FedRAMP Updates Changelog

October

• 2025-10-21 Open RFCs have been extended to 2025-10-29 due to the ongoing government shutdown. (See FedRAMP RFCs)
• 2025-10-20 Updated the FedRAMP Community page to reflect all Community Working Groups being paused during the government shutdown. (See FedRAMP Community)
• 2025-10-15 Published a new blog post (See Responding to CISA Emergency Directive 26-01)
• 2025-10-15 Open RFCs have been extended to 2025-10-21 due to the ongoing government shutdown. (See FedRAMP RFCs)
• 2025-10-01 Added government shutdown information. (See FedRAMP During Government Shutdown)

September

• 2025-09-30 Published a new blog post (See FedRAMP Built a Modern Foundation in FY25 to Deliver Massive Improvements in FY26)
• 2025-09-29 Published a new blog post (See Responding to CISA Emergency Directive 25-03)
• 2025-09-29 Added new Request for Comment (See RFC-0018 FedRAMP Security Inbox Requirements)
• 2025-09-24 FedRAMP 20x Phase Two pilot announcement! (See 20x Phase Two)
• 2025-09-15 Added new Requests for Comment (See RFC-0016 Collaborative Continuous Monitoring Standard, and RFC-0017 Persistent Validation and Assessment Standard)
• 2025-09-10 Added new Requests for Comment (See RFC-0015 Recommended Secure Configuration Standard, and RFC-0014 Phase Two Key Security Indicators)
• 2025-09-10 Added a Rev5 documents & templates search feature. (See Rev 5 Documents and Templates)
• 2025-09-02 Added ChatGPT by OpenAI to the List of Prioritized AI Services (See AI Prioritization)

August

• 2025-08-28 Published a new blog post (See FedRAMP 20x: Five Months In and Full of Surprises)
• 2025-08-28 Updated guidance on the Scope of FedRAMP as required by M-24-15 (following RFC-0010). (See Scope of FedRAMP)
• 2025-08-26 Added a placeholder page for the 20x Phase Two pilot, coming in October 2025. (See 20x Phase Two)
• 2025-08-24 The FedRAMP 20x Authorization Data Standard (ADS), originally RFC-0011 Standard for Storing and Sharing Authorization Data, has been formalized and posted. Minor changes were also made to the FedRAMP Machine Readable Docs. (See Authorization Data Standard and other 20x Standards)
• 2025-08-22 RFC-0012 has been closed to public comment. All submitted comments can be reviewed on the FedRAMP Community discussion thread. (See RFC-0012 FedRAMP Continuous Vulnerability Management Standard Public Comments)
• 2025-08-18 Added a new page with AI prioritization criteria. (See FedRAMP AI Prioritization)
• 2025-08-11 Added new Request for Comment (See RFC-0013 SC-7 Boundary Protection Balance Improvement Release)
• 2025-08-08 Rescinded subnet whitepaper.
• 2025-08-07 Overhauled the FedRAMP website, including a new look and feel, simplified navigation, and archived out-of-date content. (See Changelog, Rev5 Resources, 20x pages, and About Marketplace)
• 2025-08-04 Removed CUI markings from Rev5 templates

July

• 2025-07-30 Published a new blog post (See FedRAMP 20x: Four Months In and Authorizing)
• 2025-07-22 Updated 20x Phase One pilot page to include a submission deadline of August 19, 2025 (See 20x Phase One pilot page)
• 2025-07-15 Added new Request for Comment (See RFC-0012 FedRAMP Continuous Vulnerability Management Standard)

June

• 2025-06-26 Published a new blog post (See FedRAMP 20x: Three Months In and Maximizing Innovation)
• 2025-06-23 RFC-0011 has been closed to public comment. Public comments can be reviewed on the FedRAMP Community RFC threads. (See External: RFC-0011 Public Comments)
• 2025-06-18 Minor content changes (See FedRAMP Rev 5 Agency Authorization, and FedRAMP 20x Key Security Indicators (KSI))
• 2025-06-17 Published updated guidance and external FedRAMP project information. (See FedRAMP 20x Significant Change Notification (SCN) Requirements, FedRAMP 20x Minimum Assessment Scope Standard (MAS), FedRAMP 20x Key Security Indicators (KSI), FedRAMP 20x Low Consolidated Guidance, External: FedRAMP 20x Machine Readable (FRMR) Docs, and External: FedRAMP Public Roadmap)
• 2025-06-15 RFC-0009 and RFC-0010 have been closed to public comment. Public comments can be reviewed on the FedRAMP Community RFC threads. (See External: RFC-0009 Public Comments, and External: RFC-0010 Public Comments)
• 2025-06-10 RFC-0008 has been closed to public comment. Public comments can be reviewed on the FedRAMP Community RFC threads. (See External: RFC-0008 Public Comments)

May

• 2025-05-30 Published 20x Phase One pilot authorization process (See FedRAMP 20x phase one)
• 2025-05-29 Published 20x guidance and standards, as well as a new blog post. (See FedRAMP 20x Minimum Assessment Scope (MAS), FedRAMP 20x Key Security Indicators (KSI), FedRAMP 20x Documentation Identifiers, FedRAMP 20x Standards, consolidated 20x Guidance and 20x Guidance Explorer, and FedRAMP 20x: Two Months In and Taking Off)
• 2025-05-26 RFCs 0005, 0006, and 0007 have all been closed to public comment, and an information page about the services that require FedRAMP Authorization has been added. (See FedRAMP Scope)
• 2025-05-23 Added new Request for Comment (See RFC-0011 FedRAMP Pilot Standard for Storing and Sharing Authorization Data)
• 2025-05-15 Added new Request for Comments (See RFC-0010 FedRAMP Scope Interpretation Technical Assistance, and RFC-0009 Significant Change Notification Technical Assistance)
• 2025-05-14 Updated the 20x Phase One Pilot pages for clarity (See Phase One Pilot page, and Pilot Participation Example page)
• 2025-05-09 Added new Request for Comment (See RFC-0008 Continuous Reporting Standard)
• 2025-05-06 Updated the 20x Phase One Pilot pages for clarity (See Phase One Pilot page, and Pilot Participation Example page)

April

• 2025-04-24 Added new Requests for Comment and other new content (See FedRAMP 20x: One Month in and Moving Fast, Phase One page, RFC-0005 Minimum Assessment Scope Standard, RFC-0006 20x Phase One Key Security Indicators, and RFC-0007 Significant Change Notification Standard)
• 2025-04-11 Updated about marketplace page to reflect marketplace policy changes (See About FedRAMP Marketplace)
• 2025-04-07 Added top level outcomes for all recently closed RFCs (See Requests for Comment)
• 2025-04-02 Closed all open RFCs (See Requests for Comment)

March

• 2025-03-21 GSA announces a new direction for FedRAMP, with significant website changes and press engagement (See Press Engagement, Community Working Groups, and Phase One Goals)

January

• 2025-01-28 The Emerging Technology Prioritization Framework page has been removed per Executive Order 'INITIAL RESCISSIONS OF HARMFUL EXECUTIVE ORDERS AND ACTIONS' (See Executive Order: INITIAL RESCISSIONS OF HARMFUL EXECUTIVE ORDERS AND ACTIONS)
• 2025-01-20 President Donald J. Trump takes office and appoints new leadership for the General Services Administration.