PAGE www.fedramp.gov Agency ATO Quick Guide 1 December 23, 2014 www.fedramp.gov.

Slides:



Advertisements
Similar presentations
Federal Risk and Authorization Management Program (FedRAMP) Lisa Carnahan, Computer Scientist National Institute of Standards & Technology Standards Coordination.
Advertisements

PAGE Quick Guide to the FedRAMP Readiness Process 1 August 2014 Presented by: FedRAMP PMO
NIH Security, FISMA and EPLC Lots of Updates! Where do we start? Kay Coupe NIH FISMA Program Coordinator Office of the Chief Information Officer Project.
United States DoD Public Key Infrastructure: Deploying the PKI Token
DoD Information Assurance Certification and Accreditation Process (DIACAP) August 2011.
National Institute of Standards and Technology 1 NIST Guidance and Standards on System Level Information Security Management Dr. Alicia Clay Deputy Chief.
PAGE Agency ATO Quick Guide 1 May 1,
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
PAGE[classification marking] marking] FedRAMP Government Discussion Matt Goodrich, FedRAMP Director January 14,
Risk Management Framework
Federal IT Security Professional - Manager FITSP-M Module 1.
Glenn Research Center at Lewis Field Software Assurance of Web-based Applications SAWbA Tim Kurtz SAIC/GRC Software Assurance Symposium 2004.
[Insert Project Name] Preliminary Design Review (PDR) [Insert Date of PDR] Centers for Medicare & Medicaid Services eXpedited Life Cycle (XLC)
Complying With The Federal Information Security Act (FISMA)
Ensuring Information Security
An overview of the NIST Risk Management Framework ISA 652 Fall 2010
FedRAMP Federal Risk and Authorization Management Program Industry Day June 4, 2014 Industry Day.
Panel: Moderator: Michele Iversen Guest Experts: Dr. Ron Ross, Rod Beckstrom, Bob Wandell.
NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 1 Information Security Standards Promoting Trust, Transparency, and Due Diligence E-Gov Washington Workshop.
Applied Technology Services, Inc. Your Partner in Technology Applied Technology Services, Inc. Your Partner in Technology.
N-Wave Shareholders Meeting May 23, 2012 N-Wave Security Update Lisa
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
Business and Systems Aligned. Business Empowered. TM Federal Identity Management Handbook May 5, 2005.
PAGE Agency ATO Quick Guide 1 September 21,
Disaster Recover Planning & Federal Information Systems Management Act Requirements December 2007 Central Maryland ISACA Chapter.
Module 20 STEP 10 Division Engineer’s Transmittal Letter
Understanding the Privacy Impact Assessment (PIA) Introduction The PIA is a checklist or tool to ensure that new or modified electronic collections of.
Federal Information Security Management Act (FISMA) By K. Brenner OCIO Internship Summer 2013.
Working with HIT Systems
1 MISA Model Douglas Petry Manager Information Security Architecture Methodist Health System Managed Information Security.
1 Lawrence Livermore National Laboratory LLNL NAPs Implementation Project NLIT 2009 Mark Dietrich, LLNL LLNL-PRES
Security Checklists for IT Products. Agenda Overview of Checklist Program Discussion of Operational Procedures Current Status Next Steps.
Planned Document Management Improvements Rob McKercher, Iain Goodenow, George Angeli.
1 Month End Procedures For The Purchase Card Program.
SecSDLC Chapter 2.
November 13, 2008www.infosecurity.ca.gov1 What’s New! Presented by Colleen Pedroza.
Commission on Teacher Credentialing Ensuring Educator Excellence 1 Program Assessment Technical Assistance Meetings December 2009.
NIST Computer Security Framework and Grids Original Slides by Irwin Gaines (FNAL) 20-Apr-2006 Freely Adapted by Bob Cowles (SLAC/OSG) for JSPG 13-Mar-2007.
Proposal Processing Proposals, Staffing Profiles, Financial Summary Hewlett-Packard Project & Portfolio Management Project & Portfolio Management Slide.
FISMA 101.
ROUNDTABLE New Tools & Initiatives for Addressing Medical Device Security Thursday, February 17, 9:45am ROUNDTABLE New Tools & Initiatives for Addressing.
US Department of State Jay Coplon. My Commitment You will get a sense for how we do C&A You will find value in being here All of your questions will be.
Policy, Standards and Guidelines Breakout Co-Chairs Victor Hazlewood OCIO Cyber Security, ORNL Kim Milford ISO, University of Rochester.
Learn Integrated Management System Documentation Process with Ready-to-use EQHSMS Documentation Kit
US Department of State Jay Coplon. My Commitment You will get a sense for how we do C&A You will find value in being here All of your questions will be.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
Grid Deployment Technical Working Groups: Middleware selection AAA,security Resource scheduling Operations User Support GDB Grid Deployment Resource planning,
Lesson 16-Templates and Wizards. Overview Use Word templates. Create new templates. Attach templates to documents. Modify templates. Use the Organizer.
ISSM 101 Break-Out Session
The Federal E-Authentication Initiative David Temoshok Director, Identity Policy GSA Office of Governmentwide Policy February 12, 2004 The E-Authentication.
Incorporating Privacy Into Systems Development Methodology Phil Moleski Director Corporate Information Technology Branch Saskatchewan Health
EAuthentication – Update on Federal Initiative Jacqueline Craig IR&C September 27, 2005.
 December 2010 US Chief Information Officer Vivek Kundra released the Federal Cloud Computing Strategy. This became to be what is known as “Cloud First”
The Cloud Abides The Challenges of Cloud Migration and Acquisition
The Risk Management Framework (RMF)
Agency ATO Quick Guide September 21, 2015
Defense Security Service
Security Checklists for IT Products
Computer Security Division Information Technology Laboratory
Special Publication Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations Dr. Ron Ross Computer Security.
Phase 4 Tollgate Review Discussion Template
Phase 4 Tollgate Review Discussion Template
Matrix Template and Example
Matthew Christian Dave Maddox Tim Toennies
Phase 4 Tollgate Review Discussion Template
Defense Security Service Risk Management Framework (RMF)
PRELIMINARY DESIGN Stage Gate Reviews
NCHER Knowledge Symposium Federal Contractor/TPS Session
1 Stadium Company Network. The Stadium Company Project Is a sports facility management company that manages a stadium. Stadium Company needs to upgrade.
HIPAA Security Standards Final Rule
Presentation transcript:

