FedRAMP JSON Schemas

This page lists the JSON Schemas for FedRAMP submission artifacts. These schemas define the structure of machine-readable documents that providers and assessors submit during the FedRAMP certification process.

Accepted Vulnerability Info

Accepted vulnerability information required when reporting vulnerability detection and response activity per VER-RPT-AVI.

fedramp-accepted-vulnerability-info-schema-2026-06-24.json

Related Rules

VER-RPT-AVI
Advisor Information

Public information an Advisory Service must supply in machine-readable format on their website per MKT-CAS-WEB.

fedramp-advisor-information-schema-v2026.06.06.01.json

Related Rules

MKT-CAS-WEB
Assessor Information

Public information an Independent Assessment Service must supply in machine-readable format on their website per MKT-IAS-WEB.

fedramp-assessor-information-schema-v2026.06.06.01.json

Related Rules

MKT-IAS-WEB
Certification Overview Package

Identification, service properties, contacts, and supporting documentation for a Cloud Service Offering per FRC-CSO-PKG.

fedramp-certification-overview-package-schema-2026-06-24.json

Related Rules

CDS-CSO-PUB CDS-CSO-SVC CDS-CSO-UTC FRC-CSO-PKG MAS-CSO-TPR SCG-CSO-RSC
Common Definitions

Shared type definitions referenced by other FedRAMP schemas.

fedramp-common-definitions-schema-2026-06-24.json
Historical VER Activity

Machine-readable historical Vulnerability Evaluation and Reporting activity for automated retrieval per VER-TFR-MRH.

fedramp-historical-ver-activity-schema-2026-06-24.json

Related Rules

VER-TFR-MRH
Incident Report

Unified schema for the three incident report types in the IEC-CSO lifecycle: Initial (IEC-CSO-IIR), Ongoing (IEC-CSO-OIR), and Final (IEC-CSO-FIR).

fedramp-incident-report-schema-2026-06-24.json

Related Rules

IEC-CSO-IIR IEC-CSO-OIR IEC-CSO-FIR IEC-CSO-EFI
Ongoing Certification Report

Quarterly Ongoing Certification Report (OCR) per CCM-OCR-AVL, covering the entire period since the previous report.

fedramp-ongoing-certification-report-schema-2026-06-24.json

Related Rules

CCM-OCR-AVL
Security Decision Record

JSON Schema for Cloud Service Provider (CSP) system submission for FedRAMP certification per SDR-CSO-FRR.

fedramp-security-decision-record-schema-2026-06-24.json

Related Rules

SDR-CSO-FRR
Significant Change Notification

Required information for a Significant Change Notification per SCN-CSO-INF. Note per the rule: structure of the information may vary depending on how the provider tracks this internally.

fedramp-significant-change-notification-schema-2026-06-24.json

Related Rules

SCN-CSO-EVA SCN-CSO-INF
Vulnerability Detail Report

Vulnerability detection and response activity report per VER-RPT-VDT. Covers non-accepted vulnerabilities only; see VER-RPT-AVI for accepted vulnerabilities.

fedramp-vulnerability-detail-report-schema-2026-06-24.json

Related Rules

VER-RPT-PER VER-RPT-VDT

FedRAMP JSON Schemas

Accepted Vulnerability Info

Advisor Information

Assessor Information

Certification Overview Package

Common Definitions

Historical VER Activity

Incident Report

Ongoing Certification Report

Security Decision Record

Significant Change Notification

Vulnerability Detail Report

Interact with FedRAMP

Keep Up To Date