The Federal Risk and Authorization Management Program has rolled out a set of policy proposals aimed at bringing its overhaul under the FedRAMP Authorization Act to a close.
FedRAMP released on Tuesday six requests for comments, or RFCs, to align the program with its updated statutory role and Office of Management and Budget Memorandum M-24-15, following nearly a year of testing and engagement with the cloud security community.
Table of Contents
What FedRAMP Changes Are Being Proposed?
The RFCs propose new requirements for reporting independent assessment costs, a revised authorization designation system that distinguishes FedRAMP approvals from agency authorizations to operate and expanded FedRAMP Marketplace listings that would include services still in the preparation phase.
Other proposals introduce a new authorization step that leverages external security assessments for limited, low-risk use cases; a temporary sponsorless Rev5 certification path for certain providers; and requirements for machine-readable authorization data tied to defined implementation timelines.
Why Release Six FedRAMP RFCs at the Same Time?
Rather than issuing changes incrementally, FedRAMP opted for a single, coordinated release of the RFCs. The program office said the approach reflects the close connection between the proposed updates and aims to avoid creating a prolonged period of uncertainty for the FedRAMP ecosystem.
To reduce the burden on stakeholders, comment deadlines were staggered across the six proposals. Comment periods will remain open through mid-February and March, depending on the proposal.
FedRAMP said it will address questions about the RFCs during upcoming community update meetings and plans to host at least one special event focused on the changes.
Data gathered will be used to improve the proposed updates.
Related Articles
President Donald Trump has renominated Sean Plankey, former director for cyber policy at the National Security Council, to serve as director of the Cybersecurity and Infrastructure Security Agency. With Plankey’s renomination to lead CISA, cybersecurity leadership and resilience are once again at the forefront of the national conversation. That momentum continues at the Potomac Officers Club’s 2026 Cyber Summit on May 21, where government and industry leaders will explore what’s next for securing critical infrastructure. Sign up now to reserve your seat at this must-attend event. Plankey was part of the list of nominations that the Trump administration had submitted
The Army-led Joint Interagency Task Force 401, or JIATF 401, has awarded a contract for two DroneHunter F700 counter-unmanned aerial systems, marking its first acquisition under the Replicator 2 initiative. As the Army accelerates efforts like Replicator 2 to rapidly field counter-UAS capabilities and outpace emerging threats, the need for closer alignment between innovation, acquisition and operational leadership has never been clearer. That broader push toward speed and adaptability will frame discussions at the Potomac Officers Club’s 2026 Army Summit on June 18, bringing senior Army leaders and industry partners together to discuss the future of the force. Reserve your
The Department of Energy is working with NASA to create a nuclear reactor that would power missions on the lunar surface by 2030. The agencies signed a memorandum of understanding to collaborate on the research and development of a fission surface power system that will deliver safe and efficient electrical power on the moon or Mars, DOE said Tuesday. “History shows that when American science and innovation come together, from the Manhattan Project to the Apollo Mission, our nation leads the world to reach new frontiers once thought impossible,” stated Energy Secretary Chris Wright. “This agreement continues that legacy.” What