Skip to main content
Pricing
Sign inRequest demo
FRC-CLA-OFRMAYAll frameworksImplementation guide coming soon

Address Optional FedRAMP Rules for Class A

FedRAMP Certification (FRC) · FedRAMP Class A Certification Rules

Applies to: Providers
Who this applies to
Providers
Service class
All service classes
Force
MAY
Timeframe
No fixed timeframe

Reviewed implementation guidance for FRC-CLA-OFR is not published yet. The official source below remains complete and authoritative.

Information required

  • Collaborative Continuous Monitoring: CCM-QTR-MTG (Quarterly Review Meeting)
  • Certification Data Sharing: CDS-CSO-PSM (Per-Service Certification Materials)
  • Cryptographic Module Use: CMU-CSO-UVM (Using Validated Cryptographic Modules)
  • FedRAMP Certification: FRC-APP-FIA (Fresh Independent Assessment)
  • Independent Verification and Validation: IVV-CSO-FIA (FedRAMP Independent Assessments)
  • Security Decision Record: SDR-CSX-KMT (Key Security Indicator Metrics)
  • Vulnerability Evaluation and Reporting: VER-TFR-IRI (Internet-Reachable Incidents)
  • Vulnerability Evaluation and Reporting: VER-TFR-MRH (Historical Activity)
  • Vulnerability Evaluation and Reporting: VER-TFR-NRI (Non-Internet-Reachable Incidents)

Official FedRAMP source

Verbatim from FedRAMP/rules

Providers seeking a Class A FedRAMP Certification MAY address the following additional optional FedRAMP Class A rules (if applicable):

Defined terms in this requirement

Operationalize this rule

Boundera turns FedRAMP 20x requirements like FRC-CLA-OFR into assigned evidence, remediation work, and validation workflows.

Request demo

Change history

  • 2026-06-24Official launch of the FedRAMP Consolidated Rules for 2026.

Content provenance

Official requirement text is sourced from FedRAMP/rules . Boundera implementation guidance has not been fully reviewed for this item.