Fedramp system Security Plan (ssp) High Baseline Template


IR-8(e) Additional FedRAMP Requirements and Guidance



Download 1.2 Mb.
Page278/478
Date16.12.2020
Size1.2 Mb.
#54609
1   ...   274   275   276   277   278   279   280   281   ...   478
FedRAMP-SSP-High-Baseline-Template
FedRAMP-SSP-High-Baseline-Template, North Carolina Summary Table of Ecoregion Characteristics
IR-8(e) Additional FedRAMP Requirements and Guidance:

Requirement: The service provider defines a list of incident response personnel (identified by name and/or by role) and organizational elements. The incident response list includes designated FedRAMP personnel.

  1. Protects the incident response plan from unauthorized disclosure and modification.



IR-8

Control Summary Information

Responsible Role:

Parameter IR-8(a)(8):

Parameter IR-8(b):

Parameter IR-8(c):

Parameter IR-8(e):

Implementation Status (check all that apply):

Implemented

Partially implemented

☐ Planned

Alternative implementation

Not applicable

Control Origination (check all that apply):

Service Provider Corporate

☐ Service Provider System Specific

☐ Service Provider Hybrid (Corporate and System Specific)

☐ Configured by Customer (Customer System Specific)

☐ Provided by Customer (Customer System Specific)

☐ Shared (Service Provider and Customer Responsibility)

☐ Inherited from pre-existing FedRAMP Authorization for Click here to enter text. ,



IR-8 What is the solution and how is it implemented?

Part a




Part b




Part c




Part d




Part e




Part f





IR-9 Information Spillage Response (M) (H)


The organization responds to information spills by:

  1. Identifying the specific information involved in the information system contamination;

  2. Alerting [Assignment: organization-defined personnel or roles] of the information spill using a method of communication not associated with the spill;

  3. Isolating the contaminated information system or system component;

  4. Eradicating the information from the contaminated information system or component;

  5. Identifying other information systems or system components that may have been subsequently contaminated; and

  6. Performing other [Assignment: organization-defined actions].



IR-9

Control Summary Information

Responsible Role:

Parameter IR-9(b):

Parameter IR-9(f):

Implementation Status (check all that apply):

☐ Implemented

☐ Partially implemented

☐ Planned

☐ Alternative implementation

☐ Not applicable

Control Origination (check all that apply):

☐ Service Provider Corporate

☐ Service Provider System Specific

☐ Service Provider Hybrid (Corporate and System Specific)

☐ Configured by Customer (Customer System Specific)

☐ Provided by Customer (Customer System Specific)

☐ Shared (Service Provider and Customer Responsibility)

☐ Inherited from pre-existing FedRAMP Authorization for Click here to enter text. ,



IR-9 What is the solution and how is it implemented?

Part a




Part b




Part c




Part d




Part e




Part f





IR-9 (1) Control Enhancement (M) (H)


The organization assigns [Assignment: organization-defined personnel or roles] with responsibility for responding to information spills.

IR-9 (1)

Control Summary Information

Responsible Role:

Parameter IR-9 (1):

Implementation Status (check all that apply):

☐ Implemented

☐ Partially implemented

☐ Planned

☐ Alternative implementation

☐ Not applicable

Control Origination (check all that apply):

☐ Service Provider Corporate

☐ Service Provider System Specific

☐ Service Provider Hybrid (Corporate and System Specific)

☐ Configured by Customer (Customer System Specific)

☐ Provided by Customer (Customer System Specific)

☐ Shared (Service Provider and Customer Responsibility)

☐ Inherited from pre-existing FedRAMP Authorization for Click here to enter text. ,



IR-9 (1) What is the solution and how is it implemented?






Download 1.2 Mb.

Share with your friends:
1   ...   274   275   276   277   278   279   280   281   ...   478




The database is protected by copyright ©ininet.org 2024
send message

    Main page