Skip to content

Automated generation of all FedRAMP Rev 5 documents and templates #173

Open
Open
Automated generation of all FedRAMP Rev 5 documents and templates#173
Assignees
ethanolivertroy
Labels
enhancementNew feature or request

Description

@ethanolivertroy
ethanolivertroy
opened on May 15, 2026

Overview

Implement automated generation for the complete suite of FedRAMP Rev 5 documents and templates (39 published items).

Source Details

Scope

Automate the creation of all FedRAMP Rev 5 artifacts across every authorization phase:

Preparation Phase

  • Readiness Assessment Report (RAR) — High & Moderate
  • System Security Plan (SSP) — High, Moderate, Low, LI-SaaS baselines
  • SSP Appendix A — Baseline security controls (all impact levels)
  • SSP Appendix F — Rules of Behavior (RoB)
  • SSP Appendix G — Information System Contingency Plan (ISCP)
  • SSP Appendix J — CIS and CRM Workbook
  • SSP Appendix M — Integrated Inventory Workbook
  • SSP Appendix Q — Cryptographic Modules Table

Authorization Phase

  • Security Assessment Plan (SAP)
  • Security Assessment Report (SAR) — including SRTM & RET appendices
  • Plan of Action and Milestones (POA&M)
  • ATO Letter
  • Initial Authorization Package Checklist
  • Annual Assessment Controls Selection Worksheet

Continuous Monitoring Phase

  • Continuous Monitoring Deliverables Template
  • Monthly Executive Summary
  • Vulnerability Deviation Request Form
  • Penetration Test Guidance integration

Program & Guidance Documents

  • Security Controls Baseline catalog
  • Cryptographic Module Selection Policy
  • Authorization Boundary Guidance
  • 3PAO Obligations and Performance Guide
  • Agency Authorization Playbook
  • CSP Authorization Playbook
  • Continuous Monitoring Playbook

Acceptance Criteria

  1. Identify all 39 Rev 5 artifacts and their structural schemas
  2. Build document-generation engine (DOCX, XLSX, PDF outputs)
  3. Map each artifact to the OSCAL / JSON data model used by the Claude GRC Engineering toolkit
  4. Provide end-to-end automated package assembly from SSP → SAP → SAR → POA&M → ATO

Linked Linear Issue

Linear: GRC-61 — https://linear.app/grc-engineering-club/issue/GRC-61/automated-generation-of-all-fedramp-rev-5-documents-and-templates

Metadata

Metadata

Assignees

Labels

enhancementNew feature or request

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions