fedramplisted
Install: claude install-skill Jandyoverseas977/Claude-Skills-Governance-Risk-and-Compliance
# FedRAMP Certification Skill
A comprehensive guide for helping users navigate FedRAMP authorization — from initial
readiness through ATO and ongoing continuous monitoring.
## Quick Reference: What Does the User Need?
Identify the user's goal and jump to the appropriate section:
| User Goal | Go To |
|---|---|
| "Are we ready for FedRAMP?" / gap assessment | → [Readiness & Gap Assessment](#1-readiness--gap-assessment) |
| Writing SSP, POA&M, SAR, SAP, or other docs | → [ATO Documentation](#2-ato-documentation) |
| "Which controls apply to us?" / control mapping | → [NIST 800-53 Control Mapping](#3-nist-800-53-control-mapping) |
| Cloud architecture / AWS/Azure/GCP config | → [Architecture Guidance](#4-architecture-guidance) |
| Already authorized, ongoing compliance | → [Continuous Monitoring](#5-continuous-monitoring) |
---
## Current FedRAMP State (as of 2025–2026)
- **Baseline**: NIST SP 800-53 **Rev 5** (approved May 2023, fully in effect)
- **Control counts** (Rev 5): Low = ~156, Moderate = 323, High = 410
- **OSCAL mandate**: RFC-0024 requires all CSPs to transition to machine-readable OSCAL packages by **September 2026**
- **Security Inbox**: As of January 5, 2026, all authorized CSPs must maintain a dedicated Security Inbox for urgent vulnerability directives (no CAPTCHAs or barriers)
- **FedRAMP 20x**: A modernization initiative in progress; introduces continuous authorization and modular/API-driven submissions. Traditional SSP/SAP/SAR templates remain require