Incident Communications Procedures¶
The Incident Communications Procedures rules explain how providers must communicate incident information to FedRAMP, CISA, and government customers.
FedRAMP Responsibilities¶
These rules apply to FedRAMP.
Ongoing Review¶
ICP-FRP-ORV
Changelog:
- 2026-05-04: Initial reset for the Consolidated Rules for 2026 Public Preview.
FedRAMP MUST periodically review Incident Communications Procedures implementation with providers based on lack of reporting or other information.
Corrective Actions
- FedRAMP will request a Corrective Action Plan when a provider is unaware of the rules or has failed to implement proper procedures.
- FedRAMP will grant a 3 month grace period to implement proper procedures pending remediation and possible revocation of FedRAMP Certification.
Terms: Incident