Presentation is loading. Please wait.

Presentation is loading. Please wait.

PAGE www.fedramp.gov Agency ATO Quick Guide 1 December 23, 2014 www.fedramp.gov.

Published byMiya Denier Modified over 9 years ago

Similar presentations

Presentation on theme: "PAGE www.fedramp.gov Agency ATO Quick Guide 1 December 23, 2014 www.fedramp.gov."— Presentation transcript:

1 PAGE www.fedramp.gov Agency ATO Quick Guide 1 December 23, 2014 www.fedramp.gov

2 PAGE www.fedramp.gov 2 The agency ATO process should follow the FedRAMP Security Assessment Framework (SAF) The SAF is based on the NIST Risk Management Framework The FedRAMP Security Assessment Framework is a available at FedRAMP.gov on the Templates and Key Documents webpageFedRAMP Security Assessment Framework Assessment Process

3 PAGE www.fedramp.gov 3 ATO Packages submitted to FedRAMP should have the following FedRAMP templates included. The PMO will check these documents for completeness FedRAMP Templates are available at FedRAMP.gov on the Templates and Key Documents webpage We suggest that you use the Test Cases that we released in Excel format for public comment: http://cloud.cio.gov/docume nt/rev-4-test-case-workbook http://cloud.cio.gov/docume nt/rev-4-test-case-workbook Security Assessment Plan (SAP) Test Case Workbook Security Assessment Report (SAR) Plan of Action and Milestone (POA&M) ATO Letter Cert Letter Document Check List – FedRAMP Templates FedRAMP Templates Available: FIPS 199 Control Implementation Summary (CIS) System Security Plan Information System Security Policy User Guide E-Authentication Template Privacy Threshold Analysis (PTA) / Privacy Impact Analysis (PIA) Rules of Behavior (ROB) IT Contingency Plan

4 PAGE www.fedramp.gov 4 The Agency ATO Packages submitted to FedRAMP should have the following documents included. The PMO will check these documents for completeness The documents listed on this slide do not have an FedRAMP template Document Check List – Documents without a FedRAMP Template No Template Available: Policies and procedures Business Impact Analysis Configuration Management Plan Incident Response Plan Interconnection Security Agreement (ISA / MOU) Penetration Test Plan

5 PAGE www.fedramp.gov 5 Included with the authorization package should be a Certification Letter and ATO Memo detailing your agency’s authorization. A sample Certification Letter is attached below: You can find the Sample FedRAMP ATO Memo Template at FedRAMP.gov on the Templates and Key Documents webpageFedRAMP ATO Memo Template Sample ATO and Cert Letter Templates

Download ppt "PAGE www.fedramp.gov Agency ATO Quick Guide 1 December 23, 2014 www.fedramp.gov."

Similar presentations

Federal Risk and Authorization Management Program (FedRAMP) Lisa Carnahan, Computer Scientist National Institute of Standards & Technology Standards Coordination.

Federal Risk and Authorization Management Program (FedRAMP) Lisa Carnahan, Computer Scientist National Institute of Standards & Technology Standards Coordination.
PAGE www.fedramp.gov Quick Guide to the FedRAMP Readiness Process 1 August 2014 Presented by: FedRAMP PMO www.fedramp.gov.

PAGE Quick Guide to the FedRAMP Readiness Process 1 August 2014 Presented by: FedRAMP PMO
NIH Security, FISMA and EPLC Lots of Updates! Where do we start? Kay Coupe NIH FISMA Program Coordinator Office of the Chief Information Officer Project.

NIH Security, FISMA and EPLC Lots of Updates! Where do we start? Kay Coupe NIH FISMA Program Coordinator Office of the Chief Information Officer Project.
United States DoD Public Key Infrastructure: Deploying the PKI Token

United States DoD Public Key Infrastructure: Deploying the PKI Token
DoD Information Assurance Certification and Accreditation Process (DIACAP) August 2011.

DoD Information Assurance Certification and Accreditation Process (DIACAP) August 2011.
National Institute of Standards and Technology 1 NIST Guidance and Standards on System Level Information Security Management Dr. Alicia Clay Deputy Chief.

National Institute of Standards and Technology 1 NIST Guidance and Standards on System Level Information Security Management Dr. Alicia Clay Deputy Chief.
PAGE www.fedramp.gov Agency ATO Quick Guide 1 May 1, 2015 www.fedramp.gov.

PAGE Agency ATO Quick Guide 1 May 1,
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
PAGE[classification marking]www.fedramp.gov[classification marking] FedRAMP Government Discussion Matt Goodrich, FedRAMP Director January 14, 2015 www.fedramp.gov.

PAGE[classification marking] marking] FedRAMP Government Discussion Matt Goodrich, FedRAMP Director January 14,
Risk Management Framework

Risk Management Framework
Federal IT Security Professional - Manager FITSP-M Module 1.

Federal IT Security Professional - Manager FITSP-M Module 1.
Glenn Research Center at Lewis Field Software Assurance of Web-based Applications SAWbA Tim Kurtz SAIC/GRC Software Assurance Symposium 2004.

Glenn Research Center at Lewis Field Software Assurance of Web-based Applications SAWbA Tim Kurtz SAIC/GRC Software Assurance Symposium 2004.
[Insert Project Name] Preliminary Design Review (PDR) [Insert Date of PDR] Centers for Medicare & Medicaid Services eXpedited Life Cycle (XLC)

[Insert Project Name] Preliminary Design Review (PDR) [Insert Date of PDR] Centers for Medicare & Medicaid Services eXpedited Life Cycle (XLC)
Complying With The Federal Information Security Act (FISMA)

Complying With The Federal Information Security Act (FISMA)
Ensuring Information Security

Ensuring Information Security
An overview of the NIST Risk Management Framework ISA 652 Fall 2010

An overview of the NIST Risk Management Framework ISA 652 Fall 2010
FedRAMP Federal Risk and Authorization Management Program Industry Day June 4, 2014 Industry Day.

FedRAMP Federal Risk and Authorization Management Program Industry Day June 4, 2014 Industry Day.
Panel: Moderator: Michele Iversen Guest Experts: Dr. Ron Ross, Rod Beckstrom, Bob Wandell.

Panel: Moderator: Michele Iversen Guest Experts: Dr. Ron Ross, Rod Beckstrom, Bob Wandell.
NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 1 Information Security Standards Promoting Trust, Transparency, and Due Diligence E-Gov Washington Workshop.

NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 1 Information Security Standards Promoting Trust, Transparency, and Due Diligence E-Gov Washington Workshop.
Applied Technology Services, Inc. Your Partner in Technology www.appliedtechnologyservices.com Applied Technology Services, Inc. Your Partner in Technology.

Applied Technology Services, Inc. Your Partner in Technology Applied Technology Services, Inc. Your Partner in Technology.

Similar presentations

Ads by Google