Information Type
|
NIST SP 800-60 V2 R1
Recommended Confidentiality Impact Level
|
NIST SP 800-60 V2 R1
Recommended Integrity Impact Level
|
NIST SP 800-60 V2 R1
Recommended Availability Impact Level
|
CSP Selected Confidentiality Impact Level
|
CSP Selected Integrity Impact Level
|
CSP Selected Availability Impact Level
|
Statement
for Impact Adjustment Justification
|
Enter text.
|
Enter text.
|
Enter text.
|
Enter text.
|
Enter text.
|
Enter text.
|
Enter text.
|
Enter text.
|
Enter text.
|
Enter text.
|
Enter text.
|
Enter text.
|
Enter text.
|
Enter text.
|
Enter text.
|
Enter text.
|
Enter text.
|
Enter text.
|
Enter text.
|
Enter text.
|
Enter text.
|
Enter text.
|
Enter text.
|
Enter text.
|
Enter text.
|
Enter text.
|
Enter text.
|
Enter text.
|
Enter text.
|
Enter text.
|
Enter text.
|
Enter text.
|
Enter text.
|
Enter text.
|
Enter text.
|
Enter text.
|
Enter text.
|
Enter text.
|
Enter text.
|
Enter text.
|
Enter text.
|
Enter text.
|
Enter text.
|
Enter text.
|
Enter text.
|
Enter text.
|
Enter text.
|
Enter text.
|
Enter text.
|
Enter text.
|
Enter text.
|
Enter text.
|
Enter text.
|
Enter text.
|
Enter text.
|
Enter text.
|
Enter text.
|
Enter text.
|
Enter text.
|
Enter text.
|
Enter text.
|
Enter text.
|
Enter text.
|
Enter text.
|
Enter text.
|
Enter text.
|
Enter text.
|
Enter text.
|
Enter text.
|
Enter text.
|
Enter text.
|
Enter text.
|
Enter text.
|
Enter text.
|
Enter text.
|
Enter text.
|
Enter text.
|
Enter text.
|
Enter text.
|
Enter text.
|
Enter text.
|
Enter text.
|
Enter text.
|
Enter text.
|
Enter text.
|
Enter text.
|
Enter text.
|
Enter text.
|
Enter text.
|
Enter text.
|
Enter text.
|
Enter text.
|
Enter text.
|
Enter text.
|
Enter text.
|
Enter text.
|
Enter text.
|
Enter text.
|
Enter text.
|
Enter text.
|
Enter text.
|
Enter text.
|
Enter text.
|
Enter text.
|
Separation of Duties Matrix
All Authorization Packages have the option to provide a Separation of Duties Matrix attachment, which will be reviewed for quality.
Error: Reference source not found is referenced in the following controls.
Error: Reference source not found Additional FedRAMP Requirements and Guidance
FedRAMP Laws and Regulations
The Table 15 -32. FedRAMP Templates that Reference FedRAMP Laws and Regulations Standards and Guidance lists all of the FedRAMP templates in which FedRAMP laws, regulations, standards and guidance are referenced.
Table �15�‑32. FedRAMP Templates that Reference FedRAMP Laws and Regulations Standards and Guidance
Phase
|
Document Title
|
Document Phase
|
SSP
|
System Security Plan
|
|
SSP Attachment 4
|
PTA/PIA
|
Privacy Threshold Analysis and Privacy Impact Assessment
|
|
SSP Attachment 6
|
ISCP
|
Information System Contingency Plan
|
|
SSP Attachment 10
|
FIPS 199
|
FIPS 199 Categorization
|
Assess Phase
|
SAP
|
Security Assessment Plan
|
Authorize Phase
|
SAR
|
Security Assessment Report
|
The FedRAMP Laws and Regulations can be submitted as an appendix or an attachment. The attachment can be found on this page: Templates.
Note: All NIST Computer Security Publications can be found at the following
URL: http://csrc.nist.gov/publications/PubsSPs.html
FedRAMP Inventory Workbook
All Authorization Packages must the Inventory attachment, which will be reviewed for quality.
When completed, FedRAMP will accept this inventory workbook as the inventory information required by the following:
System Security Plan
Security Assessment Plan
Security Assessment Report
Information System Contingency Plan
Initial POAM
Monthly Continuous Monitoring (POAM or as a separate document)
The FedRAMP Inventory Workbook can be found on the following FedRAMP website page: Templates.
Note: A complete and detailed list of the system hardware and software inventory is required per NIST SP 800-53, Rev 4 CM-8.
Share with your friends: 
