UCM-CSO-CATSHOULDAll frameworksImplementation guide coming soonConfiguration of Agency Tenants
Using Cryptographic Modules (UCM) · Cloud Service Provider Responsibilities
Applies to: Providers
- Who this applies to
- Providers
- Service class
- All service classes
- Force
- SHOULD
- Timeframe
- No fixed timeframe
Reviewed implementation guidance for UCM-CSO-CAT is not published yet. The official source below remains complete and authoritative.
Official FedRAMP source
Verbatim from FedRAMP/rules
Providers SHOULD configure agency tenants by default to use cryptographic services that use cryptographic modules or update streams of cryptographic modules with active validations under the NIST Cryptographic Module Validation Program when such modules are available.
Defined terms in this requirement
Change history
2026-05-04Initial reset for the Consolidated Rules for 2026 Public Preview.
Content provenance
Official requirement text is sourced from FedRAMP/rules . Boundera implementation guidance has not been fully reviewed for this item.