Check one.
☐
|
A Privacy Sensitive System
|
☐
|
Not a Privacy Sensitive System (in its current version)
|
The Privacy Impact Assessment Template can be found on the following FedRAMP website page: Templates.
Rules of Behavior
All Authorization Packages must include a Rules of Behavior (RoB) attachment, which will be reviewed for quality.
The RoB describes controls associated with user responsibilities and certain expectations of behavior for following security policies, standards and procedures. Security control PL-4 requires a CSP to implement rules of behavior.
The Rules of Behavior Template can be found on the following FedRAMP website page: Templates.
The Template provides two example sets of rules of behavior: one for Internal Users and one for External Users. The CSP should modify each of these two sets to define the rules of behavior necessary to secure their system.
Information System Contingency Plan
All Authorization Packages must include an Information System Contingency Plan attachment, which will be reviewed for quality.
The Information System Contingency Plan Template can be found on the following FedRAMP website page: Templates.
The Information System Contingency Plan Template is provided for CSPs, 3PAOs, government contractors working on FedRAMP projects, government employees working on FedRAMP projects and any outside organizations that want to make use of the FedRAMP Contingency Planning process.
Configuration Management Plan
All Authorization Packages must include a Configuration Management Plan attachment, which will be reviewed for quality.
Incident Response Plan
All Authorization Packages must include an Incident Response Plan attachment, which will be reviewed for quality.
CIS Workbook
All Authorization Packages must include Control Implementation Summary (CIS) Workbook attachment, which will be reviewed for quality.
The Template can be found on the following FedRAMP website page: Templates.
FIPS 199
This Attachment Section has been revised to include the FIPS 199 Template. Therefore, a separate PTA attachment is not needed. Delete this note and all other instructions from your final version of this document.
All Authorization Packages must include a Federal Information Processing Standard (FIPS) 199 Section, which will be reviewed for quality.
The FIPS-199 Categorization report includes the determination of the security impact level for the cloud environment that may host any or all of the service models: IaaS, PaaS and SaaS. The ultimate goal of the security categorization is for the CSP to be able to select and implement the FedRAMP security controls applicable to its environment.
Share with your friends: | 
