{ "system-security-plan": { "uuid": "9809eddf-2cd5-468f-97c5-9769905d0629", "metadata": { "title": "FedRAMP System Security Plan (SSP)", "published": "2023-08-31T00:00:00Z", "last-modified": "2023-08-31T00:00:00Z", "version": "fedramp2.0.0-oscal1.0.4", "oscal-version": "1.0.4", "revisions": [ { "published": "2023-06-30T00:00:00Z", "version": "1.0", "oscal-version": "1.0.4", "props": [ { "name": "party-uuid", "uuid": "528974e9-fcde-494f-a2fa-35d6f1e31171", "ns": "https://fedramp.gov/ns/oscal", "value": "6b286b5d-8f07-4fa7-8847-1dd0d88f73fb" } ], "remarks": "Initial publication." }, { "published": "2023-07-06T00:00:00Z", "version": "1.1", "oscal-version": "1.0.4", "props": [ { "name": "party-uuid", "uuid": "528974e9-fcde-494f-a2fa-35d6f1e31171", "ns": "https://fedramp.gov/ns/oscal", "value": "6b286b5d-8f07-4fa7-8847-1dd0d88f73fb" } ], "remarks": "Minor `prop` updates." } ], "props": [ { "name": "marking", "value": "Controlled Unclassified Information" }, { "name": "resolution-resource", "ns": "https://fedramp.gov/ns/oscal", "value": "ace2963d-ecb4-4be5-bdd0-1f6fd7610f41" } ], "roles": [ { "id": "fedramp-pmo", "title": "FedRAMP Program Management Office", "description": "The FedRAMP PMO resides within GSA and supports agencies and cloud service providers through the FedRAMP authorization process and maintains a secure repository of FedRAMP authorizations to enable reuse of security packages." }, { "id": "fedramp-jab", "title": "FedRAMP Program Management Office", "description": "Members of the JAB include the chief information officers (CIOs) from the Department of Defense, Department of Homeland Security, and General Services Administration. The JAB serves as the primary governance and decision-making body for FedRAMP." }, { "id": "prepared-by", "title": "Prepared By", "description": "The organization that prepared this SSP. If developed in-house, this is the CSP itself." }, { "id": "prepared-for", "title": "Prepared For", "description": "The organization for which this SSP was prepared. Typically the CSP." }, { "id": "content-approver", "title": "System Security Plan Approval", "description": "The individual or individuals accountable for the accuracy of this SSP." }, { "id": "cloud-service-provider", "title": "Cloud Service Provider", "short-name": "CSP" }, { "id": "system-owner", "title": "Information System Owner", "description": "The individual within the CSP who is ultimately accountable for everything related to this system." }, { "id": "authorizing-official", "title": "Authorizing Official", "description": "The individual or individuals who must grant this system an authorization to operate." }, { "id": "authorizing-official-poc", "title": "Authorizing Official's Point of Contact", "description": "The individual representing the authorizing official." }, { "id": "system-poc-management", "title": "Information System Management Point of Contact (POC)", "description": "The highest level manager who responsible for system operation on behalf of the System Owner." }, { "id": "system-poc-technical", "title": "Information System Technical Point of Contact", "description": "The individual or individuals leading the technical operation of the system." }, { "id": "system-poc-other", "title": "General Point of Contact (POC)", "description": "A general point of contact for the system, designated by the system owner." }, { "id": "information-system-security-officer", "title": "System Information System Security Officer (or Equivalent)", "description": "The individual accountable for the security posture of the system on behalf of the system owner." }, { "id": "privacy-poc", "title": "Privacy