CyberStrong FedRAMP Requirements Checklist

FEDRAMP REQUIREMENTS CHECKLIST

Speed up the FedRAMP certification process with CyberSaint.

FedRAMP requirements include a System Security Plan (SSP), a Security Assessment Plan (SAP), a Security Assessment Report (SAR), and a Plan of Action and Milestone (POAM). CyberSaint has all of these bases covered in one simple solution.

The FedRAMP Initial Authorization Package Checklist

System Security Plan (SSP)

• SSP ATTACHMENT 1 - Information Security Policies and Procedures (covering all control families)
• SSP ATTACHMENT 2 - User Guide
• SSP ATTACHMENT 3 - Digital Identity Worksheet
• SSP ATTACHMENT 4 - Privacy Threshold Analysis (PTA) & Privacy Impact Assessment (PIA)
• SSP ATTACHMENT 5 - Rule of Behavior (RoB)
• SSP ATTACHMENT 6 - Information System Contingency Plan (ISCP)
• SSP ATTACHMENT 7 - Configuration Management Plan (CMP)
• SSP ATTACHMENT 8 - Incident Response Plan (IRP)
• SSP ATTACHMENT 9 - Control Implementation Summary (CIS) Workbook
• SSP ATTACHMENT 10 - Federal Information Processing Standard (FIPS) 199
• SSP ATTACHMENT 11 - Separation of Duties Matrix
• SSP ATTACHMENT 12 - Laws and Regulations
• SSP ATTACHMENT 13 - Integrated Inventory Workbook\

Security Assessment Plan (SAP)

• SAP APPENDIX A - Security Test Case Procedures
• SAP APPENDIX B - Penetration Testing Plan and Methodology
• SAP APPENDIX C - 3PAO Supplied Deliverables (e.g., Penetration Test Rules of Engagement, Sampling Methodology)

Security Assessment Report (SAR)

• SAR APPENDIX A - Risk Exposure Table
• SAR APPENDIX B - Security Test Case Procedures
• SAR APPENDIX C - Infrastructure Scan Results
• SAR APPENDIX D - Database Scan Results
• SAR APPENDIX E - Web Scan Results
• SAR APPENDIX I - Auxiliary Documents (e.g., evidence artifacts)
• SAR APPENDIX J - Penetration Test Report

Plan of Action and Milestones (POA&M)

• Continuous Monitoring Strategy (required by CA-7)
• Continuous Monitoring Monthly Executive Summary