Fedramp system Security Plan (ssp) High Baseline Template


Control Summary Information



Download 1.2 Mb.
Page308/478
Date16.12.2020
Size1.2 Mb.
#54609
1   ...   304   305   306   307   308   309   310   311   ...   478
FedRAMP-SSP-High-Baseline-Template
FedRAMP-SSP-High-Baseline-Template, North Carolina Summary Table of Ecoregion Characteristics
Control Summary Information

Responsible Role:

Parameter PE-1(a):

Parameter PE-1(b)(1):

Parameter PE-1(b)(2):

Implementation Status (check all that apply):

Implemented

Partially implemented

☐ Planned

☐ Alternative implementation

Not applicable



Control Origination (check all that apply):

Service Provider Corporate

☐ Service Provider System Specific

☐ Service Provider Hybrid (Corporate and System Specific)





PE-1 What is the solution and how is it implemented?

Part a




Part b





PE-2 Physical Access Authorizations (H)


The organization:

  1. Develops, approves, and maintains a list of individuals with authorized access to the facility where the information system resides;

  2. Issues authorization credentials for facility access;

  3. Reviews the access list detailing authorized facility access by individuals [FedRAMP Assignment: at least every ninety (90) days]; and

  4. Removes individuals from the facility access list when access is no longer required.



PE-2

Control Summary Information

Responsible Role:

Parameter PE-2(c):

Implementation Status (check all that apply):

☐ Implemented

☐ Partially implemented

☐ Planned

☐ Alternative implementation

☐ Not applicable



Control Origination (check all that apply):

☐ Service Provider Corporate

☐ Service Provider System Specific

☐ Service Provider Hybrid (Corporate and System Specific)

☐ Configured by Customer (Customer System Specific)

☐ Provided by Customer (Customer System Specific)

☐ Shared (Service Provider and Customer Responsibility)

☐ Inherited from pre-existing FedRAMP Authorization for Click here to enter text. ,





PE-2 What is the solution and how is it implemented?

Part a




Part b




Part c




Part d





PE-3 Physical Access Control (L) (M) (H)


The organization:

  1. Enforces physical access authorizations at [Assignment: organization-defined entry/exit points to the facility where the information system resides] by:

    1. Verifying individual access authorizations before granting access to the facility; and

    2. Controlling ingress/egress to the facility using [FedRAMP Assignment: CSP defined physical access control systems/devices AND guards];

  1. Maintains physical access audit logs for [Assignment: organization-defined entry/exit points];

  2. Provides [Assignment: organization-defined security safeguards] to control access to areas within the facility officially designated as publicly accessible;

  3. Escorts visitors and monitors visitor activity [FedRAMP Assignment: in all circumstances within restricted access area where the information system resides];

  4. Secures keys, combinations, and other physical access devices;

  5. Inventories [Assignment: organization-defined physical access devices] every [FedRAMP Assignment: at least annually]; and

  6. Changes combinations and keys [FedRAMP Assignment: at least annually] and/or when keys are lost, combinations are compromised, or individuals are transferred or terminated.



PE-3

Control Summary Information

Responsible Role:

Parameter PE-3(a):

Parameter PE-3(a)(2):

Parameter PE-3(b):

Parameter PE-3(c):

Parameter PE-3(d):

Parameter PE-3(f)-1:

Parameter PE-3(f)-2:

Parameter PE-3(g):

Implementation Status (check all that apply):

☐ Implemented

☐ Partially implemented

☐ Planned

☐ Alternative implementation

☐ Not applicable



Control Origination (check all that apply):

☐ Service Provider Corporate

☐ Service Provider System Specific

☐ Service Provider Hybrid (Corporate and System Specific)

☐ Configured by Customer (Customer System Specific)

☐ Provided by Customer (Customer System Specific)

☐ Shared (Service Provider and Customer Responsibility)

☐ Inherited from pre-existing FedRAMP Authorization for Click here to enter text. ,





PE-3 What is the solution and how is it implemented?

Part a




Part b




Part c




Part d




Part e




Part f




Part g





PE-3 (1) Control Enhancement (H)


The organization enforces physical access authorizations to the information system in addition to the physical access controls for the facility at [Assignment: organization-defined physical spaces containing components of the information system].

PE-3 (1)

Control Summary Information

Responsible Role:

Parameter PE-3 (1):

Implementation Status (check all that apply):

☐ Implemented

☐ Partially implemented

☐ Planned

☐ Alternative implementation

☐ Not applicable



Control Origination (check all that apply):

☐ Service Provider Corporate

☐ Service Provider System Specific

☐ Service Provider Hybrid (Corporate and System Specific)

☐ Configured by Customer (Customer System Specific)

☐ Provided by Customer (Customer System Specific)

☐ Shared (Service Provider and Customer Responsibility)

☐ Inherited from pre-existing FedRAMP Authorization for Click here to enter text. ,





PE-3 (1) What is the solution and how is it implemented?






Download 1.2 Mb.

Share with your friends:
1   ...   304   305   306   307   308   309   310   311   ...   478




The database is protected by copyright ©ininet.org 2024
send message

    Main page