FedRAMP 20x: Rev5 Community Working Group Meeting

Описание: Monthly Rev 5 Community Update that took place on Wednesday, February 4, 2026.

===========================================================
Video highlights:

FedRAMP Rev5 Assessment Timelines
FedRAMP will now release assessment timelines quarterly
The target time for the Rev5 assessment process is 30 calendar days from receiving a complete assessment and ATO to making a decision.
For Q1 2026, the average assessment timeline was 28.75 calendar days, which translates to about 21 days when factoring in a 45-day government shutdown period.

Continuous Monitoring Audit Changes
FedRAMP is now working with USDA's Connect.gov Data Analytics Team to automate analysis of ConMon folders, specifically identifying inactivity periods of 60 or more days.
Out of 490+ services, 82 were flagged, with half being false positives or deviations from standards (e.g., wrong file formats), and the other half due to actual inactivity.

Inactivity Flag Notification and Follow-up
For false positives or administrative deviations, Cloud Service Providers (CSPs) will receive a non-punitive email with generic instructions to fix the issue.
CSPs flagged for inactivity periods will receive an email from the team, requesting a written response detailing the issues, planned fixes, and associated timelines.

FedRAMP Security Inbox Requirements and Testing
Security inbox requirements went live in January in response to CISA emergency directives, mandating CSPs must maintain and respond to a listed security POC email for FedRAMP.
FedRAMP plans to start informational testing of this requirement this month or early next, aiming to make it easy for CSPs to respond.
https://www.fedramp.gov/docs/rev5/bal...

Secure Configuration Implementation Guidance
The Secure Configuration Implementation requirement deadline is in March. CSPs are encouraged to make progress on this and ensure their guides are relevant to the specific federal tenant, as commercial tenant documentation is often seen.
FedRAMP will send out a survey after the deadline to inquire about implementation methods.
https://www.fedramp.gov/docs/rev5/bal...

Rev5 Betas and Public Comment on RFCs
https://www.fedramp.gov/rfcs/

Future Community Update Focus
Announced plans for a March Rev5 Community Update, focusing on machine-readable packages for Rev5 and demos of the Phase 2 pilot from the 20x side.

===========================================================
Be a part of the CWG discussion on GitHub: https://github.com/FedRAMP/community/...

===========================================================
Learn more about the FedRAMP Rev 5 CWG: https://www.fedramp.gov/community/
===========================================================
Stay connected with us!
===========================================================
Web: FedRAMP.gov
X/Twitter: https://x.com/fedramp
LinkedIn:   / about  
Email: [email protected]

#FedRAMP #cloud #cloudservices #ATO #govtech #saas #iaas #paas #cloudsecurity