Fedramp system Security Plan (ssp) High Baseline Template

Control Summary Information

Download 1.2 Mb. Page 135/478 Date 16.12.2020 Size 1.2 Mb. #54609

FedRAMP-SSP-High-Baseline-Template
FedRAMP-SSP-High-Baseline-Template, North Carolina Summary Table of Ecoregion Characteristics

Navigate this page:

• CA-1 What is the solution and how is it implemented Part a
• CA-2 Additional FedRAMP Requirements and Guidance Guidance
• CA-2 What is the solution and how is it implemented Part a

Control Summary Information

Responsible Role:

Parameter CA-1 (a):

Parameter CA-1 (b)(1):

Parameter CA-1 (b)(2):

Implementation Status (check all that apply): ☐ Implemented ☐ Partially implemented ☐ Planned ☐ Alternative implementation ☐ Not applicable

Control Origination (check all that apply): ☐ Service Provider Corporate ☐ Service Provider System Specific ☐ Service Provider Hybrid (Corporate and System Specific)

CA-1 What is the solution and how is it implemented?
Part a
Part b

CA-2 Security Assessments (L) (M) (H)

The organization:

1. 
   Develops a security assessment plan that describes the scope of the assessment including:
   

1. 
   Security controls and control enhancements under assessment;
   
2. 
   Assessment procedures to be used to determine security control effectiveness; and
   
3. 
   Assessment environment, assessment team, and assessment roles and responsibilities;
   

2. 
   Assesses the security controls in the information system and its environment of operation [FedRAMP Assignment: at least annually] to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting established security requirements;
   
3. 
   Produces a security assessment report that documents the results of the assessment; and
   
4. 
   Provides the results of the security control assessment to [FedRAMP Assignment: individuals or roles to include the FedRAMP Program Management Office (PMO)].
   

CA-2 Additional FedRAMP Requirements and Guidance

Guidance: See the FedRAMP Documents page under Key Cloud Service

Provider (CSP) Documents> Annual Assessment Guidance

https://www.FedRAMP.gov/documents/

CA-2	Control Summary Information
Responsible Role:
Parameter CA-2 (b):
Parameter CA-2 (d):
Implementation Status (check all that apply): ☐ Implemented ☐ Partially implemented ☐ Planned ☐ Alternative implementation ☐ Not applicable
Control Origination (check all that apply): ☐ Service Provider Corporate ☐ Service Provider System Specific ☐ Service Provider Hybrid (Corporate and System Specific) ☐ Configured by Customer (Customer System Specific) ☐ Provided by Customer (Customer System Specific) ☐ Shared (Service Provider and Customer Responsibility) ☐ Inherited from pre-existing FedRAMP Authorization for Click here to enter text. ,

CA-2 What is the solution and how is it implemented?
Part a
Part b
Part c
Part d

Download 1.2 Mb.

Share with your friends: