U.S. flag

An official website of the United States government

Archive Icon The content on this page is archived. For more up-to-date information, go to fedramp.gov.
Warning Icon

Important Notice

FedRAMP is operating mission-essential functions only due to the government shutdown. Please visit fedramp.gov/shutdown for more information.
Rev. 5 Transition

Rev. 5 Transition

The FedRAMP Joint Authorization Board (JAB) updated the FedRAMP security controls baseline to align with National Institutes of Standards and Technology (NIST) Special Publication (SP) 800-53 (SP 800-53), Security and Privacy Controls for Federal Information Systems and Organizations, Revision 5 (Rev. 5). The FedRAMP Program Management Office (PMO) updated the FedRAMP documentation and templates to reflect the changes in NIST SP 800-53, Rev. 5, and developed guidance to assist Cloud Service Providers (CSPs) in transitioning to Rev. 5.

Rev. 5 documents can be found on the Documents and Templates page.

In the table below, the archived Rev. 4 documents are crosswalked with their d Rev. 5 version to make it easy for stakeholders to locate the documents they need. New Rev. 5 documents are also listed, as well as retiring documents. This mapping illustrates the consolidation of some previous FedRAMP Rev. 4 documents into fewer Rev. 5 documents to reduce the burden on stakeholders.

Transition Documents

Documents

Rev. 4 DocumentRev. 5 Document
3PAO Readiness Assessment Report Guide3PAO Readiness Assessment Report Guide
FedRAMP Moderate Readiness Assessment Report (RAR) TemplateFedRAMP Moderate Readiness Assessment Report (RAR) Template
FedRAMP High Readiness Assessment Report (RAR) TemplateFedRAMP High Readiness Assessment Report (RAR) Template
FedRAMP System Security Plan (SSP) Low Baseline TemplateFedRAMP High, Moderate, Low, LI-SaaS Baseline System Security Plan (SSP)
FedRAMP System Security Plan (SSP) Moderate Baseline Template
FedRAMP System Security Plan (SSP) High Baseline Template
Appendix A - FedRAMP Tailored Security Controls BaselineSSP Appendix A: LI-SaaS FedRAMP Security Controls
Appendix B - FedRAMP Tailored Li-SaaS Template
Appendix C - FedRAMP Tailored Li-SaaS Ato Letter Template
Appendix D - FedRAMP Tailored Li-SaaS Continuous Monitoring Guide
Appendix E - FedRAMP Tailored Li- SaaS Self-Attestation Requirements
FedRAMP Tailored Li-SaaS Requirements
N/A- No Rev. 4 versionSSP Appendix A: Low FedRAMP Security Controls
N/A- No Rev. 4 versionSSP Appendix A: Moderate FedRAMP Security Controls
N/A- No Rev. 4 versionSSP Appendix A: High FedRAMP Security Controls
SSP Attachment 5 - FedRAMP Rules of Behavior (RoB) TemplateSSP Appendix F: Rules of Behavior (RoB) Template
SSP Attachment 6 - FedRAMP Information System Contingency Plan (ISCP) TemplateSSP Appendix G: Information System Contingency Plan (ISCP) Template
SSP Attachment 9 - FedRAMP Low or Moderate Control Implementation Summary (CIS) Workbook TemplateSSP Appendix J: CSO CIS and CRM Workbook
SSP Attachment 9 - FedRAMP High Control Implementation Summary (CIS) Workbook Template
SSP Attachment 13 - FedRAMP Integrated Inventory Workbook TemplateSSP Appendix M: Integrated Inventory Workbook Template
N/A- No Rev. 4 versionSSP Appendix Q: Cryptographic Modules Table
FedRAMP Security Assessment Report (SAR) TemplateFedRAMP Security Assessment Report (SAR) Template
FedRAMP Annual Security Assessment Report (SAR) Template
SAR Appendix A - FedRAMP Risk Exposure Table TemplateSAR Appendix A: FedRAMP Risk Exposure Table (RET) Template
FedRAMP Security Assessment Plan (SAP) TemplateFedRAMP Security Assessment Plan (SAP) Template
FedRAMP Annual Security Assessment Plan (SAP) Template
SAP Appendix A - FedRAMP Low Security Test Case Procedures TemplateFedRAMP SAR Appendix B: Low Security Requirements Traceability Matrix Template

SAP Appendix A - FedRAMP Moderate Security Test Case Procedures TemplateFedRAMP SAR Appendix B: Moderate Security Requirements Traceability Matrix Template

Please note this template was moved from the SAP to the SAR and renamed from SAP Appendix A to SAR Appendix B.

SAP Appendix A - FedRAMP High Security Test Case Procedures TemplateFedRAMP SAR Appendix B: High Security Requirements Traceability Matrix Template

Please note this template was moved from the SAP to the SAR and renamed from SAP Appendix A to SAR Appendix B.

FedRAMP Security Controls BaselineFedRAMP Security Controls Baseline
N/A- No Rev. 4 versionFedRAMP Rev. 4 to Rev. 5 Assessment Controls Selection Template
FedRAMP Initial Authorization Package ChecklistFedRAMP Initial Authorization Package Checklist
SSP Attachment 12 - FedRAMP Laws and Regulations TemplateFedRAMP Laws, Regulations, Standards and Guidance Reference
FedRAMP Plan of Action and Milestones (POA&M) TemplateFedRAMP Plan of Action and Milestones (POA&M) Template
FedRAMP Guide for Multi-Agency Continuous MonitoringCollaborative ConMon Quick Guide
Continuous Monitoring Performance Management GuideContinuous Monitoring Performance Management Guide
FedRAMP General Document Acceptance CriteriaFedRAMP General Document Acceptance Criteria
Agency Authorization PlaybookAgency Authorization Playbook
CSP Authorization Playbook Getting Started with FedRAMPCSP Authorization Playbook
CSP Annual Assessment GuidanceCSP Annual Assessment Guidance
CSP Annual Assessment Controls Selection WorksheetCSP Annual Assessment Controls Selection Worksheet
N/A- No Rev. 4 versionFedRAMP Continuous Monitoring Deliverables Template
CSP Vulnerability Scanning RequirementsVulnerability Scanning Requirements
FedRAMP Vulnerability Deviation Request FormFedRAMP Vulnerability Deviation Request Form
SSP Attachment 4 - FedRAMP Privacy Impact Assessment (PIA) TemplateRetired
FedRAMP Master Acronym & GlossaryRetired
FedRAMP Low Authorization ToolkitRetired
FedRAMP Tailored Authorization ToolkitRetired
FedRAMP Moderate Authorization ToolkitRetired
FedRAMP High Authorization ToolkitRetired