Fedramp system Security Plan (ssp) High Baseline Template

Control Summary Information

Download 1.2 Mb.

Page	308/478
Date	16.12.2020
Size	1.2 Mb.
	#54609

1 ... 304 305 306 307 308 309 310 311 ... 478

FedRAMP-SSP-High-Baseline-Template
FedRAMP-SSP-High-Baseline-Template, North Carolina Summary Table of Ecoregion Characteristics

PE-2 Physical Access Authorizations (H)
PE-3 Physical Access Control (L) (M) (H)
PE-3 (1) Control Enhancement (H)

Control Summary Information

Responsible Role:
Parameter PE-1(a):
Parameter PE-1(b)(1):
Parameter PE-1(b)(2):
Implementation Status (check all that apply): ☐ Implemented ☐ Partially implemented ☐ Planned ☐ Alternative implementation ☐ Not applicable
Control Origination (check all that apply): ☐ Service Provider Corporate ☐ Service Provider System Specific ☐ Service Provider Hybrid (Corporate and System Specific)

PE-1 What is the solution and how is it implemented?
Part a
Part b

PE-2 Physical Access Authorizations (H)

The organization:

Develops, approves, and maintains a list of individuals with authorized access to the facility where the information system resides;
Issues authorization credentials for facility access;
Reviews the access list detailing authorized facility access by individuals [FedRAMP Assignment: at least every ninety (90) days]; and
Removes individuals from the facility access list when access is no longer required.

PE-2	Control Summary Information
Responsible Role:
Parameter PE-2(c):
Implementation Status (check all that apply): ☐ Implemented ☐ Partially implemented ☐ Planned ☐ Alternative implementation ☐ Not applicable
Control Origination (check all that apply): ☐ Service Provider Corporate ☐ Service Provider System Specific ☐ Service Provider Hybrid (Corporate and System Specific) ☐ Configured by Customer (Customer System Specific) ☐ Provided by Customer (Customer System Specific) ☐ Shared (Service Provider and Customer Responsibility) ☐ Inherited from pre-existing FedRAMP Authorization for Click here to enter text. ,

PE-2 What is the solution and how is it implemented?
Part a
Part b
Part c
Part d

PE-3 Physical Access Control (L) (M) (H)

The organization:

Enforces physical access authorizations at [Assignment: organization-defined entry/exit points to the facility where the information system resides] by:

Verifying individual access authorizations before granting access to the facility; and
Controlling ingress/egress to the facility using [FedRAMP Assignment: CSP defined physical access control systems/devices AND guards];

Maintains physical access audit logs for [Assignment: organization-defined entry/exit points];
Provides [Assignment: organization-defined security safeguards] to control access to areas within the facility officially designated as publicly accessible;
Escorts visitors and monitors visitor activity [FedRAMP Assignment: in all circumstances within restricted access area where the information system resides];
Secures keys, combinations, and other physical access devices;
Inventories [Assignment: organization-defined physical access devices] every [FedRAMP Assignment: at least annually]; and
Changes combinations and keys [FedRAMP Assignment: at least annually] and/or when keys are lost, combinations are compromised, or individuals are transferred or terminated.

PE-3	Control Summary Information
Responsible Role:
Parameter PE-3(a):
Parameter PE-3(a)(2):
Parameter PE-3(b):
Parameter PE-3(c):
Parameter PE-3(d):
Parameter PE-3(f)-1:
Parameter PE-3(f)-2:
Parameter PE-3(g):
Implementation Status (check all that apply): ☐ Implemented ☐ Partially implemented ☐ Planned ☐ Alternative implementation ☐ Not applicable
Control Origination (check all that apply): ☐ Service Provider Corporate ☐ Service Provider System Specific ☐ Service Provider Hybrid (Corporate and System Specific) ☐ Configured by Customer (Customer System Specific) ☐ Provided by Customer (Customer System Specific) ☐ Shared (Service Provider and Customer Responsibility) ☐ Inherited from pre-existing FedRAMP Authorization for Click here to enter text. ,

PE-3 What is the solution and how is it implemented?
Part a
Part b
Part c
Part d
Part e
Part f
Part g

PE-3 (1) Control Enhancement (H)

The organization enforces physical access authorizations to the information system in addition to the physical access controls for the facility at [Assignment: organization-defined physical spaces containing components of the information system].

PE-3 (1)	Control Summary Information
Responsible Role:
Parameter PE-3 (1):
Implementation Status (check all that apply): ☐ Implemented ☐ Partially implemented ☐ Planned ☐ Alternative implementation ☐ Not applicable
Control Origination (check all that apply): ☐ Service Provider Corporate ☐ Service Provider System Specific ☐ Service Provider Hybrid (Corporate and System Specific) ☐ Configured by Customer (Customer System Specific) ☐ Provided by Customer (Customer System Specific) ☐ Shared (Service Provider and Customer Responsibility) ☐ Inherited from pre-existing FedRAMP Authorization for Click here to enter text. ,

PE-3 (1) What is the solution and how is it implemented?

Download 1.2 Mb.

Share with your friends: