AWS Security ChangesHomeSearch

AWS fedramp documentation change

Service: fedramp · 2026-03-28 · Documentation low

File: fedramp/latest/userguide/privileged-account-guidance.md

Summary

Updated control reference from FRR-RSC-03 to SCG-CSO-RSC, changed requirement from 'SHOULD' to 'RECOMMENDED', added detailed requirements for Secure Configuration Guide including required and recommended sections for privileged account security settings.

Security assessment

This change updates documentation to align with a new control framework (SCG-CSO-RSC) and expands security guidance for privileged accounts. It adds more detailed requirements for secure configuration guides but doesn't indicate a specific security vulnerability being addressed. The change enhances security documentation by providing clearer requirements for privileged account management.

Diff

diff --git a/fedramp/latest/userguide/privileged-account-guidance.md b/fedramp/latest/userguide/privileged-account-guidance.md
index 68206f859..a19719d30 100644
--- a//fedramp/latest/userguide/privileged-account-guidance.md
+++ b//fedramp/latest/userguide/privileged-account-guidance.md
@@ -3 +3 @@
-Document InformationFedRAMP RequirementsFRR-RSC-03: Privileged Accounts GuidanceExecutive SummaryPrivileged Account ClassificationPrivileged-Only Security SettingsCompliance and GovernanceBest Practices and RecommendationsSummary and Implementation Guidance
+Document InformationFedRAMP RequirementsSCG-CSO-RSC: Recommended Secure Configuration - Part 3RequirementExecutive SummaryPrivileged Account ClassificationPrivileged-Only Security SettingsCompliance and GovernanceBest Practices and RecommendationsSummary and Implementation Guidance
@@ -15 +15 @@ This guide provides security configuration for privileged account access.
-Version |  1.0.0  
+Version |  1.0.2  
@@ -17 +17 @@ Version |  1.0.0
-Last Updated |  2026-01-09  
+Last Updated |  2026-03-26  
@@ -21 +21 @@ Last Updated |  2026-01-09
-## FRR-RSC-03: Privileged Accounts Guidance
+## SCG-CSO-RSC: Recommended Secure Configuration - Part 3
@@ -23 +23,15 @@ Last Updated |  2026-01-09
-✓ SHOULD - Recommended for all FedRAMP services
+✓ RECOMMENDED - Recommended for all FedRAMP services
+
+**OSCAL Control ID: SCG-CSO-RSC** **UUID: scg-cso-rsc-control**
+
+## Requirement
+
+This guidance addresses Part 3 of SCG-CSO-RSC: Explanations of security-related settings that can be operated only by privileged accounts and their security implications.
+
+Providers MUST create, maintain, and make available recommendations for securely configuring their cloud services (the Secure Configuration Guide) that includes at least the following information:
+
+  1. **Required** : Instructions on how to securely access, configure, operate, and decommission top-level administrative accounts that control enterprise access to the entire cloud service offering.
+
+  2. **Required** : Explanations of security-related settings that can be operated only by top-level administrative accounts and their security implications.
+
+  3. **Recommended** : Explanations of security-related settings that can be operated only by privileged accounts and their security implications.
@@ -25 +38,0 @@ Last Updated |  2026-01-09
-**OSCAL Control ID: FRR-RSC-03** **UUID: frr-rsc-03-control**
@@ -27 +39,0 @@ Last Updated |  2026-01-09
-### Requirement
@@ -29 +40,0 @@ Last Updated |  2026-01-09
-Providers SHOULD create and maintain guidance that explains security-related settings that can be operated only by privileged accounts and their security implications.