CCM-OCR-LSIMUST NOTAll frameworksImplementation guide coming soon

Limit Sensitive Information

Collaborative Continuous Monitoring (CCM) · Ongoing Certification Reports

Applies to: Providers

Who this applies to: Providers
Service class: All service classes
Force: MUST NOT
Timeframe: No fixed timeframe

Reviewed implementation guidance for CCM-OCR-LSI is not published yet. The official source below remains complete and authoritative.

Official FedRAMP source

Verbatim from FedRAMP/rules

Providers MUST NOT irresponsibly disclose sensitive information in an Ongoing Certification Report that would likely have an adverse effect on the cloud service offering.

Defined terms in this requirement

Cloud Service Offering Likely Ongoing Certification Ongoing Certification Report (OCR)Provider

Change history

2026-05-04Initial reset for the Consolidated Rules for 2026 Public Preview.

Content provenance

Official requirement text is sourced from FedRAMP/rules . Boundera implementation guidance has not been fully reviewed for this item.