Journalist briefing pack

FedRAMP AI Cloud Procurement Guidance

Deadline-ready summary derived from the Policy Window catalog. Every claim cites a primary source. As of 2026-06-03.

Editor-of-record: Editorial board (in formation) (Policy Window) — last reviewed 2026-05-31

Key finding

FedRAMP PMO operational guidance on AI/GenAI cloud authorisation; ATO scope, baseline selection, GenAI control tailoring, M-24-10 cross-walk.

Pull quote (operative text)

“AI cloud services processing federal data require FedRAMP authorisation; agency authorising officials remain the operative gate for specific AI use cases.”

— Primary source, guidance

Topics this instrument addresses

governs
Transparency Obligations— FedRAMP authorisation requires System Security Plan + control documentation; GenAI guidance extends to vendor disclosure of training-data provenance, evaluation results, model documentation
implicit
Foundation Models / GPAI— GenAI-specific control tailoring guidance addresses model-specific risks (training-data exposure, prompt-injection, output disclosure) within SSP + NIST SP 800-53 control overlay selection
implicit
Compute-Threshold Reporting— FedRAMP authorisation enables ATO; agency-AI-use disclosure flows through OMB M-24-10 inventory + quarterly procurement reporting rather than through FedRAMP itself
implicit
Individual Redress— Guidance cross-walks to OMB M-24-10 minimum practices including human-consideration + remedy for rights-impacting AI
implicit
Training-Data Rights— Supply-chain risk-management considerations include training-data + model-weight provenance disclosure within the SSP

Cite this briefing

MLA (9th edition)

Policy Window. "FedRAMP AI Cloud Procurement Guidance." Policy Window AI Governance Catalog, 2026-06-03, http://localhost:3000/wiki/fedramp-ai-guidance?asOf=2026-06-03.

AP (current style — newsroom-grade)

Policy Window AI Governance Catalog, "FedRAMP AI Cloud Procurement Guidance," accessed 2026-06-03, http://localhost:3000/wiki/fedramp-ai-guidance?asOf=2026-06-03.

Chicago (17th edition, notes-bibliography)

Policy Window, "FedRAMP AI Cloud Procurement Guidance," Policy Window AI Governance Catalog, accessed 2026-06-03, http://localhost:3000/wiki/fedramp-ai-guidance?asOf=2026-06-03.

APA (7th edition, author-date)

Policy Window. (2026). FedRAMP AI Cloud Procurement Guidance [Snapshot 2026-06-03]. Policy Window AI Governance Catalog. http://localhost:3000/wiki/fedramp-ai-guidance?asOf=2026-06-03

Download .bib Download .ris Download .csl-json

CC BY 4.0 content. Citation conventions documented at /wiki/citing-us.

What this briefing IS: a deadline-shaped slice of the typed catalog at /wiki/fedramp-ai-guidance. Key finding + pull quote + crosswalk are editor-curated when present; honest-empty when not. Charter §7.1.a holds: never advocacy framing.

What this briefing is NOT: a substitute for direct verification of primary sources before publication. Not legal advice (charter §7.4). Not real-time (editorial cadence).

Topics this instrument addresses

governs

Transparency Obligations— FedRAMP authorisation requires System Security Plan + control documentation; GenAI guidance extends to vendor disclosure of training-data provenance, evaluation results, model documentation

implicit

Foundation Models / GPAI— GenAI-specific control tailoring guidance addresses model-specific risks (training-data exposure, prompt-injection, output disclosure) within SSP + NIST SP 800-53 control overlay selection

implicit

Compute-Threshold Reporting— FedRAMP authorisation enables ATO; agency-AI-use disclosure flows through OMB M-24-10 inventory + quarterly procurement reporting rather than through FedRAMP itself

implicit

Individual Redress— Guidance cross-walks to OMB M-24-10 minimum practices including human-consideration + remedy for rights-impacting AI

implicit

Training-Data Rights— Supply-chain risk-management considerations include training-data + model-weight provenance disclosure within the SSP