From dcf71af64d4afd506f07370c7458131551bbaa00 Mon Sep 17 00:00:00 2001 From: pete-gov Date: Tue, 3 Mar 2026 16:52:14 -0500 Subject: [PATCH] Updates corrective action to be clear about FR Ready and In Process --- FRMR.documentation.json | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/FRMR.documentation.json b/FRMR.documentation.json index d636440..734361f 100644 --- a/FRMR.documentation.json +++ b/FRMR.documentation.json @@ -2,8 +2,8 @@ "info": { "title": "FedRAMP Machine-Readable Documentation", "description": "This datafile contains FedRAMP documentation for cloud service providers seeking FedRAMP Authorization. This includes definitions, requirements, recommendations, and key security indicators.", - "version": "0.9.4-beta", - "last_updated": "2026-02-26" + "version": "0.9.41-beta", + "last_updated": "2026-03-03" }, "FRD": { "info": { @@ -1778,13 +1778,13 @@ "start_date": "2026-01-05", "end_date": "2027-12-22", "comments": [ - "These requirements apply after January 5, 2026, to all FedRAMP Rev5 cloud services that are listed in the FedRAMP Marketplace." + "These requirements apply after January 5, 2026 to all FedRAMP Rev5 cloud services, including Authorized, In Process, and FedRAMP Ready." ], "warnings": [ "**FedRAMP will begin enforcement of this process after January 5, 2026 with an Emergency Test.**", "Beginning 2026-03-01, corrective action will include public notification that the provider is not meeting the expectations of this process.", "Beginning 2026-05-01, corrective action will include complete removal from the FedRAMP Marketplace.", - "Beginning 2026-07-01, corrective action will include complete removal from the FedRAMP Marketplace and a ban on FedRAMP authorization for three months." + "Beginning 2026-07-01, corrective action will include a ban on relisting for three months." ] }, "20x": { @@ -2861,15 +2861,15 @@ "start_date": "2026-03-01", "end_date": "2027-12-22", "comments": [ - "These requirements apply after March 1, 2026, to all FedRAMP Rev5 cloud services that are listed in the FedRAMP Marketplace.", + "These requirements apply after March 1, 2026 to all FedRAMP Rev5 cloud services, including Authorized, In Process, and FedRAMP Ready.", "This process supplements the Customer Responsibilities Matrix and other existing materials - all existing Rev5 materials are still required to be maintained.", "FedRAMP does not provide a specific template for the information required in this guidance to enable cloud service providers to share innovative solutions. As long as all requirements and recommendations in this document are addressed, providers are encouraged to share their Secure Configuration Guide information in a way that makes the most sense for them and their customers." ], "warnings": [ "**FedRAMP will begin enforcement of this process after March 1, 2026. Providers who do not have a Secure Configuration Guide that meets the requirements and recommendations in this document will receive corrective action.**", "Beginning 2026-03-01, corrective action will include public notification that the provider does not meet this requirement.", - "Beginning 2026-05-01, corrective action will include revocation of FedRAMP authorization and downgrade to FedRAMP Ready.", - "Beginning 2026-07-01, corrective action will include complete removal from the FedRAMP Marketplace and a ban on FedRAMP authorization for three months." + "Beginning 2026-05-01, corrective action for Authorized cloud services will include public notification of remediation and a mandatory Corrective Action Plan from the cloud service provider.", + "Beginning 2026-07-01, corrective action for all cloud services will include complete removal from the FedRAMP Marketplace and a ban on relisting for three months." ] }, "20x": {