20x Phase Two¶
This page is the authoritative repository for FedRAMP 20x Phase Two pilot requirements.
Machine-Readable Docs
Machine-readable requirements are available in the FedRAMP 20x Machine Readable Docs repository on GitHub. Participants are strongly encouraged to leverage the underlying machine-readable documentation to simplify addressing all requirements and recommendations. All of the materials on this page are generated automatically from these machine-readable materials.
Total Requirements and Recommendations¶
The tables below have summary information about the number of Key Security Indicators, requirements, and recommendations included in 20x Phase Two materials.
Key Security Indicators¶
Key Security Indicators only apply to cloud service providers.
| Low Impact | Moderate Impact |
|---|---|
| 60 | 65 |
Authorization by FedRAMP Requirements and Recommendations¶
All requirements and recommendations must be addressed prior to submission for authorization.
Providers¶
| Keyword | Low | Moderate |
|---|---|---|
| MUST | 89 | 90 |
| SHOULD | 38 | 39 |
| MUST NOT | 3 | 3 |
| SHOULD NOT | 4 | 4 |
| MAY | 14 | 14 |
| Total | 148 | 150 |
Assessors¶
| Keyword | Low | Moderate |
|---|---|---|
| MUST | 10 | 10 |
| SHOULD | 3 | 3 |
| MUST NOT | 2 | 2 |
| MAY | 2 | 2 |
| Total | 17 | 17 |