Fedramp system Security Plan (ssp) High Baseline Template


Control Summary Information



Download 1.2 Mb.
Page333/478
Date16.12.2020
Size1.2 Mb.
#54609
1   ...   329   330   331   332   333   334   335   336   ...   478
FedRAMP-SSP-High-Baseline-Template
FedRAMP-SSP-High-Baseline-Template, North Carolina Summary Table of Ecoregion Characteristics
Control Summary Information

Responsible Role:

Parameter PL-1(a):

Parameter PL-1(b)(1):

Parameter PL-1(b)(2):

Implementation Status (check all that apply):

Implemented

☐ Partially implemented

☐ Planned

Alternative implementation

Not applicable



Control Origination (check all that apply):

☐ Service Provider Corporate

☐ Service Provider System Specific

☐ Service Provider Hybrid (Corporate and System Specific)





PL-1 What is the solution and how is it implemented?

Part a




Part b





PL-2 System Security Plan (L) (M) (H)


The organization:

  1. Develops a security plan for the information system that:

  1. Is consistent with the organization’s enterprise architecture;

  2. Explicitly defines the authorization boundary for the system;

  3. Describes the operational context of the information system in terms of missions and business processes;

  4. Provides the security categorization of the information system including supporting rationale;

  5. Describes the operational environment for the information system and relationships with or connections to other information;

  6. Provides an overview of the security requirements for the system;

  7. Identifies any relevant overlays, if applicable;

  8. Describes the security controls in place or planned for meeting those requirements including a rationale for the tailoring decisions; and

  9. Is reviewed and approved by the authorizing official or designated representative prior to plan implementation;

  1. Distributes copies of the security plan and communicates subsequent changes to the plan to [Assignment: organization-defined personnel or roles];

  2. Reviews the security plan for the information system [FedRAMP Assignment: at least annually];

  3. Updates the plan to address changes to the information system/environment of operation or problems identified during plan implementation or security control assessments; and

  4. Protects the security plan from unauthorized disclosure and modification.



PL-2

Control Summary Information

Responsible Role:

Parameter PL-2(b):

Parameter PL-2(c):

Implementation Status (check all that apply):

☐ Implemented

☐ Partially implemented

☐ Planned

☐ Alternative implementation

☐ Not applicable



Control Origination (check all that apply):

☐ Service Provider Corporate

☐ Service Provider System Specific

☐ Service Provider Hybrid (Corporate and System Specific)

☐ Configured by Customer (Customer System Specific)

☐ Provided by Customer (Customer System Specific)

☐ Shared (Service Provider and Customer Responsibility)

☐ Inherited from pre-existing FedRAMP Authorization for Click here to enter text. ,





PL-2 What is the solution and how is it implemented?

Part a




Part b




Part c




Part d




Part e






Download 1.2 Mb.

Share with your friends:
1   ...   329   330   331   332   333   334   335   336   ...   478




The database is protected by copyright ©ininet.org 2024
send message

    Main page