Skip to content
FedRAMP Consolidated Rules for 2026 Public Preview
Eep
Search
FedRAMP/2026
Overview
FedRAMP
Agencies
Cloud Service Providers
Independent Assessors
Advisors
Ruleset Reference
--> return to FedRAMP.gov
FedRAMP Consolidated Rules for 2026 Public Preview
FedRAMP/2026
Overview
Overview
Understanding FedRAMP
Understanding FedRAMP
FedRAMP Certification
Shared Responsibility Model
FedRAMP Definitions
Using the Consolidated Rules
Important Dates
About This Preview
About This Preview
Source Data
Changelog
TO DO
FedRAMP
FedRAMP
FedRAMP Marketplace
Scope of FedRAMP
FedRAMP's Responsibilities
FedRAMP's Authority
FedRAMP's Authority
FedRAMP Authorization Act
FedRAMP Authorization Act
Definitions
GSA
FedRAMP Board
Independent Assessment
Agencies
OMB
Reports to Congress
FSCAC
M-24-15
M-24-15
Background
Vision
Scope of FedRAMP
The FedRAMP Authorization Process
Automation and Efficiency
Continuous Monitoring
Roles and Responsibilities
Industry Engagement
Implementation
Rescissions
Policy and Program Implementation Assistance
Historical
Historical
Rescinded 2011 Memo
Agencies
Agencies
Getting Support as a Federal Agency
Getting Support as a Federal Agency
Liaisons Program
Support Groups
Reporting Concerns
CISA Directives
Using a FedRAMP Certified Cloud Service
Using a FedRAMP Certified Cloud Service
FedRAMP Marketplace
Certification Classes
Certification Packages
Certification Packages
20x Certification Packages
Rev5 Certification Packages
Initial Authorization
Initial Authorization
Managing Your SSP
Ongoing Authorization
Ongoing Authorization
Managing POA&Ms
Sponsoring a Cloud Service for FedRAMP Certification
Sponsoring a Cloud Service for FedRAMP Certification
Initial Certification
Ongoing Certification
Agency-Specific FedRAMP Rules
Agency-Specific FedRAMP Rules
Agency Use
Collaborative Continuous Monitoring
Vulnerability Evaluation and Reporting
Cloud Service Providers
Cloud Service Providers
Getting Support
Getting Started
Getting Started
Finding an Advisor
Choose a Path
Choose a Class
Choose a Type
Initial Implementation
Initial Implementation
Getting Listed
Getting Listed
Marketplace Listing Rules
Do the Work
Finding an Assessor
Getting Certified
Updating to 2026 Rules
Updating to 2026 Rules
What's Changing
Important Deadlines
Important Deadlines
Rev5 Deadlines
20x Deadlines
FedRAMP 20x Certification Rules
FedRAMP 20x Certification Rules
Marketplace Listing
FedRAMP Certification
Boundary Rulesets
Boundary Rulesets
Minimum Assessment Scope
Certification Data Sharing
Cryptographic Module Use
Vulnerability Detection and Response
Assurance Rulesets
Assurance Rulesets
Collaborative Continuous Monitoring
Addressing FedRAMP Communication
Incident Evaluation and Communication
Significant Change Notification
Independent Verification and Validation
Vulnerability Evaluation and Reporting
Package Rulesets
Package Rulesets
Certification Package Overview
Security Decision Record
Secure Configuration Guide
Key Security Indicators
Key Security Indicators
Change Management
Cloud Native Architecture
Cybersecurity Education
Identity and Access Management
Incident Response
Monitoring, Logging, and Auditing
Policy and Inventory
Recovery Planning
Service Configuration
Supply Chain Risk
FedRAMP Rev5 Certification Rules
FedRAMP Rev5 Certification Rules
Marketplace Listing
FedRAMP Certification
Boundary Rulesets
Boundary Rulesets
Minimum Assessment Scope
Certification Data Sharing
Cryptographic Module Use
Vulnerability Detection and Response
Assurance Rulesets
Assurance Rulesets
Collaborative Continuous Monitoring
Addressing FedRAMP Communication
Incident Evaluation and Communication
Significant Change Notification
Independent Verification and Validation
Vulnerability Evaluation and Reporting
Package Rulesets
Package Rulesets
Certification Package Overview
Security Decision Record
Secure Configuration Guide
Rev5 Controls
Rev5 Controls
Independent Assessors
Independent Assessors
Getting Started as an Independent Assessor
Getting Started as an Independent Assessor
Getting Support
FedRAMP Recognition
Marketplace Listing
Updating to 2026 Rules
Updating to 2026 Rules
What's Changing
Performing FedRAMP Assessments
Performing FedRAMP Assessments
20x Assessments
Rev5 Assessments
Independent Verification and Validation
Advisors
Advisors
Getting Started as an Advisory Service
