FedRAMP Compliance Checklist: 325+ Controls

Complete checklist covering FedRAMP Moderate baseline based on NIST 800-53 Rev 5. Essential for cloud service providers seeking federal government authorization.

Get Expert Help Take Free Assessment

325

Controls

NIST 800-53

Based

12 Month

Process

FedRAMP Moderate Baseline Controls

325+ controls across 18 NIST 800-53 control families

AT: Awareness & Training

CA: Security Assessment

CP: Contingency Planning

IA: Identification & Authentication

IA-1: Policy and Procedures

IA-2: Identification and Authentication

IA-3: Device Identification and Authentication

IA-4: Identifier Management

IA-5: Authenticator Management

IA-6: Authentication Feedback

IA-7: Cryptographic Module Authentication

IA-8: Identification and Authentication (Non-Organizational Users)

IA-11: Re-authentication

IR: Incident Response

RA: Risk Assessment

RA-1: Policy and Procedures

RA-2: Security Categorization

RA-3: Risk Assessment

RA-5: Vulnerability Monitoring and Scanning

RA-6: Technical Surveillance Countermeasures

How LowerPlane Automates FedRAMP

📋

SSP Generation

Automatically generate your System Security Plan with all 325+ controls and implementation details.

🔍

Continuous Monitoring

Automated evidence collection from AWS, Azure, GCP for ongoing authorization requirements.

📊

POA&M Tracking

Track and manage your Plan of Action & Milestones with automated status updates.

Download Your Free FedRAMP Checklist

Get the complete 325+ control checklist as a printable PDF. Track your progress toward FedRAMP authorization.

Download PDF Checklist Or Get Expert Help

No email required for PDF download. Start tracking your compliance progress today.

FedRAMP Compliance Checklist: 325+ Controls

FedRAMP Moderate Baseline Controls

AC: Access Control

AT: Awareness & Training

AU: Audit & Accountability

CA: Security Assessment

CM: Configuration Management

CP: Contingency Planning

IA: Identification & Authentication

IR: Incident Response

MA: Maintenance

MP: Media Protection

PE: Physical Protection

PL: Planning

PS: Personnel Security

RA: Risk Assessment

SA: System & Services Acquisition

SC: System & Communications Protection

SI: System & Information Integrity

PM: Program Management

FedRAMP Documentation Package

Core Documents

Supporting Documentation

How LowerPlane Automates FedRAMP

SSP Generation

Continuous Monitoring

POA&M Tracking

Download Your Free FedRAMP Checklist

Related FedRAMP Resources

FedRAMP Requirements

NIST 800-53

Cloud Authorization