Official's Point of Contact", "description": "The individual responsible for the privacy threshold analysis and if necessary the privacy impact assessment." }, { "id": "asset-owner", "title": "Owner of an inventory item within the system." }, { "id": "asset-administrator", "title": "Administrative responsibility an inventory item within the system." }, { "id": "isa-poc-local", "title": "ICA POC (Local)", "description": "The point of contact for an interconnection on behalf of this system.", "remarks": "Remove this role if there are no ICAs." }, { "id": "isa-poc-remote", "title": "ICA POC (Remote)", "description": "The point of contact for an interconnection on behalf of this external system to which this system connects.", "remarks": "Remove this role if there are no ICAs." }, { "id": "isa-authorizing-official-local", "title": "ICA Signatory (Local)", "description": "Responsible for signing an interconnection security agreement on behalf of this system.", "remarks": "Remove this role if there are no ICAs." }, { "id": "isa-authorizing-official-remote", "title": "ICA Signatory (Remote)", "description": "Responsible for signing an interconnection security agreement on behalf of the external system to which this system connects.", "remarks": "Remove this role if there are no ICAs." }, { "id": "consultant", "title": "Consultant", "description": "Any consultants involved with developing or maintaining this content." }, { "id": "customer", "title": "Customer", "description": "Represents any customers of this system as may be necessary for assigning customer responsibility." }, { "id": "admin-unix", "title": "[SAMPLE]Unix Administrator", "description": "This is a sample role." }, { "id": "admin-client", "title": "[SAMPLE]Client Administrator", "description": "This is a sample role." } ], "locations": [ { "uuid": "27b78960-59ef-4619-82b0-ae20b9c709ac", "title": "CSP HQ", "address": { "type": "work", "addr-lines": [ "Suite 0000", "1234 Some Street" ], "city": "Haven", "state": "ME", "postal-code": "00000" }, "remarks": "There must be one location identifying the CSP's primary business address, such as the CSP's HQ, or the address of the system owner's primary business location." }, { "uuid": "16adcc8d-65d8-4583-80d3-9cf007744fec", "title": "Primary Data Center", "address": { "addr-lines": [ "2222 Main Street" ], "city": "Anywhere", "state": "--", "postal-code": "00000-0000", "country": "US" }, "props": [ { "name": "type", "value": "data-center", "class": "primary" } ], "remarks": "There must be one location for each data center.\n\nThere must be at least two data center locations.\n\nFor a data center, briefly summarize the components at this location.\n\nAll data centers must have a \\\"type\\\" property with a value of \\\"data-center\\\".\n\nThe type property must also have a class of \\\"primary\\\" or \\\"alternate\\\"." }, { "uuid": "ad321514-7b9f-4374-8409-efb18eea6e5d", "title": "Secondary Data Center", "address": { "addr-lines": [ "3333 Small Road" ], "city": "Anywhere", "state": "--", "postal-code": "00000-0000", "country": "US" }, "props": [ { "name": "type", "value": "data-center", "class": "alternate" } ], "remarks": "There must be one location for each data center.\n\nThere must be at least two data center locations.\n\nFor a data center, briefly summarize the components at this location.\n\nAll data centers must have a \\\"type\\\" property with a value of \\\"data-center\\\".