MAS-CSO-SUPMAYAll frameworksImplementation guide coming soon

Supplemental Information

Minimum Assessment Scope (MAS) · General Provider Responsibilities

Applies to: Providers

Who this applies to: Providers
Service class: All service classes
Force: MAY
Timeframe: No fixed timeframe

Reviewed implementation guidance for MAS-CSO-SUP is not published yet. The official source below remains complete and authoritative.

Official FedRAMP source

Verbatim from FedRAMP/rules

Providers MAY include additional materials about other information resources that are not part of the cloud service offering in a FedRAMP Certification package supplement; these resources will not be FedRAMP Certified and MUST be clearly marked and separated from the cloud service offering.

Defined terms in this requirement

Agency Certification Package Cloud Service Offering FedRAMP Certified Information Resource Provider

Notes

This is intended to allow inclusion of things like security materials for apps, supplemental marketing collateral, and other information that is not part of the cloud service offering but may be useful to agencies.

Change history

2026-05-04Initial reset for the Consolidated Rules for 2026 Public Preview.

Content provenance

Official requirement text is sourced from FedRAMP/rules . Boundera implementation guidance has not been fully reviewed for this item.