Package Materials¶
There are 3 applicable rulesets with 16 total applicable rules.
| Ruleset | Summary |
|---|---|
| Certification Package Overview (CPO) | The Certification Package Overview rules outline the expectations for a simple overview of the cloud service offering that must be included within a FedRAMP Certification Package. This overview replaces the historically required base System Security Plan for FedRAMP Rev5 and is intended to provide a clear, concise, and consistent summary of the offering and the information included in the package to help customers understand the offering at a high level. Applicable Rules: 3 |
| Secure Configuration Guide (SCG) | The Secure Configuration Guide rules help agencies and other customers understand how to configure a cloud service offering securely. These rules require providers to clearly explain the security impact of common settings so customers can make informed configuration choices. Applicable Rules: 9 |
| Security Decision Record (SDR) | The Security Decision Record replaced a traditional System Security Plan with a persistently maintained, verified, and validated record of the security decisions made by the cloud service provider over the lifecycle of their cloud service offering. Applicable Rules: 4 |