Skip to content
Browse docs

Policy and Inventory — FedRAMP KSI Domain

Generated from the official FedRAMP/docs GitHub repo. Source path: FRMR.documentation.json on main at blob 5c6bfee74029. FRMR version: 0.9.43-beta · upstream last_updated: 2026-04-08. The official FedRAMP/rules repo exists, but grclanker still treats FedRAMP/docs as the active source until structured rules land there.

Policy and Inventory

Domain code: PIY · Domain ID: KSI-PIY · Web slug: policy-and-inventory

Theme

A secure cloud service offering will have intentional, organized, universal guidance for how every information resource, including personnel, is secured.

Indicators

KSI-PIY-GIV (formerly KSI-PIY-01) — Generating Inventories

Use authoritative sources to automatically generate real-time inventories of all information resources when needed.

Mapped Rev5 controls: cm-2.2, cm-7.5, cm-8, cm-8.1, cm-12, cm-12.1, cp-2.8

Terms: Information Resource

Recent update: 2026-02-04 — Removed italics and changed the ID as part of new standardization in v0.9.0-beta; no material changes.

KSI-PIY-RES (formerly KSI-PIY-08) — Reviewing Executive Support

Persistently review executive support for achieving the organization’s security objectives.

Terms: Persistently

Recent update: 2026-02-04 — Removed italics and changed the ID as part of new standardization in v0.9.0-beta; no material changes.

KSI-PIY-RIS (formerly KSI-PIY-06) — Reviewing Investments in Security

Persistently review the effectiveness of the organization’s investments in achieving security objectives.

Mapped Rev5 controls: ac-5, ca-2, cp-2.1, cp-4.1, ir-3.2, pm-3, sa-2, sa-3, sr-2.1

Terms: Persistently

Recent update: 2026-02-04 — Removed italics and changed the ID as part of new standardization in v0.9.0-beta; no material changes.

KSI-PIY-RSD (formerly KSI-PIY-04) — Reviewing Security in the SDLC

Persistently review the effectiveness of building security and privacy considerations into the Software Development Lifecycle and aligning with CISA Secure By Design principles.

Mapped Rev5 controls: ac-5, au-3.3, cm-3.4, pl-8, pm-7, sa-3, sa-8, sc-4, sc-18, si-10, si-11, si-16

Terms: Persistently

Recent update: 2026-02-04 — Removed italics and changed the ID as part of new standardization in v0.9.0-beta; no material changes.

KSI-PIY-RVD (formerly KSI-PIY-03) — Reviewing Vulnerability Disclosures

Persistently review the effectiveness of the provider’s vulnerability disclosure program.

Mapped Rev5 controls: ra-5.11

Terms: Persistently, Vulnerability

Recent update: 2026-02-04 — Removed italics and changed the ID as part of new standardization in v0.9.0-beta; no material changes.

URL copied to clipboard