Complete Ruleset Reference¶
This section of the Consolidated Rules for 2026 contains each complete FedRAMP Ruleset with all related content in a single rule as an overall reference. The individual stakeholder sections of this site contain only the specific rules that apply in different circumstances for different stakeholders, while the reference rulesets are entirely unabridged.
| Acronym | Ruleset | Status | Counts | Most Recently Updated |
|---|---|---|---|---|
| AFC | Addressing FedRAMP Communication | Stable | Subsets: 2 Rules: 16 |
2026-06-24 |
| AGU | Agency Use of FedRAMP Certified Cloud Services | Placeholder | Subsets: 3 Rules: 20 |
2026-06-24 |
| CCM | Collaborative Continuous Monitoring | Stable | Subsets: 3 Rules: 21 |
2026-06-24 |
| CDS | Certification Data Sharing | Stable | Subsets: 4 Rules: 21 |
2026-06-24 |
| CMU | Cryptographic Module Use | Stable | Subsets: 1 Rules: 3 |
2026-06-24 |
| CPO | Certification Package Overview | Stable | Subsets: 3 Rules: 4 |
2026-06-24 |
| FRC | FedRAMP Certification | Stable | Subsets: 7 Rules: 29 |
2026-06-24 |
| IEC | Incident Evaluation and Communication | Stable | Subsets: 2 Rules: 8 |
2026-06-24 |
| IVV | Independent Verification and Validation | Stable | Subsets: 4 Rules: 20 |
2026-06-24 |
| MAS | Minimum Assessment Scope | Stable | Subsets: 1 Rules: 5 |
2026-06-24 |
| MKT | Marketplace Listing | Stable | Subsets: 5 Rules: 12 |
2026-06-24 |
| REC | FedRAMP Recognition of Independent Assessment Services | Stable | Subsets: 2 Rules: 16 |
2026-06-24 |
| SCG | Secure Configuration Guide | Stable | Subsets: 2 Rules: 9 |
2026-06-24 |
| SCN | Significant Change Notification | Stable | Subsets: 5 Rules: 17 |
2026-06-24 |
| SDR | Security Decision Record | Stable | Subsets: 3 Rules: 5 |
2026-06-24 |
| VDR | Vulnerability Detection and Response | Stable | Subsets: 2 Rules: 18 |
2026-06-24 |
| VER | Vulnerability Evaluation and Reporting | Stable | Subsets: 5 Rules: 25 |
2026-06-24 |