Fedramp system Security Plan (ssp) High Baseline Template


Role and Name of Person Who Signed Connection Agreement



Download 1.2 Mb.
Page140/478
Date16.12.2020
Size1.2 Mb.
#54609
1   ...   136   137   138   139   140   141   142   143   ...   478
FedRAMP-SSP-High-Baseline-Template
FedRAMP-SSP-High-Baseline-Template, North Carolina Summary Table of Ecoregion Characteristics
Role and Name of Person Who Signed Connection Agreement

Name and Date of Interconnection Agreement



















































CA-3

Control Summary Information

Responsible Role:

Parameter CA-3 (c):

Implementation Status (check all that apply):

Implemented

Partially implemented

Planned

☐ Alternative implementation

Not applicable

Control Origination (check all that apply):

Service Provider Corporate

☐ Service Provider System Specific

☐ Service Provider Hybrid (Corporate and System Specific)

☐ Configured by Customer (Customer System Specific)

☐ Provided by Customer (Customer System Specific)

☐ Shared (Service Provider and Customer Responsibility)

☐ Inherited from pre-existing FedRAMP Authorization for Click here to enter text. ,



CA-3 What is the solution and how is it implemented?

Part a

See Table 11 -17. System Interconnections for information about implementation.

Part b

See Table 13 -21. Control Origination and Definitions and Table 11 -17. System Interconnections for information about implementation.

Part c





CA-3 (3) Control Enhancement (M) (H)


The organization prohibits the direct connection of an [Assignment: organization-defined unclassified, non-national security system] to an external network without the use of [FedRAMP Assignment: boundary protections which meet Trusted Internet Connection (TIC) requirements].

CA-3 (3) Additional FedRAMP Requirements and Guidance:

Guidance: Refer to Appendix H – Cloud Considerations of the TIC Reference Architecture document. Link: https://www.dhs.gov/publication/tic-reference-architecture-22

CA-3 (3)

Control Summary Information

Responsible Role:

Parameter CA-3 (3)-1:

Parameter CA-3 (3)-2:

Implementation Status (check all that apply):

☐ Implemented

☐ Partially implemented

☐ Planned

☐ Alternative implementation

☐ Not applicable

Control Origination (check all that apply):

☐ Service Provider Corporate

☐ Service Provider System Specific

☐ Service Provider Hybrid (Corporate and System Specific)

☐ Configured by Customer (Customer System Specific)

☐ Provided by Customer (Customer System Specific)

☐ Shared (Service Provider and Customer Responsibility)

☐ Inherited from pre-existing FedRAMP Authorization for Click here to enter text. ,



CA-3 (3) What is the solution and how is it implemented?





CA-3 (5) Control Enhancement (H)


The organization employs [FedRAMP Selection: deny-all, permit by exception] policy for allowing [FedRAMP Assignment: any systems] to connect to external information systems.

CA-3 (5) Additional FedRAMP Requirements and Guidance:

Guidance: For JAB Authorization, CSPs shall include details of this control in their architecture briefing.

CA-3 (5)

Control Summary Information

Responsible Role:

Parameter CA-3 (5)-1:

Parameter CA-3 (5)-2:

Implementation Status (check all that apply):

☐ Implemented

☐ Partially implemented

☐ Planned

☐ Alternative implementation

☐ Not applicable

Control Origination (check all that apply):

☐ Service Provider Corporate

☐ Service Provider System Specific

☐ Service Provider Hybrid (Corporate and System Specific)

☐ Configured by Customer (Customer System Specific)

☐ Provided by Customer (Customer System Specific)

☐ Shared (Service Provider and Customer Responsibility)

☐ Inherited from pre-existing FedRAMP Authorization for Click here to enter text. ,



CA-3 (5) What is the solution and how is it implemented?





CA-5 Plan of Action and Milestones (L) (M) (H)


The organization:

  1. Develops a plan of action and milestones for the information system to document the organization’s planned remedial actions to correct weaknesses or deficiencies noted during the assessment of the security controls and to reduce or eliminate known vulnerabilities in the system; and

  2. Updates existing plan of action and milestones [FedRAMP Assignment: at least monthly] based on the findings from security controls assessments, security impact analyses, and continuous monitoring activities.

CA-5 Additional FedRAMP Requirements and Guidance:

Requirement: Plan of Action & Milestones (POA&M) must be provided at least monthly.

Guidance: See the FedRAMP Documents page under Key Cloud Service

Provider (CSP) Documents> Plan of Action and Milestones (POA&M) Template Completion Guide



https://www.fedramp.gov/documents/


CA-5

Control Summary Information

Responsible Role:

Parameter CA-5 (b):

Implementation Status (check all that apply):

☐ Implemented

☐ Partially implemented

☐ Planned

☐ Alternative implementation

☐ Not applicable

Control Origination (check all that apply):

☐ Service Provider Corporate

☐ Service Provider System Specific

☐ Service Provider Hybrid (Corporate and System Specific)

☐ Configured by Customer (Customer System Specific)

☐ Provided by Customer (Customer System Specific)

☐ Shared (Service Provider and Customer Responsibility)

☐ Inherited from pre-existing FedRAMP Authorization for Click here to enter text. ,



CA-5 What is the solution and how is it implemented?

Part a




Part b






Download 1.2 Mb.

Share with your friends:
1   ...   136   137   138   139   140   141   142   143   ...   478




The database is protected by copyright ©ininet.org 2024
send message

    Main page