Fedramp system Security Plan (ssp) High Baseline Template

AC-22 What is the solution and how is it implemented?

Download 1.2 Mb. Page 95/478 Date 16.12.2020 Size 1.2 Mb. #54609

Navigate this page:

• Awareness and Training (AT)
• AT-2 Security Awareness (L) (M) (H)
• AT-2 (2) Control Enhancement (M) (H)

2. Awareness and Training (AT)

AT-1 Security Awareness and Training Policy and Procedures (H)

1. 
   Develops, documents, and disseminates to [Assignment: organization-defined personnel or roles]:
   

1. 
   A security awareness and training policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and
   
2. 
   Procedures to facilitate the implementation of the security awareness and training policy and associated security awareness and training controls; and
   

2. 
   Reviews and updates the current:
   

1. 
   Security awareness and training policy [FedRAMP Assignment: at least annually]; and
   
2. 
   Security awareness and training procedures [FedRAMP Assignment: at least annually or whenever a significant change occurs].
   

AT-2 Security Awareness (L) (M) (H)

The organization provides basic security awareness training to information system users (including managers, senior executives, and contractors):

1. 
   As part of initial training for new users;
   
2. 
   When required by information system changes; and
   
3. 
   [FedRAMP Assignment: at least annually] thereafter.
   

AT-2	Control Summary Information
Responsible Role:
Parameter AT-2(c):
Implementation Status (check all that apply): ☐ Implemented ☐ Partially implemented ☐ Planned ☐ Alternative implementation ☐ Not applicable
Control Origination (check all that apply): ☐ Service Provider Corporate ☐ Service Provider System Specific ☐ Service Provider Hybrid (Corporate and System Specific) ☐ Configured by Customer (Customer System Specific) ☐ Provided by Customer (Customer System Specific) ☐ Shared (Service Provider and Customer Responsibility) ☐ Inherited from pre-existing FedRAMP Authorization for Click here to enter text. ,

AT-2 What is the solution and how is it implemented?
Part a
Part b
Part c

AT-2 (2) Control Enhancement (M) (H)

The organization includes security awareness training on recognizing and reporting potential indicators of insider threat.

AT-2 (2)	Control Summary Information
Responsible Role:
Implementation Status (check all that apply): ☐ Implemented ☐ Partially implemented ☐ Planned ☐ Alternative implementation ☐ Not applicable
Control Origination (check all that apply): ☐ Service Provider Corporate ☐ Service Provider System Specific ☐ Service Provider Hybrid (Corporate and System Specific) ☐ Configured by Customer (Customer System Specific) ☐ Provided by Customer (Customer System Specific) ☐ Shared (Service Provider and Customer Responsibility) ☐ Inherited from pre-existing FedRAMP Authorization for Click here to enter text. ,

AT-2 (2) What is the solution and how is it implemented?

Download 1.2 Mb.

Share with your friends: