AWS Secure Configuration Guidance

FRR-RSC-09: Publish Guidance

Applies to: Low, Moderate, High
Last Updated: 2025-11-25
Version: 1.0.0

Download: JSON OSCAL Catalog OSCAL Component

Overview

FedRAMP Rev5 requires CSPs to publish secure configuration guidance publicly to enable
customers and auditors to understand and implement security controls. This guidance is
available through multiple channels and formats for maximum accessibility.

Publication Channels

Web-Based Guidance Portal

Description:

Interactive HTML interface for browsing guidance

Url:

http://:8080/

Access Method:

Public HTTP/HTTPS (configure as needed)

Authentication:

None required (public access)

RESTful JSON API

Description:

Programmatic access to guidance data

Base Url:

http://:8080/api

Endpoints:

all_guidance: {'path': '/api/guidance/all/json', 'method': 'GET', 'description': 'Complete guidance for all requirements', 'response': 'JSON object with all RSC requirements', 'example': 'curl http://:8080/api/guidance/all/json\n'}
specific_requirement: {'path': '/api/guidance//json', 'method': 'GET', 'description': 'Guidance for specific requirement', 'parameters': 'requirement: rsc01_root_account_guidance, rsc02_root_security_settings, etc.', 'example': 'curl http://:8080/api/guidance/rsc01_root_account_guidance/json\n'}
cloudformation_template: {'path': '/api/cloudformation/
/

🔒 AWS Secure Configuration Guidance

FRR-RSC-09: Publish Guidance

Overview

Publication Channels

Web-Based Guidance Portal

RESTful JSON API

Amazon S3 Bucket

GitHub Repository

Static Documentation Website

Publication Formats

HTML (Web Pages)

Markdown

JSON

PDF

Access Control

Public Access

Authenticated Access

Network Restrictions

Distribution Methods

Direct Download

Api Integration

S3 Sync

Git Clone

Update Notifications

Rss Feed

Email Notifications

Webhook

Github Watch

Compliance Documentation

Fedramp Ssp

Audit Evidence

Customer Communication

Best Practices

References