0625 minor tuning post-release#25
Merged
Merged
Conversation
Member
Author
|
@dan-fedramp please deconflict and merge whichever of these changes haven't been made elsewhere - since you've separately recreated some of them it may be easier to do it separately and reject this PR. Sorry that I left it open and caused confusion but next time I go on vacation with an open PR it's probably worth checking in on it before separately recreating the changes. ;) |
# Conflicts: # fedramp-consolidated-rules.json
dan-fedramp
approved these changes
Jul 6, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Rules Content Changes
CCM-AGM-NARwas removed; agencies no longer have this CCM-specific “No Additional Requirements” rule in the dataset.CCM-AGM-NFAwas removed; agencies no longer have this CCM-specific FedRAMP notification rule after requesting additional provider materials.CPO-CSO-OSAwas added to require Class B, Class C, and Class D providers to include the assessor-supplied overall summary of assessment in the Certification Package Overview, while allowing Class A providers to include it optionally.FRC.info.subsets.CLAwas narrowed from both 20x/Rev5 and Program/Agency applicability to 20x Program applicability only.FRC-CLA-MFRfixed a wording typo from “Class Arules” to “Class A rules.”FRC-CSO-PKGwas clarified to apply to all provider classes by removing the dangling “Class B” qualifier from the certification package requirement.IEC-CSO-FIR,IEC-CSO-IIR, andIEC-CSO-OIRrenamed the FedRAMP notification contact display name from “FedRAMP Security Team” tofedramp_security@fedramp.gov.VER-AGM-DREwas removed; agencies no longer have this vulnerability-response-specific recommendation against requesting extra provider information in the dataset.VER-AGM-NFRwas removed; agencies no longer have this vulnerability-response-specific FedRAMP notification rule after requesting additional vulnerability materials.Schema And Structure Changes
2026.06.24.01/last_updated2026-06-24to version2026.06.25.01/last_updated2026-06-25.Tooling And Test Changes