PAGE www.fedramp.gov Agency ATO Quick Guide 1 May 1, 2015 www.fedramp.gov.

Slides:

Advertisements

Similar presentations

Government E-commerce Network & Imaging Environment Request for Authority to Purchase On-line V5 Click to begin.

Advertisements

Federal Risk and Authorization Management Program (FedRAMP) Lisa Carnahan, Computer Scientist National Institute of Standards & Technology Standards Coordination.

PAGE Quick Guide to the FedRAMP Readiness Process 1 August 2014 Presented by: FedRAMP PMO

PAGE Agency ATO Quick Guide 1 December 23,

NIH Security, FISMA and EPLC Lots of Updates! Where do we start? Kay Coupe NIH FISMA Program Coordinator Office of the Chief Information Officer Project.

National Institute of Standards and Technology 1 NIST Guidance and Standards on System Level Information Security Management Dr. Alicia Clay Deputy Chief.

“Alberta - A Province Prepared” 2008 STAKEHOLDER SUMMIT.

PAGE[classification marking] marking] FedRAMP Government Discussion Matt Goodrich, FedRAMP Director January 14,

Risk Management Framework

Federal IT Security Professional - Manager FITSP-M Module 1.

1 Dan Steinberg, JD Portland, OR May 4, 2011 Speaking Notes Privacy and Security for Research Repositories Please do not reuse or republish without attribution.

Glenn Research Center at Lewis Field Software Assurance of Web-based Applications SAWbA Tim Kurtz SAIC/GRC Software Assurance Symposium 2004.

Framework for Improving Critical Infrastructure Cybersecurity Overview and Status Executive Order “Improving Critical Infrastructure Cybersecurity”

ShelterPoint™ Data-Entry Workflows. ShelterPoint v5.2.3.

Complying With The Federal Information Security Act (FISMA)

An overview of the NIST Risk Management Framework ISA 652 Fall 2010

FedRAMP Federal Risk and Authorization Management Program Industry Day June 4, 2014 Industry Day.

Panel: Moderator: Michele Iversen Guest Experts: Dr. Ron Ross, Rod Beckstrom, Bob Wandell.

NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 1 Information Security Standards Promoting Trust, Transparency, and Due Diligence E-Gov Washington Workshop.

Applied Technology Services, Inc. Your Partner in Technology Applied Technology Services, Inc. Your Partner in Technology.

What is SMEcollaborate Primarily developed for Small and Medium Companies who wish to collaborate together. It is a:- A resource center for collaborating.

Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.

CSE9020 Schedule, / 1 The Suggested Schedule Week Content/Deliverable 1. 4/3Unit Overview, Project Description, Meetings, Group Formation 2. 11/3Project.

Writing a Successful IRB Application Karen Adams Regulatory Specialist, ITHS May 17, 2013.

1 Introducing the BSI IT Service Management (ITSM) Quick-Check Online tool.

Business and Systems Aligned. Business Empowered. TM Federal Identity Management Handbook May 5, 2005.

PAGE Agency ATO Quick Guide 1 September 21,

Disaster Recover Planning & Federal Information Systems Management Act Requirements December 2007 Central Maryland ISACA Chapter.

Understanding the Privacy Impact Assessment (PIA) Introduction The PIA is a checklist or tool to ensure that new or modified electronic collections of.

Federal Information Security Management Act (FISMA) By K. Brenner OCIO Internship Summer 2013.

After Action Review and Recommendations. Feedback Issues & Recommendations –Communication and Training –Content and Navigation –508 Compatibility –eAuthentication.

1 Lawrence Livermore National Laboratory LLNL NAPs Implementation Project NLIT 2009 Mark Dietrich, LLNL LLNL-PRES

Security Checklists for IT Products. Agenda Overview of Checklist Program Discussion of Operational Procedures Current Status Next Steps.

Technical Standards NPR Presented to Technical Standards Working Group June 11, 2007.

November 13, 2008www.infosecurity.ca.gov1 What’s New! Presented by Colleen Pedroza.

Proposal Processing Proposals, Staffing Profiles, Financial Summary Hewlett-Packard Project & Portfolio Management Project & Portfolio Management Slide.

Academic Information Portal PIA

ROUNDTABLE New Tools & Initiatives for Addressing Medical Device Security Thursday, February 17, 9:45am ROUNDTABLE New Tools & Initiatives for Addressing.

