AWS fedramp documentation change
Summary
Updated FedRAMP control identifiers from FRR-RSC series to SCG-CSO/SCG-ENH series, restructured sections under consolidated 'Recommended Secure Configuration' heading, and updated version and date.
Security assessment
This change reorganizes and renames FedRAMP security controls but doesn't address any specific security vulnerability or incident. The content appears to be a documentation restructuring and rebranding of control identifiers rather than addressing a security issue. The change adds security documentation by consolidating guidance for administrative accounts, settings, and privileged settings under a single control.
Diff
diff --git a/fedramp/latest/userguide/amazon-rds.md b/fedramp/latest/userguide/amazon-rds.md index 54d277d50..34cae0dbc 100644 --- a//fedramp/latest/userguide/amazon-rds.md +++ b//fedramp/latest/userguide/amazon-rds.md @@ -3 +3 @@ -Document InformationOverviewFedRAMP RequirementsAdministrative Account ModelFRR-RSC-01: Administrative AccountsFRR-RSC-02: Administrative SettingsFRR-RSC-03: Privileged SettingsIAM Least Privilege PoliciesFRR-RSC-04: Secure DefaultsFRR-RSC-05: Configuration ComparisonFRR-RSC-06: Configuration ExportFRR-RSC-07: API ConfigurationAdditional Resources +Document InformationOverviewFedRAMP RequirementsAdministrative Account ModelSCG-CSO-RSC: Recommended Secure ConfigurationIAM Least Privilege PoliciesSCG-CSO-SDF: Secure DefaultsSCG-ENH-CMP: Configuration ComparisonSCG-ENH-EXP: Configuration ExportSCG-ENH-API: API ConfigurationAdditional Resources @@ -11 +11 @@ This guide provides security configuration requirements and implementation examp -Version | 1.0.0 +Version | 1.0.2 @@ -13 +13 @@ Version | 1.0.0 -Last Updated | 2026-01-09 +Last Updated | 2026-03-26 @@ -28 +28 @@ Amazon RDS must comply with the following FedRAMP requirements: - * FRR-RSC-01 + * SCG-CSO-RSC @@ -30 +30 @@ Amazon RDS must comply with the following FedRAMP requirements: - * FRR-RSC-02 + * SCG-CSO-SDF @@ -32 +32 @@ Amazon RDS must comply with the following FedRAMP requirements: - * FRR-RSC-03 + * SCG-ENH-CMP @@ -34 +34 @@ Amazon RDS must comply with the following FedRAMP requirements: - * FRR-RSC-04 + * SCG-ENH-EXP @@ -36,5 +36 @@ Amazon RDS must comply with the following FedRAMP requirements: - * FRR-RSC-05 - - * FRR-RSC-06 - - * FRR-RSC-07 + * SCG-ENH-API @@ -53 +49,7 @@ Account Type | Master database user -## FRR-RSC-01: Administrative Accounts +## SCG-CSO-RSC: Recommended Secure Configuration + +**Applicable:** Yes + +This requirement consolidates guidance for: 1\. Instructions on how to securely access, configure, operate, and decommission top-level administrative accounts 2\. Explanations of security-related settings that can be operated only by top-level administrative accounts 3\. Explanations of security-related settings that can be operated only by privileged accounts + +### Part 1: Administrative Accounts @@ -377 +379 @@ This comprehensive guidance ensures that Amazon RDS administrative accounts are -## FRR-RSC-02: Administrative Settings +### Part 2: Administrative Settings @@ -938 +940 @@ The master user account in Amazon RDS has elevated privileges specific to each d -## FRR-RSC-03: Privileged Settings +### Part 3: Privileged Settings @@ -1204 +1206 @@ Enable comprehensive logging and monitoring of all privileged account activities -## FRR-RSC-04: Secure Defaults +## SCG-CSO-SDF: Secure Defaults @@ -1235 +1237 @@ Ensure Amazon RDS resources are created with security-first configurations that -## FRR-RSC-05: Configuration Comparison +## SCG-ENH-CMP: Configuration Comparison @@ -1269 +1271 @@ Deploy AWS Config rules to continuously monitor Amazon RDS compliance with organ -## FRR-RSC-06: Configuration Export +## SCG-ENH-EXP: Configuration Export @@ -1303 +1305 @@ Deploy AWS Config rules to continuously monitor Amazon RDS compliance with organ -## FRR-RSC-07: API Configuration +## SCG-ENH-API: API Configuration