Fedramp system Security Plan (ssp) High Baseline Template

IR-8(e) Additional FedRAMP Requirements and Guidance

Download 1.2 Mb.

Page	278/478
Date	16.12.2020
Size	1.2 Mb.
	#54609

1 ... 274 275 276 277 278 279 280 281 ... 478

FedRAMP-SSP-High-Baseline-Template
FedRAMP-SSP-High-Baseline-Template, North Carolina Summary Table of Ecoregion Characteristics

IR-9 Information Spillage Response (M) (H)
IR-9 (1) Control Enhancement (M) (H)

IR-8(e) Additional FedRAMP Requirements and Guidance:

Requirement: The service provider defines a list of incident response personnel (identified by name and/or by role) and organizational elements. The incident response list includes designated FedRAMP personnel.

Protects the incident response plan from unauthorized disclosure and modification.

IR-8	Control Summary Information
Responsible Role:
Parameter IR-8(a)(8):
Parameter IR-8(b):
Parameter IR-8(c):
Parameter IR-8(e):
Implementation Status (check all that apply): ☐ Implemented ☐ Partially implemented ☐ Planned ☐ Alternative implementation ☐ Not applicable
Control Origination (check all that apply): ☐ Service Provider Corporate ☐ Service Provider System Specific ☐ Service Provider Hybrid (Corporate and System Specific) ☐ Configured by Customer (Customer System Specific) ☐ Provided by Customer (Customer System Specific) ☐ Shared (Service Provider and Customer Responsibility) ☐ Inherited from pre-existing FedRAMP Authorization for Click here to enter text. ,

IR-8 What is the solution and how is it implemented?
Part a
Part b
Part c
Part d
Part e
Part f

IR-9 Information Spillage Response (M) (H)

The organization responds to information spills by:

Identifying the specific information involved in the information system contamination;
Alerting [Assignment: organization-defined personnel or roles] of the information spill using a method of communication not associated with the spill;
Isolating the contaminated information system or system component;
Eradicating the information from the contaminated information system or component;
Identifying other information systems or system components that may have been subsequently contaminated; and
Performing other [Assignment: organization-defined actions].

IR-9	Control Summary Information
Responsible Role:
Parameter IR-9(b):
Parameter IR-9(f):
Implementation Status (check all that apply): ☐ Implemented ☐ Partially implemented ☐ Planned ☐ Alternative implementation ☐ Not applicable
Control Origination (check all that apply): ☐ Service Provider Corporate ☐ Service Provider System Specific ☐ Service Provider Hybrid (Corporate and System Specific) ☐ Configured by Customer (Customer System Specific) ☐ Provided by Customer (Customer System Specific) ☐ Shared (Service Provider and Customer Responsibility) ☐ Inherited from pre-existing FedRAMP Authorization for Click here to enter text. ,

IR-9 What is the solution and how is it implemented?
Part a
Part b
Part c
Part d
Part e
Part f

IR-9 (1) Control Enhancement (M) (H)

The organization assigns [Assignment: organization-defined personnel or roles] with responsibility for responding to information spills.

IR-9 (1)	Control Summary Information
Responsible Role:
Parameter IR-9 (1):
Implementation Status (check all that apply): ☐ Implemented ☐ Partially implemented ☐ Planned ☐ Alternative implementation ☐ Not applicable
Control Origination (check all that apply): ☐ Service Provider Corporate ☐ Service Provider System Specific ☐ Service Provider Hybrid (Corporate and System Specific) ☐ Configured by Customer (Customer System Specific) ☐ Provided by Customer (Customer System Specific) ☐ Shared (Service Provider and Customer Responsibility) ☐ Inherited from pre-existing FedRAMP Authorization for Click here to enter text. ,

IR-9 (1) What is the solution and how is it implemented?

Download 1.2 Mb.

Share with your friends:

1 ... 274 275 276 277 278 279 280 281 ... 478