FedRAMP Updates Changelog

February

• 2026-02-11 Added RFC discussion video links to RFCs 0019, 0020, 0021, 0022, 0023, and 0024. (See RFCs)

January

• 2026-01-13 Published a new blog post, posted 6 new RFCs, published a FedRAMP Events Page and released the list of 20x all selected Phase 2 pilot participants. (See Blog: Realizing the FedRAMP Authorization Act, RFC-0019 Reporting Assessment Costs, RFC-0020 FedRAMP Authorization Designations, RFC-0021 Expanding the FedRAMP Marketplace, RFC-0022 Leveraging External Frameworks, RFC-0023 Rev5 Program Certifications (No Sponsor Required), RFC-0024 FedRAMP Rev5 Machine-Readable Packages, 20x Phase 2 Pilot Participants Announced, and FedRAMP Events Page)

December

• 2025-12-17 Updated the community page, including 2026 community working group meeting information. (See FedRAMP Community)
• 2025-12-17 Moved Rev5 content to /docs; reorganized /docs to clearly separate 20x and Rev5 content. (See Authority & Responsibility, Scope of FedRAMP Guidelines and Examples, M-24-15, Continuous Monitoring Playbook, CSP Authorization Playbook, and Agency Authorization Playbook)
• 2025-12-10 Published a new blog post. (See Announcing the initial 20x Phase 2 pilot participants and FedRAMP's next steps)
• 2025-12-08 Updates to certain rev5 templates. (See Rev 5 Documents and Templates)

November

• 2025-11-18 Published a new blog post. (See Key FedRAMP Updates After the Shutdown)
• 2025-11-18 Significant updates to 20x content, including more detailed phase two information and the addition of an official documentation page. (See FedRAMP 20x, 20x Phase Two, and FedRAMP docs)
• 2025-11-18 Refreshed the FedRAMP Rev5 documents, including deprecating out of date documents and creating an all new Continuous Monitoring Playbook. (See Rev5 Continuous Monitoring Playbook, and Updated Documents & Templates)
• 2025-11-12 The government shutdown has ended. All open RFCs will close on 11/17/2025. (See FedRAMP RFCs)

October

• 2025-10-29 Open RFCs have been extended to 2025-11-05 due to the ongoing government shutdown. (See FedRAMP RFCs)
• 2025-10-21 Open RFCs have been extended to 2025-10-29 due to the ongoing government shutdown. (See FedRAMP RFCs)
• 2025-10-20 Updated the FedRAMP Community page to reflect all Community Working Groups being paused during the government shutdown. (See FedRAMP Community)
• 2025-10-15 Published a new blog post (See Responding to CISA Emergency Directive 26-01)
• 2025-10-15 Open RFCs have been extended to 2025-10-21 due to the ongoing government shutdown. (See FedRAMP RFCs)
• 2025-10-01 Added government shutdown information. (See FedRAMP During Government Shutdown)

September

• 2025-09-30 Published a new blog post (See FedRAMP Built a Modern Foundation in FY25 to Deliver Massive Improvements in FY26)
• 2025-09-29 Published a new blog post (See Responding to CISA Emergency Directive 25-03)
• 2025-09-29 Added new Request for Comment (See RFC-0018 FedRAMP Security Inbox Requirements)
• 2025-09-24 FedRAMP 20x Phase Two pilot announcement! (See 20x Phase Two)
• 2025-09-15 Added new Requests for Comment (See RFC-0016 Collaborative Continuous Monitoring Standard, and RFC-0017 Persistent Validation and Assessment Standard)
• 2025-09-10 Added new Requests for Comment (See RFC-0015 Recommended Secure Configuration Standard, and RFC-0014 Phase Two Key Security Indicators)
• 2025-09-10 Added a Rev5 documents & templates search feature. (See Rev 5 Documents and Templates)
• 2025-09-02 Added ChatGPT by OpenAI to the List of Prioritized AI Services (See AI Prioritization)

August

• 2025-08-28 Published a new blog post (See FedRAMP 20x: Five Months In and Full of Surprises)
• 2025-08-28 Updated guidance on the Scope of FedRAMP as required by M-24-15 (following RFC-0010). (See Scope of FedRAMP)
• 2025-08-26 Added a placeholder page for the 20x Phase Two pilot, coming in October 2025. (See 20x Phase Two)
• 2025-08-24 The FedRAMP 20x Authorization Data Standard (ADS), originally RFC-0011 Standard for Storing and Sharing Authorization Data, has been formalized and posted. Minor changes were also made to the FedRAMP Machine Readable Docs. (See Authorization Data Standard and other 20x Standards)
• 2025-08-22 RFC-0012 has been closed to public comment. All submitted comments can be reviewed on the FedRAMP Community discussion thread. (See RFC-0012 FedRAMP Continuous Vulnerability Management Standard Public Comments)
• 2025-08-18 Added a new page with AI prioritization criteria. (See FedRAMP AI Prioritization)
• 2025-08-11 Added new Request for Comment (See RFC-0013 SC-7 Boundary Protection Balance Improvement Release)
• 2025-08-08 Rescinded subnet whitepaper.
• 2025-08-07 Overhauled the FedRAMP website, including a new look and feel, simplified navigation, and archived out-of-date content. (See Changelog, Rev5 Resources, 20x pages, and About Marketplace)
• 2025-08-04 Removed CUI markings from Rev5 templates

