Fedramp system Security Plan (ssp) High Baseline Template


MA-4 What is the solution and how is it implemented?



Download 1.2 Mb.
Page291/478
Date16.12.2020
Size1.2 Mb.
#54609
1   ...   287   288   289   290   291   292   293   294   ...   478
FedRAMP-SSP-High-Baseline-Template
FedRAMP-SSP-High-Baseline-Template, North Carolina Summary Table of Ecoregion Characteristics
MA-4 What is the solution and how is it implemented?

Part a




Part b




Part c




Part d




Part e





MA-4 (2) Control Enhancement (M) (H)


The organization documents in the security plan for the information system, the policies and procedures for the establishment and use of nonlocal maintenance and diagnostic connections.

MA-4 (2)

Control Summary Information

Responsible Role:

Implementation Status (check all that apply):

Implemented

Partially implemented

☐ Planned

Alternative implementation

Not applicable



Control Origination (check all that apply):

Service Provider Corporate

☐ Service Provider System Specific

☐ Service Provider Hybrid (Corporate and System Specific)

☐ Configured by Customer (Customer System Specific)

☐ Provided by Customer (Customer System Specific)

☐ Shared (Service Provider and Customer Responsibility)

☐ Inherited from pre-existing FedRAMP Authorization for Click here to enter text. ,





MA-4 (2) What is the solution and how is it implemented?





MA-4 (3) Control Enhancement (H)


The organization:

  1. Requires that nonlocal maintenance and diagnostic services be performed from an information system that implements a security capability comparable to the capability implemented on the system being serviced; or

  2. Removes the component to be serviced from the information system prior to nonlocal maintenance or diagnostic services, sanitizes the component (with regard to organizational information) before removal from organizational facilities, and after the service is performed, inspects and sanitizes the component (with regard to potentially malicious software) before reconnecting the component to the information system.



MA-4 (3)

Control Summary Information

Responsible Role:

Implementation Status (check all that apply):

☐ Implemented

☐ Partially implemented

☐ Planned

☐ Alternative implementation

☐ Not applicable



Control Origination (check all that apply):

☐ Service Provider Corporate

☐ Service Provider System Specific

☐ Service Provider Hybrid (Corporate and System Specific)

☐ Configured by Customer (Customer System Specific)

☐ Provided by Customer (Customer System Specific)

☐ Shared (Service Provider and Customer Responsibility)

☐ Inherited from pre-existing FedRAMP Authorization for Click here to enter text. ,





MA-4 (3) What is the solution and how is it implemented?

Part a




Part b






Download 1.2 Mb.

Share with your friends:
1   ...   287   288   289   290   291   292   293   294   ...   478




The database is protected by copyright ©ininet.org 2024
send message

    Main page