SDR-CSO-MTDMUSTAll frameworksImplementation guide coming soonSecurity Decision Record Metadata
Security Decision Record (SDR) · General Provider Responsibilities
Applies to: Providers
- Who this applies to
- Providers
- Service class
- All service classes
- Force
- MUST
- Timeframe
- No fixed timeframe
Reviewed implementation guidance for SDR-CSO-MTD is not published yet. The official source below remains complete and authoritative.
Information required
- Version
- Date and time of last update
- Source of update
Official FedRAMP source
Verbatim from FedRAMP/rules
Providers MUST also include the following basic metadata in their Security Decision Record:
Defined terms in this requirement
Change history
2026-06-24Official launch of the FedRAMP Consolidated Rules for 2026.
Content provenance
Official requirement text is sourced from FedRAMP/rules . Boundera implementation guidance has not been fully reviewed for this item.