\n\nThe type property must also have a class of \\\"primary\\\" or \\\"alternate\\\"." } ], "parties": [ { "uuid": "6b286b5d-8f07-4fa7-8847-1dd0d88f73fb", "type": "organization", "name": "Cloud Service Provider (CSP) Name", "short-name": "CSP Acronym/Short Name", "links": [ { "href": "#31a46c4f-2959-4287-bc1c-67297d7da60b", "rel": "logo" } ], "location-uuids": [ "27b78960-59ef-4619-82b0-ae20b9c709ac" ], "remarks": "Replace sample CSP information.\n\nCSP information must be present and associated with the \\\"cloud-service-provider\\\" role via `responsible-party`." }, { "uuid": "77e0e2c8-2560-4fe9-ac78-c3ff4ffc9f6d", "type": "organization", "name": "Federal Risk and Authorization Management Program: Program Management Office", "short-name": "FedRAMP PMO", "links": [ { "href": "https://fedramp.gov", "rel": "homepage" }, { "href": "#a2381e87-3d04-4108-a30b-b4d2f36d001f", "rel": "logo" }, { "href": "#1a23a771-d481-4594-9a1a-71d584fa4123", "rel": "reference" } ], "email-addresses": [ "info@fedramp.gov" ], "addresses": [ { "type": "work", "addr-lines": [ "1800 F St. NW" ], "city": "Washington", "state": "DC", "postal-code": "20006", "country": "US" } ], "remarks": "This party entry must be present in a FedRAMP SSP.\n\nThe uuid may be different; however, the uuid must be associated with the \\\"fedramp-pmo\\\" role in the responsible-party assemblies." }, { "uuid": "49017ec3-9f51-4dbd-9253-858c2b1295fd", "type": "organization", "name": "Federal Risk and Authorization Management Program: Joint Authorization Board", "short-name": "FedRAMP JAB", "links": [ { "href": "#a2381e87-3d04-4108-a30b-b4d2f36d001f", "rel": "logo" } ], "remarks": "This party entry must be present in a FedRAMP SSP.\n\nThe uuid may be different; however, the uuid must be associated with the \\\"fedramp-jab\\\" role in the responsible-party assemblies." }, { "uuid": "78992555-4a99-4eaa-868c-f2c249679dd3", "type": "organization", "name": "External Organization", "short-name": "External", "remarks": "Generic placeholder for any external organization." }, { "uuid": "f595397b-cbe4-4a87-8c86-9bff91c4e7fd", "type": "organization", "name": "Agency Name", "short-name": "A.N.", "remarks": "Generic placeholder for an authorizing agency." }, { "uuid": "8e3d39da-4851-4d2a-adb5-4b5585ded952", "type": "organization", "name": "Name of Consulting Org", "short-name": "NOCO", "links": [ { "href": "https://example.com" }, { "href": "#2c1747d6-874a-49a2-8488-2fd9735416bf", "rel": "logo" } ], "email-addresses": [ "poc@example.com" ], "addresses": [ { "type": "work", "addr-lines": [ "3333 Corporate Way" ], "city": "Washington", "state": "DC", "postal-code": "00000", "country": "US" } ] }, { "uuid": "80361ec4-bfce-4b5c-85c8-313d6ebd220b", "type": "organization", "name": "[SAMPLE]Remote System Org Name" }, { "uuid": "09ad840f-aa79-43aa-9f22-25182c2ab11b", "type": "person", "name": "[SAMPLE]ICA POC's Name", "props": [ { "name": "job-title", "value": "Individual's Title" } ], "email-addresses": [ "person@ica.example.org" ], "telephone-numbers": [ { "number": "2025551212" } ], "member-of-organizations": [ "80361ec4-bfce-4b5c-85c8-313d6ebd220b" ] }, { "uuid": "f0bc13a4-3303-47dd-80d3-380e159c8362", "type": "organization", "name": "[SAMPLE]Example IaaS Provider", "short-name": "E.I.P.", "remarks": "Underlying service provider. Leveraged Authorization." }, { "uuid": "3360e343-9860-4bda-9dfc-ff427c3dfab6", "type": "person", "name": "[SAMPLE]Person Name 1", "props": [ { "name": "job-title", "value": "Individual's Title" }, { "name": "mail-stop", "value": "Mailstop A-1" } ], "email-addresses": [ "name@example.com" ], "telephone-numbers": [ { "number": "2020000001" } ], "location-uuids": [ "27b78960-59ef-4619-82b0-ae20b9c709ac" ], "member-of-organizations": [ "6b286b5d-8f07-4fa7-8847-1dd0d88f73fb" ] }, { "uuid": "36b8d6c0-3b25-42cc-b529-cf4066145cdd", "type": "person", "name": "[SAMPLE]Person Name 2", "props": [ { "name": "job-title", "value": "Individual's Title" } ], "email-addresses": [ "name@example.com" ], "telephone-numbers": [ { "number": "2020000002" } ], "addresses": [ { "type": "work", "addr-lines": [ "Address Line" ], "city": "City", "state": "ST", "postal-code": "00000", "country": "US" } ], "member-of-organizations": [ "6b286b5d-8f07-4fa7-8847-1dd0d88f73fb" ] }, { "uuid": "0cec09d9-20c6-470b-9ffc-85763375880b", "type": "person", "name": "[SAMPLE]Person Name 3", "props": [ { "name": "job-title", "value": "Individual's Title" } ], "email-addresses": [ "name@example.com" ], "telephone-numbers": [ { "number": "2020000003" } ], "addresses": [ { "type": "work", "addr-lines": [ "Address Line" ], "city": "City", "state": "ST", "postal-code": "00000", "country": "US" } ], "member-of-organizations": [ "6b286b5d-8f07-4fa7-8847-1dd0d88f73fb" ] }, { "uuid": "f75e21f6-43d8-46ab-890d-7f2eebc5a830", "type": "person", "name": "[SAMPLE]Person Name 4", "props": [ { "name": "job-title", "value": "Individual's Title" } ], "email-addresses": [ "name@example.com" ], "telephone-numbers": [ { "number": "2020000004" } ], "addresses": [ { "type": "work", "addr-lines": [ "Address Line" ], "city": "City", "state": "ST", "postal-code": "00000", "country": "US" } ], "member-of-organizations": [ "6b286b5d-8f07-4fa7-8847-1dd0d88f73fb" ] }, { "uuid": "132953a9-640c-46f7-9de9-3fa15ec99361", "type": "person", "name": "[SAMPLE]Person Name 5", "props": [ { "name": "job-title", "value": "Individual's Title" } ], "email-addresses": [ "name@example.com" ], "telephone-numbers": [ { "number": "2020000005" } ], "addresses": [ { "type": "work", "addr-lines": [ "Address Line" ], "city": "City", "state": "ST", "postal-code": "00000", "country": "US" } ], "member-of-organizations": [ "6b286b5d-8f07-4fa7-8847-1dd0d88f73fb" ] }, { "uuid": "4fded5fd-7a65-47ea-bd76-df57c46e27d1", "type": "person", "name": "[SAMPLE]Person Name 6", "props": [ { "name": "job-title", "value": "Individual's Title" } ], "email-addresses": [ "name@example.com" ], "telephone-numbers": [ { "number": "2020000006" } ], "addresses": [ { "type": "work", "addr-lines": [ "Address Line" ], "city": "City", "state": "ST", "postal-code": "00000", "country": "US" } ], "member-of-organizations": [ "78992555-4a99-4eaa-868c-f2c249679dd3" ] }, { "uuid": "db234cb7-1776-425c-9ac4-b067c1723011", "type": "person", "name": "[SAMPLE]Person Name 7", "props": [ { "name": "job-title", "value": "Individual's Title" } ], "email-addresses": [ "name@example.com" ], "telephone-numbers": [ { "number": "2020000007" } ], "addresses": [ { "type": "work", "addr-lines": [ "Address Line" ], "city": "City", "state": "ST", "postal-code": "00000", "country": "US" } ], "member-of-organizations": [ "6b286b5d-8f07-4fa7-8847-1dd0d88f73fb" ] }, { "uuid": "b306f5af-b93a-4a7f-a2b2-37a44fc92a79", "type": "organization", "name": "[SAMPLE] IT Department" }, { "uuid": "59cdc953-5902-4fa4-a878-f3163854624c", "type": "organization", "name": "[SAMPLE]Security Team" } ], "responsible-parties": [ { "role-id": "cloud-service-provider", "party-uuids": [ "6b286b5d-8f07-4fa7-8847-1dd0d88f73fb" ], "remarks": "Exactly one" }, { "role-id": "prepared-by", "party-uuids": [ "3360e343-9860-4bda-9dfc-ff427c3dfab6" ], "remarks": "Exactly one" }, { "role-id": "prepared-for", "party-uuids": [ "6b286b5d-8f07-4fa7-8847-1dd0d88f73fb" ] }, { "role-id": "content-approver", "party-uuids": [ "3360e343-9860-4bda-9dfc-ff427c3dfab6", "36b8d6c0-3b25-42cc-b529-cf4066145cdd" ], "remarks": "One or