FedRAMP is a relatively stable framework. Built on NIST Special Publication 800-53, the requirements that Cloud Service Providers (CSPs) and Managed Service Providers (MSPs) are clear and straightforward, depending on their services. NIST SP 800-53 is subject to revision, however, and the most recent version (Revision 5) was finally published in September of 2020. This revision signals changes that could impact providers under FedRAMP authorization.
Here, we’ll cover NIST 800-53 and how it relates to FedRAMP, as well as some of the information we currently have regarding the new revision and how FedRAMP adoption might roll out.