. 4 version FedRAMP Rev. 4 to Rev. 5 Assessment Controls Selection Template
FedRAMP Initial Authorization Package Checklist FedRAMP Initial Authorization Package Checklist
SSP Attachment 12 - FedRAMP Laws and Regulations Template FedRAMP Laws, Regulations, Standards and Guidance Reference
FedRAMP Plan of Action and Milestones (POA&M) Template FedRAMP Plan of Action and Milestones (POA&M) Template
FedRAMP Guide for Multi-Agency Continuous Monitoring Collaborative ConMon Quick Guide
Continuous Monitoring Performance Management Guide Continuous Monitoring Performance Management Guide
FedRAMP General Document Acceptance Criteria FedRAMP General Document Acceptance Criteria
Agency Authorization Playbook Agency Authorization Playbook
CSP Authorization Playbook Getting Started with FedRAMP CSP Authorization Playbook
CSP Annual Assessment Guidance CSP Annual Assessment Guidance
CSP Annual Assessment Controls Selection Worksheet CSP Annual Assessment Controls Selection Worksheet
N/A- No Rev. 4 version FedRAMP Continuous Monitoring Deliverables Template
CSP Vulnerability Scanning Requirements Vulnerability Scanning Requirements
FedRAMP Vulnerability Deviation Request Form FedRAMP Vulnerability Deviation Request Form
SSP Attachment 4 - FedRAMP Privacy Impact Assessment (PIA) Template Retired
FedRAMP Master Acronym & Glossary Retired
FedRAMP Low Authorization Toolkit Retired
FedRAMP Tailored Authorization Toolkit Retired
FedRAMP Moderate Authorization Toolkit Retired
FedRAMP High Authorization Toolkit Retired