Skip to main content

Blog

Rev. 5 - Additional Documents Released

February 16 | 2024

Rev. 5 - Additional Documents Released

To modernize baselines, the National Institute of Standards and Technology (NIST) released the Special Publication (SP) 800-53 Revision (Rev.) 5 template and documentation updates last summer, previously covered on our site. As a continuation of Rev. 5, FedRAMP has released the following new and updated documentation:

  • Cloud Service Provider (CSP) Annual Assessment Guidance (Updated) – Clarified periodicity requirements for non-core controls, updated references and criteria from NIST SP 800-53 Rev. 4 to Rev. 5, updated links to the latest versions of FedRAMP templates, updated the rationale for NIST SP 800-53 Rev. 5 core controls selection, and added references to the OSCAL versions of FedRAMP templates.
  • CSP Annual Assessment Controls Selection Worksheet (Updated 3/4/2024) – Added columns to the “Control Selection” tab to identify control selections from prior assessments and included tabs with NIST 800-53 Rev. 5 core (annually required) control lists.
  • CSP Authorization Playbook (Updated) – Aligned with recent changes made to other FedRAMP documents/templates related to NIST SP 800-53 Rev. 5.
  • Agency Authorization Playbook (Updated)– Aligned guidance with recent changes made to other FedRAMP documents/templates related to NIST SP 800-53 Rev. 5.
  • FedRAMP Continuous Monitoring Deliverables Template (New, Updated 3/4/2024) – This template is used to identify the schedule and documentation location for monthly and annual continuous monitoring deliverables.
  • FedRAMP Vulnerability Deviation Request Form (Updated) – Clarified language on vendor dependencies regarding how a vendor dependency can not remain a High vulnerability and how vendor dependencies can be operational requirements in very specific circumstances with federal agency authorizing official (AO) approval.
  • Vulnerability Scanning Requirements (Updated) – Consolidated all required scanning requirements into one document, added and refined language for container scanning/reporting, and added language clarifying how to report supplemental scanning remediation.
  • FedRAMP Rev. 4 to Rev. 5 Assessment Controls Selection Template (Updated) – Revised to add CA-8 (2) as a new control to the “High” and “Moderate” tabs.

The documents and templates released today can be found on the Rev. 5 Transition page along with other Rev. 5 support resources. They can also be found on the FedRAMP website under the Documents & Templates page.

Should you have any additional questions or concerns, please email us at info@fedramp.gov.

Back to Blogs

GSA logo

FedRAMP.gov

official website of the GSA’s Technology Transformation Services

Looking for U.S. government information and services?
Visit USA.gov