Presentation is loading. Please wait.

Presentation is loading. Please wait.

PAGE www.fedramp.gov Agency ATO Quick Guide 1 September 21, 2015 www.fedramp.gov.

Published byAmelia Small Modified over 8 years ago

Similar presentations

Presentation on theme: "PAGE www.fedramp.gov Agency ATO Quick Guide 1 September 21, 2015 www.fedramp.gov."— Presentation transcript:

1 PAGE www.fedramp.gov Agency ATO Quick Guide 1 September 21, 2015 www.fedramp.gov

2 PAGE www.fedramp.gov 2 The FedRAMP Agency ATO authorization process should follow the FedRAMP Security Assessment Framework (SAF)FedRAMP Security Assessment Framework (SAF) The FedRAMP SAF is based on the NIST Risk Management Framework (RMF) The FedRAMP SAF is available on FedRAMP.gov by navigating to the Resources -> Program Documents webpage Assessment Process

3 PAGE www.fedramp.gov 3 FedRAMP templates are available at FedRAMP.gov on the Resources -> Templates webpage FedRAMP templates Agency ATO packages submitted to FedRAMP must include 14 FedRAMP templates The PMO will check these templates for completeness, critical security control showstoppers, and quality It’s recommended that you use the Rev 4 Security Assessment Test Cases that the FedRAMP PMO released in Excel format for public comment: https://www.fedramp.gov/files/2 015/01/FedRAMP-Security- Assessment-Test-Cases-Rev-4- v1_.xlsx https://www.fedramp.gov/files/2 015/01/FedRAMP-Security- Assessment-Test-Cases-Rev-4- v1_.xlsx Security Assessment Plan (SAP) – Security Assessment Test Cases Security Assessment Report (SAR) – Security Test Cases Plan of Action and Milestone (POA&M) Agency ATO Letter Document Check List – FedRAMP Templates FedRAMP Templates Available: System Security Plan (SSP) – FIPS Pub 199 – E-Authentication – Control Implementation Summary (CIS) – CIS Worksheet – IT Contingency Plan (CP) and CP Test – Privacy Threshold Analysis (PTA) / Privacy Impact Assessment (PIA) – Rules of Behavior (ROB)

4 PAGE www.fedramp.gov 4 Agency ATO packages submitted to FedRAMP should have 8 attachments that are not FedRAMP templates The PMO will check these templates for completeness, critical security control showstoppers, and quality Document Check List – Documents without a FedRAMP Template No FedRAMP Templates Available: SSP Attachments – Information System Security Policies & Procedures – Configuration Management (CM) Plan – Incident Response Plan (IRP) – User Guide – Signature Page SAP Attachment – Rules of Engagement (ROE) SAR Attachment – Vulnerability Scans – Ad Hoc Evidence

5 PAGE www.fedramp.gov 5 An Agency ATO letter must be included in a FedRAMP Agency ATO package The FedRAMP Agency ATO Letter template is attached below: You can find this template on FedRAMP.gov by navigating to the Resources -> Templates webpage FedRAMP Agency ATO Letter Template Click the letter to view

Download ppt "PAGE www.fedramp.gov Agency ATO Quick Guide 1 September 21, 2015 www.fedramp.gov."

Similar presentations

NIST Special Publication 800-26, “Security Self- Assessment Guide for IT Systems” and Other NIST Resources Marianne Swanson Computer Security Division.

NIST Special Publication , “Security Self- Assessment Guide for IT Systems” and Other NIST Resources Marianne Swanson Computer Security Division.
SHIFTING INFORMATION SECURITY LANDSCAPE FROM C&AS TO CONTINUOUS MONITORING ANDREW PATCHAN JD, CISA ASSOCIATE IG FOR IT, FRB LOUIS C. KING, CPA, CISA, CMA,

SHIFTING INFORMATION SECURITY LANDSCAPE FROM C&AS TO CONTINUOUS MONITORING ANDREW PATCHAN JD, CISA ASSOCIATE IG FOR IT, FRB LOUIS C. KING, CPA, CISA, CMA,
Corporate Headquarters: 1010 Wayne Avenue, Suite 1150 Silver Spring, Maryland 20910 301.565.2988 Telephone 301.565.2995 Facsimile www.e-mcinc.com Satellite.

