📢 New post: Is It Even in Your Boundary? CVE-2026-0257 and the Question a KEV Clock Asks First · 📝 Also fresh: 20x Is Permanent Now: The Rehearsal's Over, the Rules Land in June · 🚦 Beacon — the FedRAMP 20x KSI emitter — design partners open ✨ · 🆕 20x Hub: program reference, kept current · 🧪 Free tool: KSI Quick Check — paste, run, get the verdict

FedRAMP Controls / AC

AC-1 Policy and Procedures

Family AC
Baselines moderate
Mapped KSIs 2

Control statement

a. Develop, document, and disseminate to {{ insert: param, ac-1_prm_1 }}:
        1.  {{ insert: param, ac-01_odp.03 }} access control policy that:
            (a) Addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and
            (b) Is consistent with applicable laws, executive orders, directives, regulations, policies, standards, and guidelines; and
        2. Procedures to facilitate the implementation of the access control policy and the associated access controls;
    b. Designate an {{ insert: param, ac-01_odp.04 }} to manage the development, documentation, and dissemination of the access control policy and procedures; and
    c. Review and update the current access control:
        1. Policy {{ insert: param, ac-01_odp.05 }} and following {{ insert: param, ac-01_odp.06 }} ; and
        2. Procedures {{ insert: param, ac-01_odp.07 }} and following {{ insert: param, ac-01_odp.08 }}.

Parameter placeholders {{ insert: param, … }} reference FedRAMP-set values in the resolved profile. Full parameter map is preserved in the catalog database.

Covered by these Key Security Indicators

KSITitleCategory
KSI-AFR-01Minimum Assessment Scope
Apply the FedRAMP Minimum Assessment Scope (MAS) to identify and document the scope of the cloud service offering to be assessed for FedRAMP authorization and persistently address all related requirements and recommendations.
Authorization by FedRAMP
KSI-SVC-02Network Encryption
Encrypt or otherwise secure network traffic.
Service Configuration