🔒 AWS Secure Configuration Guidance

FedRAMP Rev5 requires secure configuration guidance to include version numbers and
maintain release history. This enables tracking changes over time, understanding
what changed between versions, and ensuring customers use current guidance.

Semantic Versioning (SemVer)

Format:

MAJOR.MINOR.PATCH

Description:

Industry-standard versioning scheme

Rules:

• major: {'description': 'Incompatible changes or major rewrites', 'examples': ['Complete restructure of guidance format', 'Removal of deprecated requirements', 'Breaking API changes'], 'increment': '1.0.0 → 2.0.0'}
• minor: {'description': 'New features or requirements added (backward compatible)', 'examples': ['New FRR-RSC requirement added', 'Additional guidance sections', 'New CloudFormation templates', 'Enhanced API endpoints'], 'increment': '1.0.0 → 1.1.0'}
• patch: {'description': 'Bug fixes, clarifications, minor updates', 'examples': ['Typo corrections', 'Clarification of existing guidance', 'Updated examples', 'Link fixes'], 'increment': '1.0.0 → 1.0.1'}

Current Version:

1.0.0

Date-Based Versioning

Format:

YYYY.MM.DD or YYYY.MM

Description:

Alternative versioning based on release date

Use Case:

When releases are time-based rather than feature-based

Per Requirement

Description: Each guidance file includes version information

Example: version: "1.0.0" requirement: FRR-RSC-01 title: "Top-Level Administrative Accounts Guidance" applies_to: ["Low", "Moderate", "High"] last_updated: "2025-11-25"

System Wide

Description: Overall guidance system version

Location: README.md, API responses, web interface

Version 1 0 0

Version: 1.0.0

Release Date: 2025-11-25

Status: Current

Future Releases

Version Control

System: Git

Repository: GitHub/GitLab/CodeCommit

Tagging: Git tags for each release (v1.0.0, v1.1.0, etc.)

Example: # Tag a release git tag -a v1.0.0 -m "Initial release" git push origin v1.0.0 # List all versions git tag -l # Checkout specific version git checkout v1.0.0

Change Tracking

Review Process

Api Endpoint

Path: /api/version

Method: GET

Description: Get current system version

Response Example: { "system_version": "1.0.0", "release_date": "2025-11-25", "requirements": { "rsc01": "1.0.0", "rsc02": "1.0.0", "rsc03": "1.0.0", "rsc04": "1.0.0", "rsc05": "1.0.0", "rsc06": "1.0.0", "rsc07": "1.0.0", "rsc08": "1.0.0", "rsc09": "1.0.0", "rsc10": "1.0.0" }, "latest_changes": [ "Initial release of FedRAMP Rev5 RSC guidance" ] }

Web Interface

Location: Footer of all pages

Display: Version 1.0.0 | Last Updated: 2025-11-25

Link: Links to CHANGELOG.md or release notes

File Headers

Description: Version in each guidance file

Example: version: "1.0.0" last_updated: "2025-11-25"

Git Tags

Description: Git tags for each release

List Command: git tag -l

Checkout Command: git checkout v1.0.0

Policy:

Maintain backward compatibility within major versions

Breaking Changes

Notification: Announced 90 days in advance

Documentation: Documented in CHANGELOG and migration guide

Major Version Bump: Requires incrementing major version

Deprecation Process

Step1: Announce deprecation in release notes

Step2: Mark as deprecated in documentation

Step3: Provide migration path

Step4: Maintain for at least 2 minor versions

Step5: Remove in next major version

Methods

Fedramp Requirements

Description: Document version control for FedRAMP

Audit Trail

Description: Maintain audit trail of changes

Configuration Management

Description: Integrate with configuration management database (CMDB)