Fedramp system Security Plan (ssp) High Baseline Template


Control Summary Information



Download 1.2 Mb.
Page299/478
Date16.12.2020
Size1.2 Mb.
#54609
1   ...   295   296   297   298   299   300   301   302   ...   478
FedRAMP-SSP-High-Baseline-Template
FedRAMP-SSP-High-Baseline-Template, North Carolina Summary Table of Ecoregion Characteristics
Control Summary Information

Responsible Role:

Parameter MP-4(a)-1:

Parameter MP-4(a)-2:

Implementation Status (check all that apply):

Implemented

☐ Partially implemented

☐ Planned

Alternative implementation

Not applicable



Control Origination (check all that apply):

☐ Service Provider Corporate

☐ Service Provider System Specific

☐ Service Provider Hybrid (Corporate and System Specific)

☐ Configured by Customer (Customer System Specific)

☐ Provided by Customer (Customer System Specific)

☐ Shared (Service Provider and Customer Responsibility)

☐ Inherited from pre-existing FedRAMP Authorization for Click here to enter text. ,





MP-4 What is the solution and how is it implemented?

Part a




Part b





MP-5 Media Transport (M) (H)


The organization:

  1. Protects and controls [FedRAMP Assignment: all media with sensitive information] during transport outside of controlled areas using [FedRAMP Assignment: for digital media, encryption using a FIPS 140-2 validated encryption module; for non-digital media, secured in locked container];

MP-5a Additional FedRAMP Requirements and Guidance:

Requirement: The service provider defines security measures to protect digital and non-digital media in transport. The security measures are approved and accepted by the JAB/AO.

  1. Maintains accountability for information system media during transport outside of controlled areas;

  2. Documents activities associated with the transport of information system media; and

  3. Restricts the activities associated with transport of information system media to authorized personnel.



MP-5

Control Summary Information

Responsible Role:

Parameter MP-5(a)-1:

Parameter MP-5(a)-2:

Implementation Status (check all that apply):

☐ Implemented

☐ Partially implemented

☐ Planned

☐ Alternative implementation

☐ Not applicable



Control Origination (check all that apply):

☐ Service Provider Corporate

☐ Service Provider System Specific

☐ Service Provider Hybrid (Corporate and System Specific)

☐ Configured by Customer (Customer System Specific)

☐ Provided by Customer (Customer System Specific)

☐ Shared (Service Provider and Customer Responsibility)

☐ Inherited from pre-existing FedRAMP Authorization for Click here to enter text. ,





MP-5 What is the solution and how is it implemented?

Part a




Part b




Part c




Part d






Download 1.2 Mb.

Share with your friends:
1   ...   295   296   297   298   299   300   301   302   ...   478




The database is protected by copyright ©ininet.org 2024
send message

    Main page