20x Phase 2¶
This page is the authoritative location for FedRAMP 20x Phase 2 pilot requirements.
Machine-Readable Docs
Machine-readable requirements are available in the FedRAMP 20x Machine Readable Docs repository on GitHub. Participants are strongly encouraged to leverage the underlying machine-readable documentation to simplify addressing all requirements and recommendations. All of the materials on this page are generated automatically from these machine-readable materials.
Total Requirements and Recommendations¶
The tables below have summary information about the number of Key Security Indicators, requirements, and recommendations included in 20x Phase 2 materials.
Key Security Indicators¶
Key Security Indicators only apply to cloud service providers.
| Low Impact | Moderate Impact |
|---|---|
| 60 | 65 |
Authorization by FedRAMP Requirements and Recommendations¶
All requirements and recommendations must be addressed prior to submission for authorization.
Providers¶
| Keyword | Low | Moderate |
|---|---|---|
| MUST | 89 | 90 |
| SHOULD | 38 | 39 |
| MUST NOT | 3 | 3 |
| SHOULD NOT | 4 | 4 |
| MAY | 14 | 14 |
| Total | 148 | 150 |
Assessors¶
| Keyword | Low | Moderate |
|---|---|---|
| MUST | 10 | 10 |
| SHOULD | 3 | 3 |
| MUST NOT | 2 | 2 |
| MAY | 2 | 2 |
| Total | 17 | 17 |