FRD-PAIImplementation guide coming soon

Potential Agency Impact

Also: potential agency impact, potential agency impacts, PAIN, Potential Agency Impact N-rating

Definition

Verbatim from FedRAMP/rules

The estimated cumulative effect of unauthorized access, disruption, harm, or other adverse impacts to all agencies using the cloud service that are likely to result from security incidents or the exploitation of vulnerabilities in the cloud service offering; as estimated following appropriate FedRAMP rules to calculate the Potential Agency Impact N-rating (PAIN).

Used in 8 rule requirements

This term is a defined part of the following FedRAMP rule requirements — when it appears in a rule, this definition applies precisely.

ICP-CSO-DPR ICP-CSO-EFI VDR-EVA-EPA VDR-RPT-AVI VDR-RPT-VDT VDR-TFR-IRI VDR-TFR-NRI VDR-TFR-PVR

Change history

2026-07-04Initial reset for the Consolidated Rules for 2026 Public Preview.