Fedramp system Security Plan (ssp) High Baseline Template


CM-3 Additional FedRAMP Requirements and Guidance



Download 1.2 Mb.
Page155/478
Date16.12.2020
Size1.2 Mb.
#54609
1   ...   151   152   153   154   155   156   157   158   ...   478
FedRAMP-SSP-High-Baseline-Template
FedRAMP-SSP-High-Baseline-Template, North Carolina Summary Table of Ecoregion Characteristics
CM-3 Additional FedRAMP Requirements and Guidance:

Requirement: The service provider establishes a central means of communicating major changes to or developments in the information system or environment of operations that may affect its services to the federal government and associated service consumers (e.g., electronic bulletin board, web status page). The means of communication are approved and accepted by the JAB/AO.

CM-3

Control Summary Information

Responsible Role:

Parameter CM-3(e):

Parameter CM-3(g)-1:

Parameter CM-3(g)-2:

Parameter CM-3(g)-3:

Implementation Status (check all that apply):

☐ Implemented

Partially implemented

Planned

☐ Alternative implementation

Not applicable

Control Origination (check all that apply):

Service Provider Corporate

☐ Service Provider System Specific

☐ Service Provider Hybrid (Corporate and System Specific)

☐ Configured by Customer (Customer System Specific)

☐ Provided by Customer (Customer System Specific)

☐ Shared (Service Provider and Customer Responsibility)

☐ Inherited from pre-existing FedRAMP Authorization for Click here to enter text. ,



CM-3 What is the solution and how is it implemented?

Part a




Part b




Part c




Part d




Part e




Part f




Part g





CM-3 (1) Control Enhancement (H)


The organization employs automated mechanisms to:

  1. Document proposed changes to the information system;

  2. Notify [Assignment: organization-defined configuration management approval authorities] of proposed changes to the information system and request change approval;

  3. Highlight proposed changes to the information system that have not been approved or disapproved by [FedRAMP Assignment: organization agreed upon time period];

  4. Prohibit changes to the information system until designated approvals are received;

  5. Document all changes to the information system; and

  6. Notify [FedRAMP Assignment: organization-defined configuration management approval authorities] when approved changes to the information system are completed.



CM-3 (1)

Control Summary Information

Responsible Role:

Parameter CM-3 (1)(b):

Parameter CM-3 (1)(c):

Parameter CM-3 (1)(f):

Implementation Status (check all that apply):

☐ Implemented

☐ Partially implemented

☐ Planned

☐ Alternative implementation

☐ Not applicable

Control Origination (check all that apply):

☐ Service Provider Corporate

☐ Service Provider System Specific

☐ Service Provider Hybrid (Corporate and System Specific)

☐ Configured by Customer (Customer System Specific)

☐ Provided by Customer (Customer System Specific)

☐ Shared (Service Provider and Customer Responsibility)

☐ Inherited from pre-existing FedRAMP Authorization for Click here to enter text. ,



CM-3 (1) What is the solution and how is it implemented?

Part a




Part b




Part c




Part d




Part e




Part f






Download 1.2 Mb.

Share with your friends:
1   ...   151   152   153   154   155   156   157   158   ...   478




The database is protected by copyright ©ininet.org 2024
send message

    Main page