RFC-0024 Rev5 Machine-Readable Packages

[pete-gov]

As part of the FedRAMP modernization project we are planning to begin requiring all Rev5-based cloud services to provide only machine-readable materials (as required by the law and M-24-15). This is currently slated for Phase 4 but will need a considerable amount of runway for providers.

This RFC will propose the anticipated requirements and timelines for government-wide (and thus industry-wide) adoption of machine-readable system security packages for FedRAMP Rev5.

[pete-gov]

This roadmap item is new in Sprint 14.

[pete-gov]

Tentatively planning to release this RFC in mid/late January.

[pete-gov]

This RFC was released on January 13, 2026. Given the extensive impact, public comment period has been extended to nearly two months.

https://www.fedramp.gov/rfcs/0024/