CCM-QTR-RTPSHOULD NOTAll frameworksImplementation guide coming soonRestrict Third Parties
Collaborative Continuous Monitoring (CCM) · Quarterly Reviews
Applies to: Providers
- Who this applies to
- Providers
- Service class
- All service classes
- Force
- SHOULD NOT
- Timeframe
- No fixed timeframe
Reviewed implementation guidance for CCM-QTR-RTP is not published yet. The official source below remains complete and authoritative.
Official FedRAMP source
Verbatim from FedRAMP/rules
Providers SHOULD NOT invite third parties to attend Quarterly Reviews intended for agencies unless they have specific relevance.
Defined terms in this requirement
Notes
- This is because agencies are less likely to actively participate in meetings with third parties; the cloud service provider's independent assessor should be considered relevant by default.
Change history
2026-05-04Initial reset for the Consolidated Rules for 2026 Public Preview.
Content provenance
Official requirement text is sourced from FedRAMP/rules . Boundera implementation guidance has not been fully reviewed for this item.