December 27, 2021 - FedRAMP PMO has just releases its version of FedRAMP controls based on NIST SP 800-53, Security and Privacy Controls for Federal Information Systems and Organizations, Revision 5 (Rev. 5) catalog of security and privacy controls and SP 800-53B, Control Baselines for Information Systems and Organizations. The FedRAMP PMO worked with the Joint Advisory Board to develop the FedRAMP baselines in alignment with NIST’s Rev. 5 update.

FedRAMP analyzed each NIST SP 800-53, Rev. 5 control within the FedRAMP High baseline on their ability to protect, detect, and/or respond to each of the techniques outlined in the MITRE ATT&CK Framework version 8.2. FedRAMP applied the threat-based methodology to evaluate the controls FedRAMP adds above the published NIST Rev. 5 baseline.

Feedback can be provided through this excel file to info@fedramp.gov by Friday, April 1, 2022.