PAGE Agency ATO Quick Guide 1 December 23,

PAGE 2 The agency ATO process should follow the FedRAMP Security Assessment Framework (SAF) The SAF is based on the NIST Risk Management Framework The FedRAMP Security Assessment Framework is a available at FedRAMP.gov on the Templates and Key Documents webpageFedRAMP Security Assessment Framework Assessment Process

PAGE 3 ATO Packages submitted to FedRAMP should have the following FedRAMP templates included. The PMO will check these documents for completeness FedRAMP Templates are available at FedRAMP.gov on the Templates and Key Documents webpage We suggest that you use the Test Cases that we released in Excel format for public comment: nt/rev-4-test-case-workbook nt/rev-4-test-case-workbook Security Assessment Plan (SAP) Test Case Workbook Security Assessment Report (SAR) Plan of Action and Milestone (POA&M) ATO Letter Cert Letter Document Check List – FedRAMP Templates FedRAMP Templates Available: FIPS 199 Control Implementation Summary (CIS) System Security Plan Information System Security Policy User Guide E-Authentication Template Privacy Threshold Analysis (PTA) / Privacy Impact Analysis (PIA) Rules of Behavior (ROB) IT Contingency Plan

PAGE 4 The Agency ATO Packages submitted to FedRAMP should have the following documents included. The PMO will check these documents for completeness The documents listed on this slide do not have an FedRAMP template Document Check List – Documents without a FedRAMP Template No Template Available: Policies and procedures Business Impact Analysis Configuration Management Plan Incident Response Plan Interconnection Security Agreement (ISA / MOU) Penetration Test Plan

PAGE 5 Included with the authorization package should be a Certification Letter and ATO Memo detailing your agency’s authorization. A sample Certification Letter is attached below: You can find the Sample FedRAMP ATO Memo Template at FedRAMP.gov on the Templates and Key Documents webpageFedRAMP ATO Memo Template Sample ATO and Cert Letter Templates

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.