Fedramp system Security Plan (ssp) High Baseline Template


SA-5 What is the solution and how is it implemented?



Download 1.2 Mb.
Page369/478
Date16.12.2020
Size1.2 Mb.
#54609
1   ...   365   366   367   368   369   370   371   372   ...   478
FedRAMP-SSP-High-Baseline-Template
FedRAMP-SSP-High-Baseline-Template, North Carolina Summary Table of Ecoregion Characteristics
SA-5 What is the solution and how is it implemented?

Part a




Part b




Part c




Part d




Part e





SA-8 Security Engineering Principles (M) (H)


The organization applies information system security engineering principles in the specification, design, development, implementation, and modification of the information system.

SA-8

Control Summary Information

Responsible Role:

Implementation Status (check all that apply):

Implemented

☐ Partially implemented

☐ Planned

Alternative implementation

Not applicable

Control Origination (check all that apply):

☐ Service Provider Corporate

☐ Service Provider System Specific

☐ Service Provider Hybrid (Corporate and System Specific)

☐ Configured by Customer (Customer System Specific)

☐ Provided by Customer (Customer System Specific)

☐ Shared (Service Provider and Customer Responsibility)

☐ Inherited from pre-existing FedRAMP Authorization for Click here to enter text. ,





SA-8 What is the solution and how is it implemented?





SA-9 External Information System Services (L) (M) (H)


The organization:

  1. Requires that providers of external information system services comply with organizational information security requirements and employ [FedRAMP Assignment: FedRAMP Security Controls Baseline(s) if Federal information is processed or stored within the external system] in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance;

  2. Defines and documents government oversight and user roles and responsibilities with regard to external information system services; and

  3. Employs [FedRAMP Assignment: Federal/FedRAMP Continuous Monitoring requirements must be met for external systems where Federal information is processed or stored] to monitor security control compliance by external service providers on an ongoing basis.

Additional FedRAMP Requirements and Guidance

Guidance: See the FedRAMP Documents page under Key Cloud Service Provider (CSP) Documents> Continuous Monitoring Strategy Guide
https://www.fedramp.gov/documents

Guidance: Independent Assessors should assess the risk associated with the use of external services. See the FedRAMP page under Key Cloud Service Provider (CSP) Documents>FedRAMP Authorization Boundary Guidance

SA-9

Control Summary Information

Responsible Role:

Parameter SA-9(a):

Parameter SA-9(c):

Implementation Status (check all that apply):

☐ Implemented

☐ Partially implemented

☐ Planned

☐ Alternative implementation

☐ Not applicable

Control Origination (check all that apply):

☐ Service Provider Corporate

☐ Service Provider System Specific

☐ Service Provider Hybrid (Corporate and System Specific)

☐ Configured by Customer (Customer System Specific)

☐ Provided by Customer (Customer System Specific)

☐ Shared (Service Provider and Customer Responsibility)

☐ Inherited from pre-existing FedRAMP Authorization for Click here to enter text. ,





SA-9 What is the solution and how is it implemented?

Part a




Part b




Part c






Download 1.2 Mb.

Share with your friends:
1   ...   365   366   367   368   369   370   371   372   ...   478



The database is protected by copyright ©ininet.org 2024
send message

    Main page
united states
total number
vast majority
federal government
other side
next generation
supreme court
information contained
current state
executive director
national association
middle east
east coast
general assembly
private sector
same time
west coast
united kingdom
united nations
total amount
full range
highest level
soviet union
european union
national academy