IFR-CLA-KSMMUST20x onlyImplementation guide coming soon

Key Security Indicator Mapping

Initial FedRAMP Certification (IFR) · FedRAMP Class A Certification Rules

Applies to: Providers

Who this applies to: Providers
Service class: All service classes
Force: MUST
Timeframe: No fixed timeframe

Reviewed implementation guidance for IFR-CLA-KSM is not published yet. The official source below remains complete and authoritative.

Information required

KSI-CMT-LMC
KSI-CNA-RNT
KSI-CED-RAT
KSI-IAM-AAM
KSI-INR-RIR
KSI-SVC-SNT

Official FedRAMP source

Verbatim from FedRAMP/rules

Providers seeking a FedRAMP 20x Certification Class A by leveraging an alternative security framework MUST supply a temporary mapping from the alternative security assessment to the following FedRAMP Key Security Indicators:

Defined terms in this requirement

Machine-Readable Provider

Notes

The mapping must be available in both machine-readable and human-readable formats.
If a mapping is not clear, the provider should supply new information indicating that the Key Security Indicator has not been independently audited.

Change history

2026-05-04Initial reset for the Consolidated Rules for 2026 Public Preview.

Content provenance

Official requirement text is sourced from FedRAMP/rules . Boundera implementation guidance has not been fully reviewed for this item.