Fedramp system Security Plan (ssp) High Baseline Template


CA-7 What is the solution and how is it implemented?



Download 1.2 Mb.
Page144/478
Date16.12.2020
Size1.2 Mb.
#54609
1   ...   140   141   142   143   144   145   146   147   ...   478
FedRAMP-SSP-High-Baseline-Template
FedRAMP-SSP-High-Baseline-Template, North Carolina Summary Table of Ecoregion Characteristics
CA-7 What is the solution and how is it implemented?

Part a




Part b




Part c




Part d




Part e




Part f




Part g




CA-7 Additional FedRAMP Requirements and Guidance:

Requirement 1: Operating System Scans: at least monthly

Requirement 2: Database and Web Application Scans: at least monthly

Requirement 3: All scans performed by Independent Assessor: at least annually

CA-7 Req.

Control Summary Information

Responsible Role:

Implementation Status (check all that apply):

Implemented

Partially implemented

Planned

Alternative implementation

Not applicable

Control Origination (check all that apply):

Service Provider Corporate

☐ Service Provider System Specific

☐ Service Provider Hybrid (Corporate and System Specific)

☐ Configured by Customer (Customer System Specific)

☐ Provided by Customer (Customer System Specific)

☐ Shared (Service Provider and Customer Responsibility)

☐ Inherited from pre-existing FedRAMP Authorization for Click here to enter text. ,



CA-7 What is the solution and how is it implemented?

Req. 1




Req. 2




Req. 3





CA-7 (1) Control Enhancement (M) (H)


The organization employs assessors or assessment teams with [Assignment: organization-defined level of independence] to monitor the security controls in the information system on an ongoing basis.

CA-7 (1)

Control Summary Information

Responsible Role:

Parameter CA-7 (1):

Implementation Status (check all that apply):

☐ Implemented

☐ Partially implemented

☐ Planned

☐ Alternative implementation

☐ Not applicable

Control Origination (check all that apply):

☐ Service Provider Corporate

☐ Service Provider System Specific

☐ Service Provider Hybrid (Corporate and System Specific)

☐ Configured by Customer (Customer System Specific)

☐ Provided by Customer (Customer System Specific)

☐ Shared (Service Provider and Customer Responsibility)

☐ Inherited from pre-existing FedRAMP Authorization for Click here to enter text. ,



CA-7 (1) What is the solution and how is it implemented?





CA-7 (3) Control Enhancement (H)


The organization employs trend analyses to determine if security control implementations, the frequency of continuous monitoring activities, and/or the types of activities used in the continuous monitoring process need to be modified based on empirical data.

CA-7 (3)

Control Summary Information

Responsible Role:

Implementation Status (check all that apply):

☐ Implemented

☐ Partially implemented

☐ Planned

☐ Alternative implementation

☐ Not applicable

Control Origination (check all that apply):

☐ Service Provider Corporate

☐ Service Provider System Specific

☐ Service Provider Hybrid (Corporate and System Specific)

☐ Configured by Customer (Customer System Specific)

☐ Provided by Customer (Customer System Specific)

☐ Shared (Service Provider and Customer Responsibility)

☐ Inherited from pre-existing FedRAMP Authorization for Click here to enter text. ,



CA-7 (3) What is the solution and how is it implemented?






Download 1.2 Mb.

Share with your friends:
1   ...   140   141   142   143   144   145   146   147   ...   478




The database is protected by copyright ©ininet.org 2024
send message

    Main page