Skip to main content
Pricing
Sign inRequest demo
CDS-CSO-IRPMUSTAll frameworksImplementation guide coming soon

Include Relevant Policies

Certification Data Sharing (CDS) · General Provider Responsibilities

Applies to: Providers
Who this applies to
Providers
Service class
All service classes
Force
MUST
Timeframe
No fixed timeframe

Reviewed implementation guidance for CDS-CSO-IRP is not published yet. The official source below remains complete and authoritative.

Information required

  • Name of policy or procedure
  • Name of file, document, web page, etc.
  • Brief summary of policy or procedure
  • Word count of document
  • Current version
  • Date of last update
  • Related FedRAMP Practices (if applicable)

Expected evidence artifacts

  • Explanation of how to access this information.

Official FedRAMP source

Verbatim from FedRAMP/rules

Providers MUST supply all relevant policies and procedures in the FedRAMP Certification Data, including a human-readable and machine-readable reference that explains at least the following about each included policy and procedure:

Defined terms in this requirement

Operationalize this rule

Boundera turns FedRAMP 20x requirements like CDS-CSO-IRP into assigned evidence, remediation work, and validation workflows.

Request demo

Change history

  • 2026-06-24Official launch of the FedRAMP Consolidated Rules for 2026.

Content provenance

Official requirement text is sourced from FedRAMP/rules . Boundera implementation guidance has not been fully reviewed for this item.