AWS fedramp documentation change
Summary
Updated FedRAMP guidance terminology from 'RSC Service Guidance' to 'SCG Administrative Guidance', removed OSCAL export section, and refocused content on top-level administrative accounts and privileged accounts for SCG-CSO-RSC requirement.
Security assessment
This change updates documentation to align with FedRAMP Revision 5 Secure Configuration Guide (SCG) requirements, specifically addressing SCG-CSO-RSC requirements for administrative and privileged accounts. While it enhances security documentation by clarifying guidance for secure configuration of administrative accounts, there is no evidence of addressing a specific security vulnerability or incident. The removal of OSCAL export functionality might impact compliance automation but doesn't indicate a security issue.
Diff
diff --git a/fedramp/latest/userguide/admin-introduction.md b/fedramp/latest/userguide/admin-introduction.md index fb698f061..022786a3e 100644 --- a//fedramp/latest/userguide/admin-introduction.md +++ b//fedramp/latest/userguide/admin-introduction.md @@ -3 +3 @@ -About FedRAMP Rev5 RSC Service Guidance from AWS +About FedRAMP Rev5 SCG Administrative Guidance from AWS @@ -7 +7 @@ About FedRAMP Rev5 RSC Service Guidance from AWS -This page provides guidance for AWS top-level aligned with FedRAMP Revision 5 Recommended Secure Configuration (FRR-RSC) requirements. This site contains FedRAMP specific guidance for AWS services as well as access to [OSCAL](https://csrc.nist.gov/Projects/Open-Security-Controls-Assessment-Language) formatted documents for consumption into your own tooling. These guidances are provided as a point in time reference to how to configure AWS services and AWS top-level administration accounts in a secure fashion. +This page provides guidance for AWS top-level administrative accounts aligned with FedRAMP Revision 5 Secure Configuration Guide (SCG) requirements. This guidance addresses the SCG-CSO-RSC requirement for top-level administrative accounts and privileged accounts. These guidances are provided as a point in time reference to how to configure AWS top-level administration accounts in a secure fashion. @@ -9 +9 @@ This page provides guidance for AWS top-level aligned with FedRAMP Revision 5 Re -## About FedRAMP Rev5 RSC Service Guidance from AWS +## About FedRAMP Rev5 SCG Administrative Guidance from AWS @@ -11,7 +11 @@ This page provides guidance for AWS top-level aligned with FedRAMP Revision 5 Re -For the most up-to-date service features and security configurations, always review the AWS Documentaiton page for th AWS service. These guidances are updated on a routine basis but the AWS services documentation pages are the source of truth for the most up-to-date information on standard service features. - -### Export & Automate - -Each page has a corresponding OSCAL document to align with the FRR-RSC-08 to provide guidances in machine readable format. Download the AWS FRR-RSC OSCAL files bundle to integrate with your compliance automation tools. This single file contains all administrative and service guidance documents. - -[Download Artifacts](samples/FRR-RSC.zip) +For the most up-to-date account features and security configurations, always review the AWS Documentation page for the AWS service. These guidances are updated on a routine basis but the AWS services documentation pages are the source of truth for the most up-to-date information on standard service features.