diff --git a/FRMR.documentation.json b/FRMR.documentation.json index dd739be..d636440 100644 --- a/FRMR.documentation.json +++ b/FRMR.documentation.json @@ -2,8 +2,8 @@ "info": { "title": "FedRAMP Machine-Readable Documentation", "description": "This datafile contains FedRAMP documentation for cloud service providers seeking FedRAMP Authorization. This includes definitions, requirements, recommendations, and key security indicators.", - "version": "0.9.3-beta", - "last_updated": "2026-02-20" + "version": "0.9.4-beta", + "last_updated": "2026-02-26" }, "FRD": { "info": { @@ -3076,7 +3076,7 @@ "Rev5 Authorized providers or those seeking FedRAMP authorization MAY adopt this process in place of the traditional FedRAMP Significant Change Request process after February 27, 2026.", "Rev5 Authorized Providers who switch to the Significant Change Notification process MUST notify FedRAMP via the Sign-up Form.", "Providers MUST address all requirements and recommendations in their authorization data - either in their System Security Plan with the appropriate controls or via an addendum.", - "It is up to providers to coordinate with their active agency customers to ensure agency customers will not be negatively impacted by the provider's adoption of this process.", + "It is up to providers to coordinate with their active agency customers to ensure agency customers will not be negatively impacted by the provider's adoption of this process, while considering the benefits to their entire customer base.", "Providers seeking FedRAMP authorization who plan to follow the Significant Change Notification process must clearly note this in their authorization package.", "The FedRAMP Marketplace will eventually include a section that indicates if a cloud service offering is following this process." ] @@ -3436,7 +3436,7 @@ "SCN-TRF-NIP": { "fka": "FRR-SCN-TR-02", "name": "Notification of Initial Plans", - "statement": "Providers MUST notify all necessary parties of initial plans for transformative changes at least 30 business days before starting transformative changes.", + "statement": "Providers MUST notify all necessary parties of initial plans for transformative changes at least 30 business days before starting transformative changes, including a summary of any likely security impacts or changes in risk.", "affects": ["Providers"], "timeframe_type": "bizdays", "timeframe_num": 30, @@ -3449,17 +3449,21 @@ ], "primary_key_word": "MUST", "updated": [ + { + "date": "2026-02-26", + "comment": "Add an explicit requirement to include a summary of any likely changes to risks that will result from the change." + }, { "date": "2026-02-04", "comment": "Removed italics and changed the ID as part of new standardization in v0.9.0-beta; no material changes." } ], - "terms": ["All Necessary Parties", "Transformative"] + "terms": ["All Necessary Parties", "Transformative", "Likely"] }, "SCN-TRF-NFP": { "fka": "FRR-SCN-TR-03", "name": "Notification of Final Plans", - "statement": "Providers MUST notify all necessary parties of final plans for transformative changes at least 10 business days before starting transformative changes.", + "statement": "Providers MUST notify all necessary parties of final plans for transformative changes at least 10 business days before starting transformative changes, including updates to all previously sent information.", "affects": ["Providers"], "timeframe_type": "bizdays", "timeframe_num": 10, @@ -3472,6 +3476,10 @@ ], "primary_key_word": "MUST", "updated": [ + { + "date": "2026-02-26", + "comment": "Clarified that any updates should be included in each new notification." + }, { "date": "2026-02-04", "comment": "Removed italics and changed the ID as part of new standardization in v0.9.0-beta; no material changes." @@ -3482,10 +3490,7 @@ "SCN-TRF-NAF": { "fka": "FRR-SCN-TR-04", "name": "Notification After Finishing", - "statement": "Providers MUST notify all necessary parties within 5 business days after finishing transformative changes, also including the following information:", - "following_information": [ - "Updates to all previously sent information" - ], + "statement": "Providers MUST notify all necessary parties within 5 business days after finishing transformative changes, including updates to all previously sent information.", "timeframe_type": "bizdays", "timeframe_num": 5, "notification": [ @@ -3498,6 +3503,10 @@ "affects": ["Providers"], "primary_key_word": "MUST", "updated": [ + { + "date": "2026-02-26", + "comment": "Moved update from following information to direct statement." + }, { "date": "2026-02-04", "comment": "Removed italics and changed the ID as part of new standardization in v0.9.0-beta; no material changes." diff --git a/tools/site/content/rev5/index.md b/tools/site/content/rev5/index.md index b698908..f82ec9f 100644 --- a/tools/site/content/rev5/index.md +++ b/tools/site/content/rev5/index.md @@ -8,7 +8,7 @@ - :material-timer-lock-outline: __[Rev5 Continuous Monitoring Playbook](playbook/csp/continuous-monitoring/intro.md)__ for cloud service providers -- :material-bank: __[Rev5 Agency Authorization Playbook](playbook/agency/authorization/intro.md)__ for federal agencies +- :material-bank: __[Rev5 Agency Authorization Playbook](playbook/agency/authorization/)__ for federal agencies
:material-scale-balance: __[Balance Improvement Releases](balance)__ for cloud service providers and federal agencies bring modern requirements and recommendations from [FedRAMP 20x](../20x/index.md) to the legacy FedRAMP Rev5 process; most are optional but some are **mandatory.** diff --git a/tools/site/overrides/main.html b/tools/site/overrides/main.html index e9cc9b1..548a995 100644 --- a/tools/site/overrides/main.html +++ b/tools/site/overrides/main.html @@ -1,5 +1,7 @@ {% extends "base.html" %} +{# {% block announce %} v0.9.0 beta of FRMR Docs made considerable changes to wording and structure of some materials; please review the Documentation Changelog to understand the changes! -{% endblock %} \ No newline at end of file +{% endblock %} +#} \ No newline at end of file