FRD-SDRImplementation guide coming soonSecurity Decision Record (SDR)
Also: security decision record, security decision records, SDR
Definition
Verbatim from FedRAMP/rules
A persistently maintained, verified, and validated record of the security decisions made by a provider over the lifecycle of a cloud service offering. The Security Decision Record replaces the traditional System Security Plan and documents how applicable FedRAMP Practices are addressed, including implementation rationale, resulting customer risk, assessment findings, and supporting artifacts.
Used in 6 rule requirements
This term is a defined part of the following FedRAMP rule requirements — when it appears in a rule, this definition applies precisely.
Change history
2026-06-24Official launch of the FedRAMP Consolidated Rules for 2026.