Skip to main content
Pricing
Sign inRequest demo
FRD-SDRImplementation guide coming soon

Security Decision Record (SDR)

Also: security decision record, security decision records, SDR

Definition

Verbatim from FedRAMP/rules

A persistently maintained, verified, and validated record of the security decisions made by a provider over the lifecycle of a cloud service offering. The Security Decision Record replaces the traditional System Security Plan and documents how applicable FedRAMP Practices are addressed, including implementation rationale, resulting customer risk, assessment findings, and supporting artifacts.

Used in 6 rule requirements

This term is a defined part of the following FedRAMP rule requirements — when it appears in a rule, this definition applies precisely.

Change history

  • 2026-06-24Official launch of the FedRAMP Consolidated Rules for 2026.

Source of truth: FedRAMP/rules. Definitions are published verbatim; Boundera adds cross-references and implementation context.