FedRAMP Revision 5 Preparation 

Strategically plan for the upcoming baseline shift 

Are you a Cloud Service Provider (CSP’s) considering FedRAMP authorization or an authorized FedRAMP CSP? If so, you need to be aware of the upcoming changes to the FedRAMP baseline and how you should prepare for the change. In 2021, FedRAMP announced work on their new NIST SP 800-53 revision 5 baseline had begun and in May 2022 noted that a draft version of the baseline is still on progress. Soon initial drafts of the FedRAMP baseline will be published and timetables for transitioning will be announced. CSP’s should expect revision 5 to become the standard sometime in 2023. 

Cybersecurity and supply chain attacks are increasing every year. The changes in the FedRAMP revision 5 baseline will help improve security for any entity following the new baselines, with an eye towards mitigating risk and preventing security incidents before they occur.  Below are some key changes:  

• 25 more controls in the Low Baseline 
• 24 more controls in the Li-SaaS Baseline 
• 21 fewer controls in the Moderate Baseline 
• 39 fewer controls in the High Baseline 
• Supply Chain Risk Management (SR) family addition 
• Implied addition of Supply Chain Risk Management attachment 
• Policy enhancements to include corrective action 
• “State of the Practice” controls 

With so many changes on the way, all CSP’s participating in the FedRAMP program must evaluate to their compliance posture and make necessary changes to remain compliant. 

InfusionPoints has the following proven services to assist CSP’s in preparing for this transition: 

• FedRAMP Revision 4 to Revision 5 gap analysis: a tailored gap analysis to identify gaps and offer solutions for service providers’ control implementations that will need to be implemented to transition to revision 5.  
• FedRAMP Revision 4 to Revision 5 package updates: documentation updates for revision 5 control requirements in advance of the release of new templates from the FedRAMP PMO. 
• FedRAMP Revision 5 XccelerATOr: Let us help you build a secure, automated, customer focused, cloud solution that is audit prepped and ready to go with a few steps from you and 100% dedication from InfusionPoints. Paired with VNSOC360°, InfusionPoints offers highly adaptive managed services to support your FedRAMP cloud. 
• FedRAMP 3PAO Assessments: Using the knowledge InfusionPoints has gained from advising CSP’s through the FedRAMP process and our A2LA certified 3PAO certification, InfusionPoints can perform FedRAMP assessments on all baselines to the highest standard expected by FedRAMP. 

This revision change impacts all CSP’s already authorized or planning to become authorized in the next year and on. Top advisory and 3PAO firms will have long backlogs reacting to this change, so be proactive and beat the rush! InfusionPoints has a long track record as a top FedRAMP advisor with successful clients achieving all levels of FedRAMP certification. If you don’t want to wait months to receive assistance from an advisor, reach out to connect with InfusionPoints! We are certain we can offer you the support you need on your schedule and budget! 

For more information regarding the changes in the upcoming FedRAMP revision 5 baseline, see InfusionPoints deep dives on the updates: https://infusionpoints.com/blogs/fedramp-nist-800-53-revision-5-deep-dive