Procurement workflow surface

FedRAMP AI Cloud Procurement Guidance — vendor disclosure form

This is a sample disclosure form a procurement team can adapt for vendor RFPs and ITTs evaluating systems against FedRAMP AI Cloud Procurement Guidance. The provision-specific questions below were derived from the catalog's coverage cells; before issuing, a qualified procurement lawyer should review the adapted version against your jurisdiction's contract law. This form is NOT legal advice (see charter §7.4).

Export:use your browser's Print → Save as PDF to produce a printable copy. Native .docx / .pdf export ships on the roadmap (see /wiki/roadmap); for now, browser print-to-PDF is the supported flow.

1. Vendor identification

Vendor legal name

Jurisdiction of incorporation

Primary contact (name, role)

Primary contact (email, phone)

RFP / ITT reference number

Response submission date

2. AI system identification

System name

Version / build identifier

Underlying model(s) + provider(s)

Intended use(s) within this engagement

Jurisdiction(s) of deployment

Other AI-governance instruments the system claims compliance with

3. Provision-specific questions

Transparency Obligations. Provide the documentation required under the transparency obligations of FedRAMP AI Cloud Procurement Guidance (FedRAMP authorisation requires System Security Plan + control documentation; GenAI guidance extends to vendor disclosure of training-data provenance, evaluation results, model documentation) — including (as applicable) model card, system card, training-data summary, evaluation results, and known limitations.
(Cite: FedRAMP authorisation requires System Security Plan + control documentation; GenAI guidance extends to vendor disclosure of training-data provenance, evaluation results, model documentation)

4. Documentation enclosures expected

Tick each enclosure attached to the vendor response. Missing enclosures should be explained in the “Variances” field below.

Training-data summary / provenance log
Copies of submitted regulatory reports / registrations
Content provenance + watermarking technical description
Safety / capability evaluation results
Vendor company registration + insurance certificates
Sub-processor / supply-chain list (including model upstream)

Variances (enclosures not attached + reason)

5. Vendor attestation

The undersigned, on behalf of the vendor, attests that the disclosures above are true and complete to the best of their knowledge at the date signed, and undertakes to notify the buyer in writing within 30 days of any material change to those disclosures.

Signatory name

Signatory role / title

Signature

Date

This is a sample form derived from the catalog at /wiki/fedramp-ai-guidance. Adapt before issuing. Not legal advice; not jurisdiction-specific. See charter §7.4.

FedRAMP AI Cloud Procurement Guidance — vendor disclosure form

3. Provision-specific questions

Transparency Obligations. Provide the documentation required under the transparency obligations of FedRAMP AI Cloud Procurement Guidance (FedRAMP authorisation requires System Security Plan + control documentation; GenAI guidance extends to vendor disclosure of training-data provenance, evaluation results, model documentation) — including (as applicable) model card, system card, training-data summary, evaluation results, and known limitations.

(Cite: FedRAMP authorisation requires System Security Plan + control documentation; GenAI guidance extends to vendor disclosure of training-data provenance, evaluation results, model documentation)

4. Documentation enclosures expected

Tick each enclosure attached to the vendor response. Missing enclosures should be explained in the “Variances” field below.

Training-data summary / provenance log

Copies of submitted regulatory reports / registrations

Content provenance + watermarking technical description

Safety / capability evaluation results

Vendor company registration + insurance certificates

Sub-processor / supply-chain list (including model upstream)