Skip to main content
Pricing
Sign inRequest demo
FRC-CSO-PKGMUSTAll frameworksImplementation guide coming soon

FedRAMP Certification Package

FedRAMP Certification (FRC) · General Provider Responsibilities

Applies to: Providers
Who this applies to
Providers
Service class
All service classes
Force
MUST
Timeframe
No fixed timeframe

Reviewed implementation guidance for FRC-CSO-PKG is not published yet. The official source below remains complete and authoritative.

Information required

  • A Certification Package Overview
  • A Security Decision Record
  • A real or example Ongoing Certification Report following CCM-OCR-AVL (Report Availability)

Official FedRAMP source

Verbatim from FedRAMP/rules

Providers seeking a Certification MUST supply a complete FedRAMP Certification Package to FedRAMP for initial certification; the FedRAMP Certification Package MUST include at least the following information:

Defined terms in this requirement

Operationalize this rule

Boundera turns FedRAMP 20x requirements like FRC-CSO-PKG into assigned evidence, remediation work, and validation workflows.

Request demo

Change history

  • 2026-06-25Removed dangling mention of Class B from a last-minute merger of rules; apologies for confusion, this rule applies to all classes.
  • 2026-06-24Official launch of the FedRAMP Consolidated Rules for 2026.

Content provenance

Official requirement text is sourced from FedRAMP/rules . Boundera implementation guidance has not been fully reviewed for this item.