FedRAMP released and approved the Rev 5 baselines.
05/31/23 08:17
The FedRAMP Joint Authorization Board has approved the FedRAMP Rev. 5 baselines. The FedRAMP baselines were updated to correspond with the National Institute of Standards and Technology’s (NIST) Special Publication (SP) 800-53 Rev. 5 Catalog of Security and Privacy Controls for Information Systems and Organizations and SP 800-53B Control Baselines for Information Systems and Organizations.
Outlined below are the released documents with a supporting high level summary:
Outlined below are the released documents with a supporting high level summary:
- Cloud Service Provider (CSP) Transition Plan
- Provides guidance to assist Cloud Service Providers (CSP), Third Party Assessment Organizations (3PAOs), Federal Agencies in transitioning to NIST SP 800-53 Rev. 5, and to the new FedRAMP requirements
- Categorizes CSPs based on their stage in the FedRAMP authorization process and defines date-based transition periods for each category
- Assists CSPs with identifying the scope of Rev. 5 Baselines
- Aligns security controls more closely with NIST
- Adds significant guidance for many controls
- Privacy controls, and any other control outside of the FedRAMP baselines, remain at the agency’s discretion
- Program Management (PM) controls remain an agency responsibility and are therefore not included in the baselines