Skip to main content

Understanding FedRAMP's New Documentation Identifiers

Understanding FedRAMP’s 20x Documentation Identifiers

To enhance clarity, consistency, and prepare our documentation for future machine-readable applications, FedRAMP is exploring a standardized system for identifying specific rules, definitions, and guidance. This new approach will apply across all FedRAMP materials, including standards (like the Minimum Assessment Scope (MAS) and Key Security Indicators (KSI)), technical assistance, and best practices.

You will begin to see these unique identifiers, or “designators,” in our newly published and updated content. This page explains the structure and purpose of these designators.

Why New Identifiers?

Implementing this system is a foundational step towards several key goals:

  • Improved Clarity: Unique identifiers make it easier to pinpoint specific pieces of information within our extensive documentation.
  • Enhanced Consistency: A standardized system ensures that all documentation follows the same referencing logic.
  • Future-Ready: This structured approach is crucial for our long-term goal of providing machine-readable versions of our standards, allowing for better integration and automation.

Key Principles of Our New Identifier System

Our new system for creating these unique identifiers follows several key principles:

  1. Unique Identification: Every rule and definition will receive a unique designator. This designator will typically be tied to a specific document or standard (e.g., MAS, KSI).
  2. Document-Specific Codes: Designators will often include codes that clearly indicate the source document or the type of standard (e.g., “MAS” for Minimum Assessment Scope, “KSI” for Key Security Indicators, “FRD” for FedRAMP Definitions, “FRR” for FedRAMP Rules).
  3. Hierarchical Structure: For items with sub-conditions or parts, the main designator will be followed by a letter or further numbering (e.g., FRR-MAS-01a, FRR-MAS-01b).
  4. Clear Categorization: Different types of rules or definitions will use distinct designators to separate them clearly.
  5. Special Suffixes for Rules:
    • Guidance on the application of a rule will typically use an “-AY” suffix.
    • Exceptions to a rule will typically use an “-EX” suffix.
  6. Specific KSI Designators: Key Security Indicators (KSI) may have more detailed designators, potentially including a three-letter code to denote a specific category of KSI (e.g., KSI-ABC-01).

How These Designators Will Look: Examples

In practice, these designators provide a structured way to reference information. Here are a few examples to illustrate the format:

  • A definition related to the Minimum Assessment Scope (MAS) might look like: FRD-MAS-01
    • FRD indicates a FedRAMP Definition.
    • MAS specifies it’s from the Minimum Assessment Scope document.
    • 01 is the unique number for that definition within the MAS document.
  • A rule explaining the application of the Minimum Assessment Scope could be: FRR-MAS-AY-01
    • FRR indicates a FedRAMP Rule.
    • MAS specifies it’s from the Minimum Assessment Scope document.
    • AY indicates this is an ‘Application’ rule.
    • 01 is the unique number for that application rule.
  • A specific Key Security Indicator (KSI) requirement might have a designator like: KSI-XYZ-01
    • KSI indicates a Key Security Indicator.
    • XYZ could be a three-letter code for a specific KSI category.
    • 01 is the unique number for that indicator.
  • A rule related to applying a Key Security Indicator could look like: FRR-KSI-AY-01
    • FRR indicates a FedRAMP Rule.
    • KSI indicates it relates to Key Security Indicators.
    • AY signifies it’s an application rule.
    • 01 is the unique identifier for this specific rule.

Common Prefixes & Suffixes:

You will commonly see prefixes such as:

  • FRD-: FedRAMP Definitions (e.g., FRD-MAS for MAS definitions)
  • FRR-: FedRAMP Rules (e.g., FRR-MAS for MAS rules, FRR-SCN for Significant Change Notification rules)
  • KSI-: Specific Key Security Indicators

And common suffixes for rules include:

  • -AY: Denotes guidance on application.
  • -EX: Denotes an exception.

What This Means for You

As we roll out this system across our documentation, you’ll find it easier to:

  • Precisely reference specific FedRAMP requirements, definitions, and guidance.
  • Understand the context and source of each rule and definition more quickly.
  • Navigate our documentation more effectively.

This initiative is part of our ongoing commitment to making FedRAMP standards more accessible, understandable, and interoperable. While the immediate change involves providing these in addition to our human-readable 20x documents, the long-term vision is to leverage this system to provide machine-readable content across all FedRAMP guidance, benefiting the entire FedRAMP ecosystem.

We appreciate your attention to this update and believe it will improve your experience working with FedRAMP documentation.

GSA logo

FedRAMP.gov

official website of the GSA’s Technology Transformation Services

Looking for U.S. government information and services?
Visit USA.gov