Fedramp system Security Plan (ssp) High Baseline Template


Attachment 5Rules of Behavior 413



Download 1.2 Mb.
Page19/478
Date16.12.2020
Size1.2 Mb.
#54609
1   ...   15   16   17   18   19   20   21   22   ...   478
FedRAMP-SSP-High-Baseline-Template
FedRAMP-SSP-High-Baseline-Template, North Carolina Summary Table of Ecoregion Characteristics
Attachment 5Rules of Behavior 413

Attachment 6Information System Contingency Plan 414

Attachment 7Configuration Management Plan 415

Attachment 8Incident Response Plan 416

Attachment 9CIS Workbook 417

Attachment 10FIPS 199 418

Introduction and Purpose 418

Scope 418

System Description 419

Methodology 419

Attachment 11Separation of Duties Matrix 421

Attachment 12FedRAMP Laws and Regulations 422

Attachment 13FedRAMP Inventory Workbook 423


List of Figures

Figure 9‑1. Authorization Boundary Diagram 11

Figure 9‑2. Network Diagram 13

Figure 10‑3. Data Flow Diagram 14


Table 1‑1. Information System Name and Title 1

Table 2‑2. Security Categorization 1

Table 2‑3. Sensitivity Categorization of Information Types 3

Table 2‑4. Security Impact Level 3

Table 2‑5. Baseline Security Configuration 4

Table 3‑6. Information System Owner 4

Table 5‑7. Information System Management Point of Contact 5

Table 5‑8. Information System Technical Point of Contact 5

Table 6‑9. CSP Name Internal ISSO (or Equivalent) Point of Contact 6

Table 6‑10. AO Point of Contact 6

Table 7‑11. System Status 7

Table 8‑12. Service Layers Represented in this SSP 8

Table 8‑13. Cloud Deployment Model Represented in this SSP 9

Table 8‑14. Leveraged Authorizations 9

Table 9‑15. Personnel Roles and Privileges 12

Table 10‑16. Ports, Protocols and Services 15

Table 11‑17. System Interconnections 17

Table 12‑18. Information System Name Laws and Regulations 19

Table 12‑19. Information System Name Standards and Guidance 20

Table 13‑20. Summary of Required Security Controls 20

Table 13‑21. Control Origination and Definitions 28

Table 13‑22. CA-3 Authorized Connections 113

Table 15‑23. Names of Provided Attachments 403

Table 15‑24. Information System Name and Title 406

Table 15‑25. Mapping FedRAMP Levels to NIST SP 800-63-3 Levels 407

Table 15‑26. Potential Impacts for Assurance Levels 408

Table 15‑27. Digital Identity Level 409

Table 15‑28. Information System Name; Privacy POC 410

Table 15‑29. Laws and Regulations 411

Table 15‑30. Standards and Guidance 411

Table 15‑31. CSP Applicable Information Types with Security Impact Levels Using NIST SP 800-60 V2 R1 420

Table 15‑32. FedRAMP Templates that Reference FedRAMP Laws and Regulations Standards and Guidance 422



System Security Plan Approvals

Cloud Service Provider Signatures

Name



Date



Title



Cloud Service Provider

CSP Name










Name



Date



Title



Cloud Service Provider

CSP Name










Name



Date



Title



Cloud Service Provider

CSP Name









  1. Download 1.2 Mb.

    Share with your friends:
1   ...   15   16   17   18   19   20   21   22   ...   478



The database is protected by copyright ©ininet.org 2024
send message
    Main page
united states
total number
vast majority
federal government
other side
next generation
supreme court
information contained
current state
executive director
national association
middle east
east coast
general assembly
private sector
same time
west coast
united kingdom
united nations
total amount
full range
highest level
soviet union
european union
national academy