FedRAMP Rev 5
FedRAMP is the US Federal Risk and Authorization Management Program established in 2011 by OMB Memorandum M-11-30 + implementing the Federal Information Security Management Act (FISMA) for cloud services used by US federal agencies. FedRAMP Rev 5 is the current version operating against NIST SP 800-53 Revision 5 + the FedRAMP Rev 5 Baselines (Low + Moderate + High + LI-SaaS) with FedRAMP-specific overlay parameters. NB: the substantive control content for the FedRAMP Moderate (323 controls) + FedRAMP High (417 controls) baselines is tracked separately in the graph as 'FedRAMP Moderate' + 'FedRAMP High' frameworks (both verified against NIST 800-53 OSCAL). This corpus node tracks the PROGRAM-LEVEL reference covering: (a) the FedRAMP Program Management Office (PMO) under GSA; (b) FedRAMP authorization paths - JAB (Joint Authorization Board comprising DOD + DHS + GSA) + Agency-ATO (individual agency Authority to Operate); (c) Authorization Boundary documentation including SSP / SAR / POA&M / continuous-monitoring plan; (d) Continuous Monitoring (ConMon) - monthly vulnerability scanning + quarterly POA&M update + annual assessment + reporting via Salesforce + FedRAMP Marketplace; (e) Significant Change Request (SCR) workflow + FedRAMP review; (f) 2024 OMB Memorandum M-24-15 modernising the FedRAMP process + introducing FedRAMP 2.0; (g) Coordination with StateRAMP + GovRAMP + state + local + tribal government cloud authorization; (h) coordination with FISMA + NIST SP 800-37 RMF + the FedRAMP Marketplace listing of authorized CSPs + assessors (3PAOs).
Framework summaries on this platform are AI-assisted interpretations for educational and compliance planning purposes. They do not reproduce or replace the official standards. Refer to the authoritative source for the definitive text. Framework names and trademarks belong to their respective organisations.
Framework Domains (7)
FedRAMP: 3PAO Assessment and FedRAMP Marketplace
| Code | Title |
|---|---|
| FedRAMP-3PAO | 3PAO Assessment, FedRAMP Marketplace and Accreditation |
FedRAMP: Authorization Boundary, SSP, SAR, POA&M and System Documentation
| Code | Title |
|---|---|
| FedRAMP-Boundary | Authorization Boundary, SSP, SAR, POA&M documentation |
| FedRAMP-SupplyChain-SBOM | FedRAMP supply chain risk management + SBOM (per EO 14028 + NIST 800-218 SSDF) |
FedRAMP: Baseline Selection (Low, Moderate, High, LI-SaaS) and Control Overlay Parameters
| Code | Title |
|---|---|
| FedRAMP-Baselines | FedRAMP Baseline Selection (Low, Moderate, High, LI-SaaS) and Control Overlay Parameters |
| FedRAMP-PII-Privacy | FedRAMP PII processing + privacy controls (NIST 800-53 Rev 5 PT family + Privacy Act) |
FedRAMP: Continuous Monitoring (ConMon) and Significant Change Requests
| Code | Title |
|---|---|
| FedRAMP-ConMon | Continuous Monitoring (ConMon) and Significant Change Requests |
| FedRAMP-IncidentReporting | FedRAMP incident reporting to PMO and US-CERT |
FedRAMP: Coordination with FISMA, NIST RMF, NIST 800-53 Rev 5 and Status
| Code | Title |
|---|---|
| FedRAMP-NIST-800-53-Rev5 | Coordination with NIST SP 800-53 Rev 5 + FedRAMP High + FedRAMP Moderate frameworks |
| FedRAMP-Status | FedRAMP Rev 5 - corpus status, baseline references, M-24-15 modernization pipeline |
FedRAMP: OMB M-24-15 Modernization, FedRAMP 2.0 and Coordination with StateRAMP / GovRAMP
| Code | Title |
|---|---|
| FedRAMP-OMB-M-24-15 | OMB Memorandum M-24-15 (July 2024) - FedRAMP modernization |
| FedRAMP-StateRAMP-GovRAMP | Coordination with StateRAMP, GovRAMP and state + local + tribal government cloud authorization |
FedRAMP: Program, Authorization Paths and PMO Governance
| Code | Title |
|---|---|
| FedRAMP-Program | FedRAMP Program establishment, PMO and authorization paths |
Your Compliance Coverage
If you comply with FedRAMP Rev 5, you already cover:
OWASP Top 10:2025
42%
5 controls mapped
Compare →HKMA Cyber Resilience Assessment Framework (C-RAF)
42%
5 controls mapped
Compare →APRA CPS 234
42%
5 controls mapped
Compare →+ 116 more: ISO/IEC 27400:2022 (42%), ISO/IEC 27011:2024 (42%)
See all 119 mapped frameworks ↓Maps to 119 other frameworks
Frequently Asked Questions
What is FedRAMP Rev 5?
