{"$schema":"https://json-schema.org/draft/2020-12/schema","$id":"https://fedramp.gov/schemas/fedramp-significant-change-notifications-schema-2026-06-24.json","$schemaVersion":"0.1.0","type":"object","title":"FedRAMP Significant Change Notification (SCN-CSO-INF)","description":"Required information for a Significant Change Notification per SCN-CSO-INF. Note per the rule: structure of the information may vary depending on how the provider tracks this internally.","required":["certificationPackageOverviewUri","changeType","changeDescription"],"properties":{"certificationPackageOverviewUri":{"$ref":"https://fedramp.gov/schemas/fedramp-common-definitions-schema-2026-06-24.json/$defs/certificationPackageOverviewUri"},"assessorName":{"type":"string","title":"Assessor Name","description":"Name of the assessor involved in this change, if applicable."},"relatedVulnerability":{"type":"string","title":"Related Vulnerability","description":"Identifier or description of any related vulnerability driving this change, if applicable."},"changeType":{"type":"string","title":"Type","description":"Significant change type per SCN-CSO-EVA. Routine recurring changes (SCN-RTR) do not require a Significant Change Notification.","enum":["Adaptive","Transformative"]},"changeTypeExplanation":{"type":"string","title":"Categorization Explanation","description":"Explanation of why this change was categorized as the selected type."},"changeDescription":{"type":"string","title":"Description","description":"Short description of the change."},"reason":{"type":"string","title":"Reason for Change","description":"Reason for the change."},"customerImpact":{"type":"string","title":"Customer Impact","description":"Summary of customer impact, including changes to services and customer configuration responsibilities."},"planAndTimeline":{"type":"object","title":"Plan and Timeline","description":"Plan and timeline for the change, including verification, assessment, and/or validation of impacted Key Security Indicators (KSIs) or Rev5 Controls.","required":["summary"],"properties":{"summary":{"type":"string","title":"Summary","description":"Human readable summary of the timeline and plan for the change. May use Markdown for formatting."},"plannedStart":{"type":"string","format":"date","title":"Planned Start","description":"The first date on which changes will be made to the system."},"plannedCompletion":{"type":"string","format":"date","title":"Planned Completion","description":"The date on which the changes will be considered complete. This should include any planned testing and monitoring activities."},"milestones":{"type":"array","title":"Milestones","description":"Milestones for the change, including dates and descriptions.","items":{"type":"object","required":["milestoneDescription"],"properties":{"milestoneDescription":{"type":"string","title":"Description","description":"Human readable description of the milestone."},"targetDate":{"type":"string","format":"date","title":"Target Date","description":"The date on which the milestone is expected to be completed."}}}}}},"impactedControls":{"type":"array","title":"Impacted KSIs or Rev5 Controls","description":"KSI or control identifiers that will be verified, assessed, or validated as part of this change.","items":{"type":"string"}},"impactAnalysis":{"type":"string","title":"Business or Security Impact Analysis","description":"Copy or summary of the business or security impact analysis. May be the full text or a URI referencing the document."}}}