GSA

Focus on FedRAMP Blog: Rev. 5 Baselines Have Been Approved and Released!

GSA sent this email to their subscribers on May 30, 2023.

FedRAMP Logo
Rev5

Rev. 5 Baselines Have Been Approved and Released!

The FedRAMP Joint Authorization Board has approved the FedRAMP Rev. 5 baselines. The FedRAMP baselines were updated to correspond with the National Institute of Standards and Technology’s (NIST) Special Publication (SP) 800-53 Rev. 5 Catalog of Security and Privacy Controls for Information Systems and Organizations and SP 800-53B Control Baselines for Information Systems and Organizations.

Outlined below are the released documents with a supporting high level summary:

  • Provides guidance to assist Cloud Service Providers (CSP), Third Party Assessment Organizations (3PAOs), Federal Agencies in transitioning to NIST SP 800-53 Rev. 5, and to the new FedRAMP requirements
  • Categorizes CSPs based on their stage in the FedRAMP authorization process and defines date-based transition periods for each category
  • Assists CSPs with identifying the scope of 
  • Aligns security controls more closely with NIST
  • Adds significant guidance for many controls
  • Privacy controls, and any other control outside of the FedRAMP baselines, remain at the agency’s discretion
  • Program Management (PM) controls remain an agency responsibility and are therefore not included in the baselines

For more details, please visit the blog!

If you have questions or feedback, please let us know at [email protected].

 


This email was sent to [email protected] on behalf of General Services Administration  · 1800 F St. NW · Washington, DC 20405  ·  866-606-8220  

Text-only version of this email

FedRAMP Logo Rev5 REV. 5 BASELINES HAVE BEEN APPROVED AND RELEASED! The FedRAMP Joint Authorization Board has approved the FedRAMP Rev. 5 baselines. The FedRAMP baselines were updated to correspond with the National Institute of Standards and Technology’s (NIST) Special Publication (SP) 800-53 Rev. 5 Catalog of Security and Privacy Controls for Information Systems and Organizations and SP 800-53B Control Baselines for Information Systems and Organizations. Outlined below are the released documents with a supporting high level summary: CLOUD SERVICE PROVIDER (CSP) TRANSITION PLAN  * Provides guidance to assist Cloud Service Providers (CSP), Third Party Assessment Organizations (3PAOs), Federal Agencies in transitioning to NIST SP 800-53 Rev. 5, and to the new FedRAMP requirements * Categorizes CSPs based on their stage in the FedRAMP authorization process and defines date-based transition periods for each category * Assists CSPs with identifying the scope of  REV. 5 BASELINES  * Aligns security controls more closely with NIST * Adds significant guidance for many controls * Privacy controls, and any other control outside of the FedRAMP baselines, remain at the agency’s discretion * Program Management (PM) controls remain an agency responsibility and are therefore not included in the baselines For more details, please visit the blog! Visit Blog If you have questions or feedback, please let us know at [email protected]. Link to FedRAMP Twitter Feed YouTube Icon Link to FedRAMP Offered Trainings Visit FedRAMP.gov Contact Us Manage Subscriptions Help : :: :j % ---------------------------------------------------------------------------------------------------------------------------------- This email was sent to [email protected] on behalf of General Services Administration  · 1800 F St. NW · Washington, DC 20405  ·  866-606-8220  
Show all

The Latest Emails Sent By GSA

More Emails, Deals & Coupons From GSA

Email Offers, Discounts & Promos From Our Top Stores