CDS-CSO-SVCMUSTAll frameworksImplementation guide coming soon

Service List

Certification Data Sharing (CDS) · General Provider Responsibilities

Applies to: Providers

Who this applies to: Providers
Service class: All service classes
Force: MUST
Timeframe: No fixed timeframe

Reviewed implementation guidance for CDS-CSO-SVC is not published yet. The official source below remains complete and authoritative.

Expected evidence artifacts

URL to the human-readable data.
URL to the machine-readable data (if applicable).

Official FedRAMP source

Verbatim from FedRAMP/rules

Providers MUST publicly share a detailed list of specific services and their security categories that are included in the cloud service offering using clear feature or service names that align with standard public marketing materials; this list MUST be complete enough for a potential customer to determine which services are and are not included in the FedRAMP Minimum Assessment Scope without requesting access to underlying FedRAMP Certification Data.

Defined terms in this requirement

Certification Data Cloud Service Offering Provider Security Category

Change history

2026-05-04Initial reset for the Consolidated Rules for 2026 Public Preview.

Content provenance

Official requirement text is sourced from FedRAMP/rules . Boundera implementation guidance has not been fully reviewed for this item.