OFR-AFR-FSIMUSTAll frameworksImplementation guide coming soon

FedRAMP Security Inbox

Ongoing FedRAMP Certification (OFR) · Addressing FedRAMP Rules

Applies to: Providers

Who this applies to: Providers
Service class: All service classes
Force: MUST
Timeframe: No fixed timeframe

Reviewed implementation guidance for OFR-AFR-FSI is not published yet. The official source below remains complete and authoritative.

Official FedRAMP source

Verbatim from FedRAMP/rules

Providers MUST follow and persistently address the FedRAMP Security Inbox (FSI) rules, based on the applicability and effective date(s) in those rules.

Defined terms in this requirement

FedRAMP Security Inbox Persistently Provider

References

FedRAMP Security Inbox

Change history

2026-05-04Initial reset for the Consolidated Rules for 2026 Public Preview.

Content provenance

Official requirement text is sourced from FedRAMP/rules . Boundera implementation guidance has not been fully reviewed for this item.