After all, NIST guidelines have been used as a baseline standard by governments and industries across the world for well over seven years – FedRAMP included. As such, vendors subject to FedRAMP requirements will need to adjust their compliance programs accordingly.
Here’s what to expect from FedRAMP Revision 5.
The primary difference between FedRAMP Rev 4 and 5 is the introduction of Threat-Based Methodology. Using this methodology, FedRAMP tested each NIST SP 800-53, Rev. 5 control within the FedRAMP High baseline’s ability to protect, detect, and/or respond to practices outlined in MITRE ATT&CK Framework version 8.2.
For organizations, the new threat-based approach means:
The initial draft for FedRAMP Rev 5 was released late last year to the public for feedback, which officially closed on April 1st. From here, all commentary will be reviewed and any necessary edits to documentation will be made. Once that process has concluded, the revision will be published, and Rev 5 will officially be the new lay of the land. Our team anticipates this will take another year to conclude, giving organizations about a year and a half to adjust their compliance programs in anticipation of the new baselines.
Need help preparing for Rev 5? Get in touch with us below, and a member of our team will get you scheduled – at the most efficient pricing. Work smarter, not harder.
Subscribe to our newsletter and get the latest cybersecurity insights, updates, and event invitations delivered straight to your inbox. Join our community and empower your security journey with RISCPoint's expert knowledge.
Join our newsletter for updates. Terms.
Get ready to harmonize your cybersecurity goals with our team of industry-leading consultants.
