Fedramp system Security Plan (ssp) High Baseline Template


PL-4 What is the solution and how is it implemented?



Download 1.2 Mb.
Page337/478
Date16.12.2020
Size1.2 Mb.
#54609
1   ...   333   334   335   336   337   338   339   340   ...   478
FedRAMP-SSP-High-Baseline-Template
FedRAMP-SSP-High-Baseline-Template, North Carolina Summary Table of Ecoregion Characteristics
PL-4 What is the solution and how is it implemented?

Part a




Part b




Part c




Part d





PL-4 (1) Control Enhancement (M) (H)


The organization includes in the rules of behavior, explicit restrictions on the use of social media/ networking sites and posting organizational information on public websites.

PL-4 (1)

Control Summary Information

Responsible Role:

Implementation Status (check all that apply):

☐ Implemented

Partially implemented

☐ Planned

Alternative implementation

☐ Not applicable

Control Origination (check all that apply):

Service Provider Corporate

☐ Service Provider System Specific

☐ Service Provider Hybrid (Corporate and System Specific)

☐ Configured by Customer (Customer System Specific)

☐ Provided by Customer (Customer System Specific)

☐ Shared (Service Provider and Customer Responsibility)

☐ Inherited from pre-existing FedRAMP Authorization for Click here to enter text. ,





PL-4 (1) What is the solution and how is it implemented?





PL-8 Information Security Architecture (M) (H)


The organization:

  1. Develops an information security architecture for the information system that:

    1. Describes the overall philosophy, requirements, and approach to be taken with regard to protecting the confidentiality, integrity, and availability of organizational information;

    2. Describes how the information security architecture is integrated into and supports the enterprise architecture; and

    3. Describes any information security assumptions about, and dependencies on, external services;

  1. Reviews and updates the information security architecture [FedRAMP Assignment: at least annually or when a significant change occurs] to reflect updates in the enterprise architecture; and

PL-8 (b) Additional FedRAMP Requirements and Guidance:

Guidance: Significant change is defined in NIST Special Publication 800-37 Revision 1, Appendix F, on Page F-8.

  1. Ensures that planned information security architecture changes are reflected in the security plan, the security Concept of Operations (CONOPS), and organizational procurements/acquisitions.



PL-8

Control Summary Information

Responsible Role:

Parameter PL-8(b):

Implementation Status (check all that apply):

☐ Implemented

☐ Partially implemented

☐ Planned

☐ Alternative implementation

☐ Not applicable

Control Origination (check all that apply):

☐ Service Provider Corporate

☐ Service Provider System Specific

☐ Service Provider Hybrid (Corporate and System Specific)

☐ Configured by Customer (Customer System Specific)

☐ Provided by Customer (Customer System Specific)

☐ Shared (Service Provider and Customer Responsibility)

☐ Inherited from pre-existing FedRAMP Authorization for Click here to enter text. ,





PL-8 What is the solution and how is it implemented?

Part a




Part b




Part c






    1. Download 1.2 Mb.

      Share with your friends:
1   ...   333   334   335   336   337   338   339   340   ...   478



The database is protected by copyright ©ininet.org 2024
send message

    Main page
united states
total number
vast majority
federal government
other side
next generation
supreme court
information contained
current state
executive director
national association
middle east
east coast
general assembly
private sector
same time
west coast
united kingdom
united nations
total amount
full range
highest level
soviet union
european union
national academy