Fedramp security Assessment Framework
Download 135 Kb.
|
FedRAMP Security Assessment Framework 
Version 2.0     June 6, 2014
Executive Summary This document describes a general Security Assessment Framework (SAF) for the Federal Risk and Authorization Management Program (FedRAMP). FedRAMP is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud-based services. FedRAMP uses a “do once, use many times” framework that intends to save costs, time, and staff required to conduct redundant Agency security assessments and process monitoring reports. FedRAMP was developed in collaboration with the National Institute of Standards and Technology (NIST), the General Services Administration (GSA), the Department of Defense (DOD), and the Department of Homeland Security (DHS). Many other government agencies and working groups participated in reviewing and standardizing the controls, policies and procedures. Document Revision History
Table of Contents Executive Summary 4 Document Revision History 5 About this document 9 About this document 9 1.Who should use this document? 9 2.How this document is organized 9 3.How to contact us 9 4.FedRAMP Overview 10 4.1.Applicable Laws and Regulations 10 4.2.Applicable Standards and Guidance 10 4.3.FedRAMP Overview 11 4.4.Authorities 12 4.5.Purpose 12 4.6.Governance and Stakeholders 13 5.FedRAMP Requirements 16 5.1. Three Types of Packages 17 5.2.Contractual Language 18 5.3.Using a CSP Not Listed in the Repository 18 6.FedRAMP Security Assessment Framework 18 6.1.Document 19 6.2.Assess 21 6.3.Authorize 23 6.4.Monitor 25 7.Third Party Assessor Organizations (3PAO) 28 7.1.Requirements for Accreditation 28 7.2.Becoming an Accredited 3PAO 28 Appendix A – Acronyms and Glossary 30 Appendix B – FedRAMP Templates 32 Appendix C – Summary of FedRAMP Stakeholders 33 Appendix D – Application of SAF to Levels of Authorization 35 1.JAB Provisional Authorization 35 8.FedRAMP Agency ATO 35 9.FedRAMP CSP Supplied Process 36
List of Tables List of Figures
Directory: files -> 2015 2015 -> Fall 2013 Spring 2014 Program Data: Standard 1 Exhibit 4d 2015 -> Critical Kent: The Topographies Project: Beaches (2015). Background notes for Explorations of: From Whitstable into the Thanet Coast 2015 -> Science 10 Is Weather Becoming More Extreme? Sarah Stride 2015 -> Sports Law Developments (from May 10, 2014 through May 10, 2015) Index Download 135 Kb. Share with your friends:
|