AWS Security ChangesHomeSearch

AWS fedramp documentation change

Service: fedramp · 2026-03-28 · Documentation low

File: fedramp/latest/userguide/root-security-guidance.md

Summary

Updated control reference from FRR-RSC-02 to SCG-CSO-RSC, expanded requirements section to include detailed Secure Configuration Guide requirements for top-level administrative accounts, updated version and date.

Security assessment

This change updates the control framework reference and expands security documentation requirements for root/top-level administrative accounts. It adds specific requirements for secure configuration guides but doesn't indicate a specific security incident or vulnerability. The change improves security documentation by providing more structured requirements for root account security.

Diff

diff --git a/fedramp/latest/userguide/root-security-guidance.md b/fedramp/latest/userguide/root-security-guidance.md
index 5d15f3c1d..8cbe7aa9f 100644
--- a//fedramp/latest/userguide/root-security-guidance.md
+++ b//fedramp/latest/userguide/root-security-guidance.md
@@ -3 +3 @@
-Document InformationFRR-RSC-02: Root Security Settings GuidanceRequirementComponent Implementation (OSCAL)Executive SummaryRoot-Only Security OperationsManagement Account Exclusive Security OperationsRoot Account Specific Security Operations
+Document InformationSCG-CSO-RSC: Recommended Secure Configuration - Part 2RequirementComponent Implementation (OSCAL)Executive SummaryRoot-Only Security OperationsManagement Account Exclusive Security OperationsRoot Account Specific Security Operations
@@ -15 +15 @@ This topic discusses root security guidance.
-Version |  1.0.0  
+Version |  1.0.2  
@@ -17 +17 @@ Version |  1.0.0
-Last Updated |  2026-01-09  
+Last Updated |  2026-03-26  
@@ -19 +19 @@ Last Updated |  2026-01-09
-## FRR-RSC-02: Root Security Settings Guidance
+## SCG-CSO-RSC: Recommended Secure Configuration - Part 2
@@ -23 +23 @@ Last Updated |  2026-01-09
-**OSCAL Control ID: FRR-RSC-02**
+**OSCAL Control ID: SCG-CSO-RSC**
@@ -25 +25 @@ Last Updated |  2026-01-09
-**UUID: frr-rsc-02-control**
+**UUID: scg-cso-rsc-control**
@@ -29 +29,12 @@ Last Updated |  2026-01-09
-Providers MUST create and maintain guidance that explains security-related settings that can be operated only by top-level administrative accounts and their security implications.
+This guidance addresses Part 2 of SCG-CSO-RSC: Explanations of security-related settings that can be operated only by top-level administrative accounts and their security implications.
+
+Providers MUST create, maintain, and make available recommendations for securely configuring their cloud services (the Secure Configuration Guide) that includes at least the following information:
+
+  1. **Required** : Instructions on how to securely access, configure, operate, and decommission top-level administrative accounts that control enterprise access to the entire cloud service offering.
+
+  2. **Required** : Explanations of security-related settings that can be operated only by top-level administrative accounts and their security implications.
+
+  3. **Recommended** : Explanations of security-related settings that can be operated only by privileged accounts and their security implications.
+
+
+