KSI-SVC-PRRImplementation guide coming soonPreventing Residual Risk
SVC — Service Configuration
NIST 800-53: sc-4
- Who this is for
- Cloud service providers
- Service class
- Varies: B, C
- Implementation guidance
- Official source only
- Evidence automation
- Not published
Reviewed implementation guidance for KSI-SVC-PRR is not published yet. The official source below remains complete and authoritative.
Official FedRAMP source
Verbatim from FedRAMP/rules
Class B
**Optional:** Plans, procedures, and the state of information resources are persistently reviewed after making changes to limit and remove unwanted residual elements that would likely negatively affect the confidentiality, integrity, or availability of federal customer data.
Class C
Plans, procedures, and the state of information resources are persistently reviewed after making changes to limit and remove unwanted residual elements that would likely negatively affect the confidentiality, integrity, or availability of federal customer data.
Content provenance
Official requirement text is sourced from FedRAMP/rules . Boundera implementation guidance has not been fully reviewed for this item.