AWS Security ChangesHomeSearch

AWS fedramp documentation change

Service: fedramp · 2026-03-28 · Documentation low

File: fedramp/latest/userguide/amazon-elastic-cloud-compute-ec2.md

Summary

Updated FedRAMP requirement identifiers from FRR-RSC-XX format to SCG-XXX-XXX format, consolidated three administrative account requirements into one SCG-CSO-RSC section, updated version to 1.0.2 and last updated date to 2026-03-26, and fixed a typo ('EC@' to 'EC2').

Security assessment

This change appears to be an administrative update to documentation structure and naming conventions for FedRAMP requirements. There is no evidence of addressing a specific security vulnerability or weakness. The typo fix ('EC@' to 'EC2') is minor and doesn't indicate a security issue. The consolidation of requirements and identifier changes are organizational improvements without introducing new security content or addressing known vulnerabilities.

Diff

diff --git a/fedramp/latest/userguide/amazon-elastic-cloud-compute-ec2.md b/fedramp/latest/userguide/amazon-elastic-cloud-compute-ec2.md
index 6c9f808eb..afa21fe76 100644
--- a//fedramp/latest/userguide/amazon-elastic-cloud-compute-ec2.md
+++ b//fedramp/latest/userguide/amazon-elastic-cloud-compute-ec2.md
@@ -3 +3 @@
-Document InformationOverviewFedRAMP RequirementsAdministrative Account ModelFRR-RSC-01: Administrative AccountsFRR-RSC-02: Administrative SettingsFRR-RSC-03: Privileged SettingsIAM Least Privilege PoliciesFRR-RSC-04: Secure DefaultsFRR-RSC-05: Configuration ComparisonFRR-RSC-06: Configuration ExportFRR-RSC-07: API ConfigurationAdditional Resources
+Document InformationOverviewFedRAMP RequirementsAdministrative Account ModelSCG-CSO-RSC: Recommended Secure ConfigurationIAM Least Privilege PoliciesSCG-CSO-SDF: Secure DefaultsSCG-ENH-CMP: Configuration ComparisonSCG-ENH-EXP: Configuration ExportSCG-ENH-API: API ConfigurationAdditional Resources
@@ -11 +11 @@ This guide provides security configuration requirements and implementation examp
-Version |  1.0.0  
+Version |  1.0.2  
@@ -13 +13 @@ Version |  1.0.0
-Last Updated |  2025-12-09  
+Last Updated |  2026-03-26  
@@ -28 +28 @@ Amazon Elastic Compute Cloud (EC2) must comply with the following FedRAMP requir
-  * FRR-RSC-03
+  * SCG-CSO-RSC
@@ -30 +30 @@ Amazon Elastic Compute Cloud (EC2) must comply with the following FedRAMP requir
-  * FRR-RSC-04
+  * SCG-CSO-SDF
@@ -32 +32 @@ Amazon Elastic Compute Cloud (EC2) must comply with the following FedRAMP requir
-  * FRR-RSC-05
+  * SCG-ENH-CMP
@@ -34 +34 @@ Amazon Elastic Compute Cloud (EC2) must comply with the following FedRAMP requir
-  * FRR-RSC-06
+  * SCG-ENH-EXP
@@ -36 +36 @@ Amazon Elastic Compute Cloud (EC2) must comply with the following FedRAMP requir
-  * FRR-RSC-07
+  * SCG-ENH-API
@@ -49 +49,7 @@ Account Type |  N/A
-## FRR-RSC-01: Administrative Accounts
+## SCG-CSO-RSC: Recommended Secure Configuration
+
+**Applicable:** Yes
+
+This requirement consolidates guidance for: 1\. Instructions on how to securely access, configure, operate, and decommission top-level administrative accounts 2\. Explanations of security-related settings that can be operated only by top-level administrative accounts 3\. Explanations of security-related settings that can be operated only by privileged accounts
+
+### Part 1: Administrative Accounts
@@ -55 +61 @@ Not applicable - no administrative account model
-## FRR-RSC-02: Administrative Settings
+### Part 2: Administrative Settings
@@ -673 +679 @@ This comprehensive guidance ensures that EC2 instance administrative accounts ar
-## FRR-RSC-03: Privileged Settings
+### Part 3: Privileged Settings
@@ -677 +683 @@ This comprehensive guidance ensures that EC2 instance administrative accounts ar
-Within EC2 you have two layers of privileged access. One layer is at the IAM layer, where you can limit what permissions a user has to operate within EC@. This section covers the priviliged settings for using the service itself and provides example IAM Policies that would allow for varying levels of access to the service. The second layer of privileged access is at the OS layer itself which is covered in the other sections of this document.
+Within EC2 you have two layers of privileged access. One layer is at the IAM layer, where you can limit what permissions a user has to operate within EC2. This section covers the privileged settings for using the service itself and provides example IAM Policies that would allow for varying levels of access to the service. The second layer of privileged access is at the OS layer itself which is covered in the other sections of this document.
@@ -946 +952 @@ Enable comprehensive logging and monitoring of all privileged account activities
-## FRR-RSC-04: Secure Defaults
+## SCG-CSO-SDF: Secure Defaults
@@ -981 +987 @@ Ensure Amazon Elastic Compute Cloud (EC2) resources are created with security-fi
-## FRR-RSC-05: Configuration Comparison
+## SCG-ENH-CMP: Configuration Comparison
@@ -1012 +1018 @@ Use AWS Config conformance packs or custom Lambda functions for automated compar
-## FRR-RSC-06: Configuration Export
+## SCG-ENH-EXP: Configuration Export
@@ -1053 +1059 @@ JSON via AWS CLI
-## FRR-RSC-07: API Configuration
+## SCG-ENH-API: API Configuration