1 / 5

FedRAMP ATO Process and Templates

This quick guide provides information on the agency ATO process and the required templates for FedRAMP assessments. It follows the FedRAMP Security Assessment Framework (SAF) based on the NIST Risk Management Framework.

johnnyblair
Download Presentation

FedRAMP ATO Process and Templates

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Agency ATO Quick Guide May 1, 2015 www.fedramp.gov

  2. Assessment Process The agency ATO process should follow the FedRAMP Security Assessment Framework (SAF) The SAF is based on the NIST Risk Management Framework The FedRAMP Security Assessment Framework is a available at FedRAMP.gov on the Templates and Key Documents webpage

  3. Document Check List – FedRAMP Templates FedRAMP Templates Available: • FIPS 199 • Control Implementation Summary (CIS) • System Security Plan • Security Policies and Procedures • E-Authentication Template • Privacy Threshold Analysis (PTA) / Privacy Impact Analysis (PIA) • Rules of Behavior (ROB) • IT Contingency Plan ATO Packages submitted to FedRAMP should have the following FedRAMP templates included. The PMO will check these documents for completeness FedRAMP Templates are available at FedRAMP.gov on the Templates and Key Documents webpage We suggest that you use the Test Cases that we released in Excel format for public comment: http://cloud.cio.gov/document/rev-4-test-case-workbook Security Assessment Plan (SAP) Test Case Workbook Security Assessment Report (SAR) Plan of Action and Milestone (POA&M)

  4. Document Check List – Documents without a FedRAMP Template No Templates Available: • Security Policies and Procedures • Business Impact Analysis • Configuration Management Plan • Incident Response Plan • User Guide The Agency ATO Packages submitted to FedRAMP should have the following documents included. The PMO will check these documents for completeness The documents listed on this slide do not have an FedRAMP template

  5. Sample ATO Letter Template Click the letter to open it. Included with the authorization package should be an Authorization Letter and ATO Memo detailing your agency’s authorization. A sample Authorization Letter is attached below: You can find the Sample FedRAMP ATO Memo Template at FedRAMP.gov on the Templates and Key Documents webpage

More Related