FRC-CLA-RFRSHOULDAll frameworksImplementation guide coming soonRecommended FedRAMP Rules for Class A
FedRAMP Certification (FRC) · FedRAMP Class A Certification Rules
Applies to: Providers
- Who this applies to
- Providers
- Service class
- All service classes
- Force
- SHOULD
- Timeframe
- No fixed timeframe
Reviewed implementation guidance for FRC-CLA-RFR is not published yet. The official source below remains complete and authoritative.
Information required
- Certification Data Sharing: CDS-CSO-AVR (Availability Reporting)
- Certification Package Overview: CPO-CSF-CPM (Certification Package Maintenance for Rev5)
- Certification Package Overview: CPO-CSX-CPM (Certification Package Maintenance for 20x)
- Incident Evaluation and Communication: IEC-CSO-IIR (Initial Incident Report)
- Incident Evaluation and Communication: IEC-CSO-OIR (Ongoing Incident Reports)
- Vulnerability Detection and Response: VDR-TFR-MVX (Persistent Machine Verification and Validation for 20x)
- Vulnerability Detection and Response: VDR-TFR-PCD (Persistently Complete Detection)
- Vulnerability Detection and Response: VDR-TFR-PDD (Persistent Drift Detection)
- Vulnerability Detection and Response: VDR-TFR-PSD (Persistent Sample Detection)
- Vulnerability Detection and Response: VDR-TFR-PVR (Mitigation and Remediation Expectations)
- Vulnerability Evaluation and Reporting: VER-TFR-EVU (Evaluate Vulnerabilities Quickly)
Official FedRAMP source
Verbatim from FedRAMP/rules
Providers seeking a Class A FedRAMP Certification SHOULD address the following additional recommended FedRAMP Class A rules (if applicable):
Defined terms in this requirement
Change history
2026-06-24Official launch of the FedRAMP Consolidated Rules for 2026.
Content provenance
Official requirement text is sourced from FedRAMP/rules . Boundera implementation guidance has not been fully reviewed for this item.