Assessment and Authorization– Module 5 (combined with Module 6)

US Department of State Jay Coplon. My Commitment You will get a sense for how we do C&A You will find value in being here All of your questions will be.

Policy, Standards and Guidelines Breakout Co-Chairs Victor Hazlewood OCIO Cyber Security, ORNL Kim Milford ISO, University of Rochester.

Learn Integrated Management System Documentation Process with Ready-to-use EQHSMS Documentation Kit

US Department of State Jay Coplon. My Commitment You will get a sense for how we do C&A You will find value in being here All of your questions will be.

Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.

© 2016 University at Buffalo Click Training Safety Module University at Buffalo Office of the Vice President for Research and Economic Development Electronic.

Lesson 16-Templates and Wizards. Overview Use Word templates. Create new templates. Attach templates to documents. Modify templates. Use the Organizer.

ISSM 101 Break-Out Session

Insert Poster Content Here. Authors are permitted to submit three slides per accepted poster, with one additional slide at the end for contact details.

Incorporating Privacy Into Systems Development Methodology Phil Moleski Director Corporate Information Technology Branch Saskatchewan Health

I&S Meeting 26 September 2011 Draft PIA Tool. © 2011 GS1 Agenda Introduction PIA Requirements Background RFID PIA Tool demonstration Next steps for PIA.

EAuthentication – Update on Federal Initiative Jacqueline Craig IR&C September 27, 2005.

 December 2010 US Chief Information Officer Vivek Kundra released the Federal Cloud Computing Strategy. This became to be what is known as “Cloud First”

The Cloud Abides The Challenges of Cloud Migration and Acquisition

The Risk Management Framework (RMF)

Agency ATO Quick Guide September 21, 2015

Security Checklists for IT Products

SAP Business One B1iF Training

Leverage What’s Out There

INX Incontrol mobile v5 Incontrol mobile user guide

Phase 4 Tollgate Review Discussion Template

Matrix Template and Example

Matthew Christian Dave Maddox Tim Toennies

Phase 4 Tollgate Review Discussion Template

PRELIMINARY DESIGN Stage Gate Reviews

24/7 IT Service Desk Quick Reference Guide (x1212)

24/7 IT Service Desk Quick Reference Guide (x1212)

Guide to Submitting a Public Comment

Awareness and Auditor training kit

Presentation transcript:

PAGE Agency ATO Quick Guide 1 May 1,

PAGE 2 The agency ATO process should follow the FedRAMP Security Assessment Framework (SAF) The SAF is based on the NIST Risk Management Framework The FedRAMP Security Assessment Framework is a available at FedRAMP.gov on the Templates and Key Documents webpageFedRAMP Security Assessment Framework Assessment Process

PAGE 3 ATO Packages submitted to FedRAMP should have the following FedRAMP templates included. The PMO will check these documents for completeness FedRAMP Templates are available at FedRAMP.gov on the Templates and Key Documents webpage We suggest that you use the Test Cases that we released in Excel format for public comment: nt/rev-4-test-case-workbook nt/rev-4-test-case-workbook Security Assessment Plan (SAP) Test Case Workbook Security Assessment Report (SAR) Plan of Action and Milestone (POA&M) Document Check List – FedRAMP Templates FedRAMP Templates Available: FIPS 199 Control Implementation Summary (CIS) System Security Plan Security Policies and Procedures E-Authentication Template Privacy Threshold Analysis (PTA) / Privacy Impact Analysis (PIA) Rules of Behavior (ROB) IT Contingency Plan

PAGE 4 The Agency ATO Packages submitted to FedRAMP should have the following documents included. The PMO will check these documents for completeness The documents listed on this slide do not have an FedRAMP template Document Check List – Documents without a FedRAMP Template No Templates Available: Security Policies and Procedures Business Impact Analysis Configuration Management Plan Incident Response Plan User Guide

PAGE 5 Included with the authorization package should be an Authorization Letter and ATO Memo detailing your agency’s authorization. A sample Authorization Letter is attached below: You can find the Sample FedRAMP ATO Memo Template at FedRAMP.gov on the Templates and Key Documents webpageFedRAMP ATO Memo Template Sample ATO Letter Template Click the letter to open it.