FedRAMP Rev 5 is a compliance framework from United States with 7 domains and 12 controls. FedRAMP is the US Federal Risk and Authorization Management Program established in 2011 by OMB Memorandum M-11-30 + implementing the Federal Information Security Management Act (FISMA) for cloud services used by US federal agencies. FedRAMP Rev 5 is the current version operating against NIST SP 800-53 Revision 5 + the FedRAMP Rev 5 Baselines (Low + Moderate + High + LI-SaaS) with FedRAMP-specific overlay parameters. NB: the substantive control content for the FedRAMP Moderate (323 controls) + FedRAMP High (417 controls) baselines is tracked separately in the graph as 'FedRAMP Moderate' + 'FedRAMP High' frameworks (both verified against NIST 800-53 OSCAL). This corpus node tracks the PROGRAM-LEVEL reference covering: (a) the FedRAMP Program Management Office (PMO) under GSA; (b) FedRAMP authorization paths - JAB (Joint Authorization Board comprising DOD + DHS + GSA) + Agency-ATO (individual agency Authority to Operate); (c) Authorization Boundary documentation including SSP / SAR / POA&M / continuous-monitoring plan; (d) Continuous Monitoring (ConMon) - monthly vulnerability scanning + quarterly POA&M update + annual assessment + reporting via Salesforce + FedRAMP Marketplace; (e) Significant Change Request (SCR) workflow + FedRAMP review; (f) 2024 OMB Memorandum M-24-15 modernising the FedRAMP process + introducing FedRAMP 2.0; (g) Coordination with StateRAMP + GovRAMP + state + local + tribal government cloud authorization; (h) coordination with FISMA + NIST SP 800-37 RMF + the FedRAMP Marketplace listing of authorized CSPs + assessors (3PAOs). It is used by organisations to establish and maintain compliance with industry standards and regulatory requirements.
How many controls does FedRAMP Rev 5 have?
FedRAMP Rev 5 has 12 controls organised across 7 domains. The largest domains are FedRAMP: Authorization Boundary, SSP, SAR, POA&M and System Documentation (2 controls), FedRAMP: Baseline Selection (Low, Moderate, High, LI-SaaS) and Control Overlay Parameters (2 controls), FedRAMP: Continuous Monitoring (ConMon) and Significant Change Requests (2 controls). Each control defines specific requirements that organisations must implement to achieve compliance.
What frameworks does FedRAMP Rev 5 map to?
FedRAMP Rev 5 maps to 119 other compliance frameworks. The top mapping partners are OWASP Top 10:2025 (42% coverage), HKMA Cyber Resilience Assessment Framework (C-RAF) (42% coverage), APRA CPS 234 (42% coverage). Use our comparison tool to explore control-level mappings between frameworks.
How do I get started with FedRAMP Rev 5 compliance?
Start your FedRAMP Rev 5 compliance journey by running a self-assessment on our platform to identify your current compliance posture. Our AI advisory can answer specific questions about FedRAMP Rev 5 requirements, and cross-framework mapping helps you leverage existing controls from other frameworks you may already comply with. Create a free account to access all 12 controls and track your progress.
Start Your Compliance Journey
Create a free account to run self-assessments, get AI advisory, and track your compliance progress across 718 frameworks.
Get Started Free →Free forever — no credit card required