Corporate Headquarters: 1010 Wayne Avenue, Suite 1150 Silver Spring, Maryland Telephone Facsimile Satellite.
1 NIST, FIPS, and you... Bob Grill Medi-Cal ISO July 16, 2009.

1 NIST, FIPS, and you... Bob Grill Medi-Cal ISO July 16, 2009.
Federal Risk and Authorization Management Program (FedRAMP) Lisa Carnahan, Computer Scientist National Institute of Standards & Technology Standards Coordination.

Federal Risk and Authorization Management Program (FedRAMP) Lisa Carnahan, Computer Scientist National Institute of Standards & Technology Standards Coordination.
PAGE www.fedramp.gov Quick Guide to the FedRAMP Readiness Process 1 August 2014 Presented by: FedRAMP PMO www.fedramp.gov.

PAGE Quick Guide to the FedRAMP Readiness Process 1 August 2014 Presented by: FedRAMP PMO
PAGE www.fedramp.gov Agency ATO Quick Guide 1 December 23, 2014 www.fedramp.gov.

PAGE Agency ATO Quick Guide 1 December 23,
NIH Security, FISMA and EPLC Lots of Updates! Where do we start? Kay Coupe NIH FISMA Program Coordinator Office of the Chief Information Officer Project.

NIH Security, FISMA and EPLC Lots of Updates! Where do we start? Kay Coupe NIH FISMA Program Coordinator Office of the Chief Information Officer Project.
DoD Information Assurance Certification and Accreditation Process (DIACAP) August 2011.

DoD Information Assurance Certification and Accreditation Process (DIACAP) August 2011.
Risk-Based Policy & Implementation Guidance Risk-Based Policy & Implementation Guidance Program Management Plan Program Management Plan Subordinate System.

Risk-Based Policy & Implementation Guidance Risk-Based Policy & Implementation Guidance Program Management Plan Program Management Plan Subordinate System.
Information Security Governance

Information Security Governance
National Institute of Standards and Technology 1 NIST Guidance and Standards on System Level Information Security Management Dr. Alicia Clay Deputy Chief.

National Institute of Standards and Technology 1 NIST Guidance and Standards on System Level Information Security Management Dr. Alicia Clay Deputy Chief.
PAGE www.fedramp.gov Agency ATO Quick Guide 1 May 1, 2015 www.fedramp.gov.

PAGE Agency ATO Quick Guide 1 May 1,
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
PAGE[classification marking]www.fedramp.gov[classification marking] FedRAMP Government Discussion Matt Goodrich, FedRAMP Director January 14, 2015 www.fedramp.gov.

PAGE[classification marking] marking] FedRAMP Government Discussion Matt Goodrich, FedRAMP Director January 14,
Risk Management Framework

Risk Management Framework
1 Dan Steinberg, JD Portland, OR May 4, 2011 Speaking Notes Privacy and Security for Research Repositories Please do not reuse or republish without attribution.

1 Dan Steinberg, JD Portland, OR May 4, 2011 Speaking Notes Privacy and Security for Research Repositories Please do not reuse or republish without attribution.
Framework for Improving Critical Infrastructure Cybersecurity Overview and Status Executive Order 13636 “Improving Critical Infrastructure Cybersecurity”

Framework for Improving Critical Infrastructure Cybersecurity Overview and Status Executive Order “Improving Critical Infrastructure Cybersecurity”
Security Assessments FITSP-M Module 5. Security control assessments are not about checklists, simple pass-fail results, or generating paperwork to pass.

Security Assessments FITSP-M Module 5. Security control assessments are not about checklists, simple pass-fail results, or generating paperwork to pass.
Complying With The Federal Information Security Act (FISMA)

Complying With The Federal Information Security Act (FISMA)

Similar presentations

Ads by Google