Fedramp system Security Plan (ssp) High Baseline Template



Download 1.2 Mb.
Page22/478
Date16.12.2020
Size1.2 Mb.
#54609
1   ...   18   19   20   21   22   23   24   25   ...   478
FedRAMP-SSP-High-Baseline-Template
FedRAMP-SSP-High-Baseline-Template, North Carolina Summary Table of Ecoregion Characteristics
Information Type

(Use only information types from NIST SP 800-60, Volumes I and II as amended)

NIST 800-60 identifier for Associated Information Type

Confidentiality

Integrity

Availability

System Development

C.3.5.1

Low

Moderate

Low

Table 2‑3. Sensitivity Categorization of Information Types

Information Type

(Use only information types from NIST SP 800-60, Volumes I and II

as amended)

NIST 800-60 identifier for Associated Information Type

Confidentiality

Integrity

Availability






























    1. Security Objectives Categorization (FIPS 199)


Based on the information provided in Table 2 -3. Sensitivity Categorization of Information Types, for the Enter Information System Abbreviation, default to the high-water mark for the Information Types as identified in Table 2 -4. Security Impact Level below.

Table 2‑4. Security Impact Level



Security Objective

Low, Moderate or High

Confidentiality



Integrity



Availability



Through review and analysis, it has been determined that the baseline security categorization for the Enter Information System Abbreviation system is listed in the Table 2 -5. Baseline Security Configuration that follows.

Table 2‑5. Baseline Security Configuration



Enter Information System Abbreviation Security Categorization



Using this categorization, in conjunction with the risk assessment and any unique security requirements, we have established the security controls for this system, as detailed in this SSP.
    1. Digital Identity Determination


The digital identity information may be found in Attachment 3, Digital Identity Worksheet.

Note: NIST SP 800-63-3, Digital Identity Guidelines, does not recognize the four Levels of Assurance model previously used by federal agencies and described in OMB M-04-04, instead requiring agencies to individually select levels corresponding to each function being performed.

The digital identity level is

  1. Information System Owner


The following individual is identified as the system owner or functional proponent/advocate for this system.

Table 3‑6. Information System Owner



Information System Owner Information

Name



Title



Company / Organization

.

Address



Phone Number

<555-555-5555>

Email Address




  1. Authorizing Officials


Instruction: The Authorizing Official is determined by the path that the CSP is using to obtain an authorization.

JAB P-ATO: FedRAMP, JAB, as comprised of member representatives from the General Services Administration (GSA), Department of Defense (DoD) and Department of Homeland Security (DHS)

Agency Authority to Operate (ATO): Agency Authorizing Official name, title and contact information

Delete this and all other instructions from your final version of this document.

The Authorizing Official (AO) or Designated Approving Authority (DAA) for this information system is the Insert AO information as instructed above.



  1. Download 1.2 Mb.

    Share with your friends:
1   ...   18   19   20   21   22   23   24   25   ...   478




The database is protected by copyright ©ininet.org 2024
send message

    Main page