July

• 2025-07-30 Published a new blog post (See FedRAMP 20x: Four Months In and Authorizing)
• 2025-07-22 Updated 20x Phase One pilot page to include a submission deadline of August 19, 2025 (See 20x Phase One pilot page)
• 2025-07-15 Added new Request for Comment (See RFC-0012 FedRAMP Continuous Vulnerability Management Standard)

June

• 2025-06-26 Published a new blog post (See FedRAMP 20x: Three Months In and Maximizing Innovation)
• 2025-06-23 RFC-0011 has been closed to public comment. Public comments can be reviewed on the FedRAMP Community RFC threads. (See External: RFC-0011 Public Comments)
• 2025-06-18 Minor content changes (See FedRAMP Rev 5 Agency Authorization, and FedRAMP 20x Key Security Indicators (KSI))
• 2025-06-17 Published updated guidance and external FedRAMP project information. (See FedRAMP 20x Significant Change Notification (SCN) Requirements, FedRAMP 20x Minimum Assessment Scope Standard (MAS), FedRAMP 20x Key Security Indicators (KSI), FedRAMP 20x Low Consolidated Guidance, External: FedRAMP 20x Machine Readable (FRMR) Docs, and External: FedRAMP Public Roadmap)
• 2025-06-15 RFC-0009 and RFC-0010 have been closed to public comment. Public comments can be reviewed on the FedRAMP Community RFC threads. (See External: RFC-0009 Public Comments, and External: RFC-0010 Public Comments)
• 2025-06-10 RFC-0008 has been closed to public comment. Public comments can be reviewed on the FedRAMP Community RFC threads. (See External: RFC-0008 Public Comments)

May

• 2025-05-30 Published 20x Phase One pilot authorization process (See FedRAMP 20x phase one)
• 2025-05-29 Published 20x guidance and standards, as well as a new blog post. (See FedRAMP 20x Minimum Assessment Scope (MAS), FedRAMP 20x Key Security Indicators (KSI), FedRAMP 20x Documentation Identifiers, FedRAMP 20x Standards, consolidated 20x Guidance and 20x Guidance Explorer, and FedRAMP 20x: Two Months In and Taking Off)
• 2025-05-26 RFCs 0005, 0006, and 0007 have all been closed to public comment, and an information page about the services that require FedRAMP Authorization has been added. (See FedRAMP Scope)
• 2025-05-23 Added new Request for Comment (See RFC-0011 FedRAMP Pilot Standard for Storing and Sharing Authorization Data)
• 2025-05-15 Added new Request for Comments (See RFC-0010 FedRAMP Scope Interpretation Technical Assistance, and RFC-0009 Significant Change Notification Technical Assistance)
• 2025-05-14 Updated the 20x Phase One Pilot pages for clarity (See Phase One Pilot page, and Pilot Participation Example page)
• 2025-05-09 Added new Request for Comment (See RFC-0008 Continuous Reporting Standard)
• 2025-05-06 Updated the 20x Phase One Pilot pages for clarity (See Phase One Pilot page, and Pilot Participation Example page)

April

• 2025-04-24 Added new Requests for Comment and other new content (See FedRAMP 20x: One Month in and Moving Fast, Phase One page, RFC-0005 Minimum Assessment Scope Standard, RFC-0006 20x Phase One Key Security Indicators, and RFC-0007 Significant Change Notification Standard)
• 2025-04-11 Updated about marketplace page to reflect marketplace policy changes (See About FedRAMP Marketplace)
• 2025-04-07 Added top level outcomes for all recently closed RFCs (See Requests for Comment)
• 2025-04-02 Closed all open RFCs (See Requests for Comment)

March

• 2025-03-21 GSA announces a new direction for FedRAMP, with significant website changes and press engagement (See Press Engagement, Community Working Groups, and Phase One Goals)

January

• 2025-01-28 The Emerging Technology Prioritization Framework page has been removed per Executive Order 'INITIAL RESCISSIONS OF HARMFUL EXECUTIVE ORDERS AND ACTIONS' (See Executive Order: INITIAL RESCISSIONS OF HARMFUL EXECUTIVE ORDERS AND ACTIONS)
• 2025-01-20 President Donald J. Trump takes office and appoints new leadership for the General Services Administration.
• 2025-01-12 Added an events page to list upcoming FedRAMP events (See FedRAMP Events)