CDS-CSO-PUBMUSTAll frameworksImplementation guide coming soonPublic Information
Certification Data Sharing (CDS) · General Provider Responsibilities
Applies to: Providers
- Who this applies to
- Providers
- Service class
- All service classes
- Force
- MUST
- Timeframe
- No fixed timeframe
Reviewed implementation guidance for CDS-CSO-PUB is not published yet. The official source below remains complete and authoritative.
Information required
- Direct link to the FedRAMP Marketplace for the offering
- Service Model
- Deployment Model
- Business Category
- UEI Number
- Sales Contact Information
- Security Contact Information
- Product Website Link
- Link to Product Logo
- Overall Service Description
- Detailed list of specific services and their security categories (see CDS-CSO-SVC (Service List))
- Summary of customer responsibilities and secure configuration guidance
- Link to Trust Center landing page that includes instructions on accessing information in the trust center
- Next Ongoing Certification Report date (see CCM-OCR-NRD (Next Report Date))
Expected evidence artifacts
- URL to the human-readable data.
- URL to the machine-readable data.
Official FedRAMP source
Verbatim from FedRAMP/rules
Providers MUST publicly share up-to-date information about the cloud service offering in both human-readable and machine-readable formats, including at least the following information that is available and applicable:
Defined terms in this requirement
Notes
- Generally, this information should be available on a public webpage or publicly shared in a FedRAMP-compatible trust center.
Change history
2026-05-04Initial reset for the Consolidated Rules for 2026 Public Preview.
Content provenance
Official requirement text is sourced from FedRAMP/rules . Boundera implementation guidance has not been fully reviewed for this item.