IEC-CSO-AIRSHOULDAll frameworksImplementation guide coming soonAutomated Incident Reporting
Incident Evaluation and Communication (IEC) · General Provider Responsibilities
Applies to: Providers
- Who this applies to
- Providers
- Service class
- All service classes
- Force
- SHOULD
- Timeframe
- No fixed timeframe
Reviewed implementation guidance for IEC-CSO-AIR is not published yet. The official source below remains complete and authoritative.
Official FedRAMP source
Verbatim from FedRAMP/rules
Providers SHOULD use automation to minimize human intervention in the process of reporting FedRAMP Reportable Incidents to all affected parties.
Modern cloud services should not be reporting incidents by hand-crafting emails!
Defined terms in this requirement
Change history
2026-06-24Official launch of the FedRAMP Consolidated Rules for 2026.
Content provenance
Official requirement text is sourced from FedRAMP/rules . Boundera implementation guidance has not been fully reviewed for this item.