Getting Started as an Advisory Service
Getting Support
Applicable Rules
Applicable Rules
Marketplace Listing
Ruleset Reference
Ruleset Reference
20x
20x
20x Class A
20x Class A
Marketplace Listing
FedRAMP Certification
Package Rulesets
Package Rulesets
Certification Package Overview
Related Rules
Key Security Indicators
20x Class B
20x Class B
Marketplace Listing
FedRAMP Certification
Boundary Rulesets
Boundary Rulesets
Minimum Assessment Scope
Certification Data Sharing
Cryptographic Module Use
Vulnerability Detection and Response
Assurance Rulesets
Assurance Rulesets
Collaborative Continuous Monitoring
Addressing FedRAMP Communication
Incident Evaluation and Communication
Significant Change Notification
Independent Verification and Validation
Vulnerability Evaluation and Reporting
Package Rulesets
Package Rulesets
Certification Package Overview
Security Decision Record
Secure Configuration Guide
Key Security Indicators
20x Class C
20x Class C
Marketplace Listing
FedRAMP Certification
Boundary Rulesets
Boundary Rulesets
Minimum Assessment Scope
Certification Data Sharing
Cryptographic Module Use
Vulnerability Detection and Response
Assurance Rulesets
Assurance Rulesets
Collaborative Continuous Monitoring
Addressing FedRAMP Communication
Incident Evaluation and Communication
Significant Change Notification
Independent Verification and Validation
Vulnerability Evaluation and Reporting
Package Rulesets
Package Rulesets
Certification Package Overview
Security Decision Record
Secure Configuration Guide
Key Security Indicators
Rev5
Rev5
Rev5 Class B
Rev5 Class B
Marketplace Listing
FedRAMP Certification
Boundary Rulesets
Boundary Rulesets
Minimum Assessment Scope
Certification Data Sharing
Cryptographic Module Use
Vulnerability Detection and Response
Assurance Rulesets
Assurance Rulesets
Collaborative Continuous Monitoring
Addressing FedRAMP Communication
Incident Evaluation and Communication
Significant Change Notification
Independent Verification and Validation
Vulnerability Evaluation and Reporting
Package Rulesets
Package Rulesets
Certification Package Overview
Security Decision Record
Secure Configuration Guide
Rev5 Class C
Rev5 Class C
Marketplace Listing
FedRAMP Certification
Boundary Rulesets
Boundary Rulesets
Minimum Assessment Scope
Certification Data Sharing
Cryptographic Module Use
Vulnerability Detection and Response
Assurance Rulesets
Assurance Rulesets
Collaborative Continuous Monitoring
Addressing FedRAMP Communication
Incident Evaluation and Communication
Significant Change Notification
Independent Verification and Validation
Vulnerability Evaluation and Reporting
Package Rulesets
Package Rulesets
Certification Package Overview
Security Decision Record
Secure Configuration Guide
Rev5 Class D
Rev5 Class D
Marketplace Listing
FedRAMP Certification
Boundary Rulesets
Boundary Rulesets
Minimum Assessment Scope
Certification Data Sharing
Cryptographic Module Use
Vulnerability Detection and Response
Assurance Rulesets
Assurance Rulesets
Collaborative Continuous Monitoring
Addressing FedRAMP Communication
Incident Evaluation and Communication
Significant Change Notification
Independent Verification and Validation
Vulnerability Evaluation and Reporting
Package Rulesets
Package Rulesets
Certification Package Overview
Security Decision Record
Secure Configuration Guide
Complete Rulesets
Complete Rulesets
Marketplace Listing
FedRAMP Certification
Boundary Rulesets
Boundary Rulesets
Minimum Assessment Scope
Certification Data Sharing
Cryptographic Module Use
Vulnerability Detection and Response
Assurance Rulesets
Assurance Rulesets
Collaborative Continuous Monitoring
Addressing FedRAMP Communication
Incident Evaluation and Communication
Significant Change Notification
Independent Verification and Validation
Vulnerability Evaluation and Reporting
Package Rulesets
Package Rulesets
Certification Package Overview
Security Decision Record
Secure Configuration Guide
Key Security Indicators
Gov Rulesets
Gov Rulesets
Agency Use of FedRAMP Certified Cloud Services
Assessor Rulesets
Assessor Rulesets
FedRAMP Recognition of Independent Assessment Services
--> return to FedRAMP.gov
Independent Assessors
Performing FedRAMP Assessments
Eep
¶
We moved some things around here and this is a new section that needs content quickly!
Comments
Back to top