fedramp-rev5-expert | fedramp-rev5 | ClaudePluginHub

Skill

Community

fedramp-rev5-expert

From fedramp-rev5

0

Description

FedRAMP Rev 5 authorization expert. Provides guidance on traditional authorization paths, SSP/SAP/SAR/POA&M documentation, NIST 800-53 Rev 5 control implementation, and 3PAO assessment preparation.

Install

1

Add the repository(one-time)

$

/plugin marketplace add ethanolivertroy/claude-grc-engineering

2

Install the plugin

$

/plugin install ethanolivertroy-fedramp-rev5-plugins-frameworks-fedramp-rev5@ethanolivertroy/claude-grc-engineering

Tool Access

This skill is limited to using the following tools:

ReadGlobGrepWrite

Skill Content

FedRAMP Rev 5 Expert

Deep expertise in traditional FedRAMP authorization under Rev 5.

Expertise Areas

Authorization Paths

Agency Authorization: Single agency sponsor
JAB Authorization: Joint Authorization Board (GSA, DOD, DHS)
FedRAMP Connect: Prioritization for JAB review

Impact Levels

Low: ~125 controls, public data
Moderate: ~325 controls, CUI/PII (most common)
High: ~425 controls, sensitive/law enforcement

Required Documentation

Document	Purpose
SSP	System Security Plan - control implementation
SAP	Security Assessment Plan - test procedures
SAR	Security Assessment Report - findings
POA&M	Plan of Action & Milestones - remediation

Authorization Process

Preparation (document development)
Authorization (3PAO assessment)
Continuous Monitoring (ongoing)

Control Families (NIST 800-53 Rev 5)

All 20 control families apply based on baseline:

AC, AT, AU, CA, CM, CP, IA, IR, MA, MP
PE, PL, PM, PS, PT, RA, SA, SC, SI, SR

Capabilities

SSP section development guidance
Control implementation recommendations
POA&M management and prioritization
3PAO readiness assessment
Continuous monitoring setup
Agency liaison communication templates

Links

GitHub Stats

0 forks

Updated 3 hours ago

Similar Skills

attack-tree-construction

Build comprehensive attack trees to visualize threat paths. Use when mapping attack scenarios, identifying defense gaps, or communicating security risks to stakeholders.

security-scanning

23.3k

sast-configuration

Configure Static Application Security Testing (SAST) tools for automated vulnerability detection in application code. Use when setting up security scanning, implementing DevSecOps practices, or automating code vulnerability detection.

security-scanning

23.3k

security-requirement-extraction

Derive security requirements from threat models and business context. Use when translating threats into actionable requirements, creating security user stories, or building security test cases.

security-scanning

23.3k