Fedramp system Security Plan (ssp) High Baseline Template


Control Summary Information



Download 1.2 Mb.
Page342/478
Date16.12.2020
Size1.2 Mb.
#54609
1   ...   338   339   340   341   342   343   344   345   ...   478
FedRAMP-SSP-High-Baseline-Template
FedRAMP-SSP-High-Baseline-Template, North Carolina Summary Table of Ecoregion Characteristics
Control Summary Information

Responsible Role:

Parameter PS-4(a):

Parameter PS-4(c):

Parameter PS-4(f)-1:

Parameter PS-4(f)-2:

Implementation Status (check all that apply):

Implemented

Partially implemented

☐ Planned

Alternative implementation

Not applicable



Control Origination (check all that apply):

Service Provider Corporate

☐ Service Provider System Specific

☐ Service Provider Hybrid (Corporate and System Specific)

☐ Configured by Customer (Customer System Specific)

☐ Provided by Customer (Customer System Specific)

☐ Shared (Service Provider and Customer Responsibility)

☐ Inherited from pre-existing FedRAMP Authorization for Click here to enter text. ,





PS-4 What is the solution and how is it implemented?

Part a




Part b




Part c




Part d




Part e




Part f





PS-4 (2) Control Enhancement (H)


The organization employs automated mechanisms to notify [FedRAMP Assignment: access control personnel responsible for disabling access to the system] upon termination of an individual.

PS-4 (2)

Control Summary Information

Responsible Role:

Parameter PS-4 (2):

Implementation Status (check all that apply):

☐ Implemented

☐ Partially implemented

☐ Planned

☐ Alternative implementation

☐ Not applicable



Control Origination (check all that apply):

☐ Service Provider Corporate

☐ Service Provider System Specific

☐ Service Provider Hybrid (Corporate and System Specific)

☐ Configured by Customer (Customer System Specific)

☐ Provided by Customer (Customer System Specific)

☐ Shared (Service Provider and Customer Responsibility)

☐ Inherited from pre-existing FedRAMP Authorization for Click here to enter text. ,





PS-4 (2) What is the solution and how is it implemented?





PS-5 Personnel Transfer (H)


The organization:

  1. Reviews and confirms ongoing operational need for current logical and physical access authorizations to information systems/facilities when individuals are reassigned or transferred to other positions within the organization;

  2. Initiates [Assignment: organization-defined transfer or reassignment actions] within [FedRAMP Assignment: twenty-four (24) hours];

  3. Modifies access authorization as needed to correspond with any changes in operational need due to reassignment or transfer; and

  4. Notifies [Assignment: organization-defined personnel or roles] within [FedRAMP Assignment: twenty-four (24) hours].



PS-5

Control Summary Information

Responsible Role:

Parameter PS-5(b)-1:

Parameter PS-5(b)-2:

Parameter PS-5(d)-1:

Parameter PS-5(d)-2:

Implementation Status (check all that apply):

☐ Implemented

☐ Partially implemented

☐ Planned

☐ Alternative implementation

☐ Not applicable



Control Origination (check all that apply):

☐ Service Provider Corporate

☐ Service Provider System Specific

☐ Service Provider Hybrid (Corporate and System Specific)

☐ Configured by Customer (Customer System Specific)

☐ Provided by Customer (Customer System Specific)

☐ Shared (Service Provider and Customer Responsibility)

☐ Inherited from pre-existing FedRAMP Authorization for Click here to enter text. ,





PS-5 What is the solution and how is it implemented?

Part a




Part b




Part c




Part d





PS-6 Access Agreements (H)


The organization:

  1. Develops and documents access agreements for organizational information systems;

  2. Reviews and updates the access agreements [FedRAMP Assignment: at least annually]; and

  3. Ensures that individuals requiring access to organizational information and information systems:

    1. Sign appropriate access agreements prior to being granted access; and

    2. Re-sign access agreements to maintain access to organizational information systems when access agreements have been updated or [FedRAMP Assignment: at least annually and any time there is a change to the user's level of access].



PS-6

Control Summary Information

Responsible Role:

Parameter PS-6(b):

Parameter PS-6(c)(2):

Implementation Status (check all that apply):

☐ Implemented

☐ Partially implemented

☐ Planned

☐ Alternative implementation

☐ Not applicable



Control Origination (check all that apply):

☐ Service Provider Corporate

☐ Service Provider System Specific

☐ Service Provider Hybrid (Corporate and System Specific)

☐ Configured by Customer (Customer System Specific)

☐ Provided by Customer (Customer System Specific)

☐ Shared (Service Provider and Customer Responsibility)

☐ Inherited from pre-existing FedRAMP Authorization for Click here to enter text. ,





PS-6 What is the solution and how is it implemented?

Part a




Part b




Part c






Download 1.2 Mb.

Share with your friends:
1   ...   338   339   340   341   342   343   344   345   ...   478




The database is protected by copyright ©ininet.org 2024
send message

    Main page