more" }, { "role-id": "system-owner", "party-uuids": [ "3360e343-9860-4bda-9dfc-ff427c3dfab6" ], "remarks": "Exactly one" }, { "role-id": "authorizing-official", "party-uuids": [ "49017ec3-9f51-4dbd-9253-858c2b1295fd", "4fded5fd-7a65-47ea-bd76-df57c46e27d1" ], "remarks": "One or more" }, { "role-id": "system-poc-management", "party-uuids": [ "0cec09d9-20c6-470b-9ffc-85763375880b" ], "remarks": "Exactly one" }, { "role-id": "system-poc-technical", "party-uuids": [ "f75e21f6-43d8-46ab-890d-7f2eebc5a830" ], "remarks": "Exactly one" }, { "role-id": "information-system-security-officer", "party-uuids": [ "132953a9-640c-46f7-9de9-3fa15ec99361" ], "remarks": "Exactly one" }, { "role-id": "authorizing-official-poc", "party-uuids": [ "4fded5fd-7a65-47ea-bd76-df57c46e27d1" ], "remarks": "Exactly one" }, { "role-id": "privacy-poc", "party-uuids": [ "db234cb7-1776-425c-9ac4-b067c1723011" ], "remarks": "Exactly one" }, { "role-id": "fedramp-pmo", "party-uuids": [ "77e0e2c8-2560-4fe9-ac78-c3ff4ffc9f6d" ], "remarks": "Exactly one" }, { "role-id": "fedramp-jab", "party-uuids": [ "49017ec3-9f51-4dbd-9253-858c2b1295fd" ], "remarks": "Exactly one" } ], "remarks": "This OSCAL-based FedRAMP SSP Template can be used for the FedRAMP Low, Moderate, and High baselines.\n\nGuidance for OSCAL-based FedRAMP Tailored Low Impact - Software as a Service (LI-SaaS) content has not yet been developed." }, "import-profile": { "href": "https://raw.githubusercontent.com/GSA/fedramp-automation/master/dist/content/rev5/baselines/json/FedRAMP_rev5_MODERATE-baseline-resolved-profile_catalog.json", "remarks": "This example points to the FedRAMP Rev 5 Moderate baseline that is part of the official FedRAMP 1.0.4 release.\n\nMust adjust accordingly for applicable baseline and revision." }, "system-characteristics": { "system-ids": [ { "identifier-type": "https://fedramp.gov", "id": "F00000000" } ], "system-name": "System's Full Name", "system-name-short": "System's Short Name or Acronym", "description": "[Insert CSO Name] is delivered as [a/an] [insert based on the Service Model above] offering using a multi-tenant [insert based on the Deployment Model above] cloud computing environment. It is available to [Insert scope of customers in accordance with instructions above (for example, the public, federal, state, local, and tribal governments, as well as research institutions, federal contractors, government contractors etc.)].\n\nNOTE: Additional description, including the purpose and functions of this system may be added here. This includes any narrative text usually included in section 9.1 of the SSP.\n\nNOTE: The description is expected to be at least 32 words in length.", "props": [ { "name": "cloud-service-model", "value": "saas", "remarks": "Remarks are required if service model is \\\"other\\\". Optional otherwise." }, { "name": "cloud-deployment-model", "value": "government-only-cloud", "remarks": "Remarks are required if deployment model is \\\"hybrid-cloud\\\" or \\\"other\\\". Optional otherwise." }, { "name": "identity-assurance-level", "value": "2" }, { "name": "authenticator-assurance-level", "value": "2" }, { "name": "federation-assurance-level", "value": "2" }, { "name": "fully-operational-date", "ns": "https://fedramp.gov/ns/oscal", "value": "yyyy-mm-ddThh:mmZ" }, { "name": "authorization-type", "ns": "https://fedramp.gov/ns/oscal", "value": "fedramp-agency" } ], "security-sensitivity-level": "fips-199-moderate", "system-information": { "information-types": [ { "uuid": "06ecba4f-db96-4491-a3a2-7febfa227435", "title": "Information Type Name", "description": "A description of the information.", "categorizations": [ { "system": "https://doi.org/10.6028/NIST.SP.800-60v2r1", "information-type-ids": [ "C.2.4.1" ] } ], "confidentiality-impact": { "base": "fips-199-moderate", "selected": "fips-199-moderate", "adjustment-justification": "Required if the base and selected values do not match." }, "integrity-impact": { "base": "fips-199-moderate", "selected": "fips-199-moderate", "adjustment-justification": "Required if the base and selected values do not match." }, "availability-impact": { "base": "fips-199-moderate", "selected": "fips-199-moderate", "adjustment-justification": "Required if the base and selected values do not match." } } ] }, "security-impact-level": { "security-objective-confidentiality": "fips-199-moderate", "security-objective-integrity": "fips-199-moderate", "security-objective-availability": "fips-199-moderate" }, "status": { "state": "operational", "remarks": "Remarks are optional if status/state is \\\"operational\\\".\n\nRemarks are required otherwise." }, "authorization-boundary": { "description": "A holistic, top-level explanation of the FedRAMP authorization boundary.", "diagrams": [ { "uuid": "dbf46c27-52a9-49c4-beb6-b6399cd75497", "description": "A diagram-specific explanation.", "links": [ { "href": "#d2eb3c18-6754-4e3a-a933-03d289e3fad5", "rel": "diagram" } ], "caption": "Authorization Boundary Diagram" } ] }, "network-architecture": { "description": "A holistic, top-level explanation of the network architecture.", "diagrams": [ { "uuid": "e97c3395-433a-48c1-8cc7-dd1e1555941c", "description": "A diagram-specific explanation.", "links": [ { "href": "#61081e81-850b-43c1-bf43-1ecbddcb9e7f", "rel": "diagram" } ], "caption": "Network Diagram" } ] }, "data-flow": { "description": "A holistic, top-level explanation of the system's data flows.", "diagrams": [ { "uuid": "e3b98448-4219-46a5-b229-412423c566f3", "description": "A diagram-specific explanation.", "links": [ { "href": "#ac5d7535-f3b8-45d3-bf3b-735c82c64547", "rel": "diagram" } ], "caption": "Data Flow Diagram" } ] } }, "system-implementation": { "props": [ { "name": "users-internal", "ns": "https://fedramp.gov/ns/oscal", "value": "0" }, { "name": "users-external", "ns": "https://fedramp.gov/ns/oscal", "value": "0" }, { "name": "users-internal-future", "ns": "https://fedramp.gov/ns/oscal", "value": "0" }, { "name": "users-external-future", "ns": "https://fedramp.gov/ns/oscal", "value": "0" } ], "leveraged-authorizations": [ { "uuid": "5a9c98ab-8e5e-433d-a7bd-515c07cd1497", "title": "GovCloud", "props": [ { "name": "leveraged-system-identifier", "ns": "https://fedramp.gov/ns/oscal", "value": "F1603047866" }, { "name": "authorization-type", "ns": "https://fedramp.gov/ns/oscal", "value": "fedramp-agency" }, { "name": "impact-level", "ns": "https://fedramp.gov/ns/oscal", "value": "moderate" } ], "links": [ { "href": "//path/to/leveraged_system_ssp.json" }, { "href": "//path/to/leveraged_system_legacy_crm.xslt" }, { "href": "//path/to/leveraged_system_responsibility_and_inheritance.json" } ], "party-uuid": "f0bc13a4-3303-47dd-80d3-380e159c8362", "date-authorized": "2015-01-01", "remarks": "Use one leveraged-authorization assembly for each underlying system. In the legacy world, these may be general support systems.\n\nThe link fields are optional, but preferred when known. Often, a leveraging system's SSP author will not have access to the leveraged system's SSP, but should have access to the leveraged system's CRM." } ], "users": [ { "uuid": "9cb0fab0-78bd-44ba-bcb8-3e9801cc952f", "title": "[SAMPLE]Unix System Administrator", "props": [ { "name": "sensitivity", "ns": "https://fedramp.gov/ns/oscal", "value": "high-risk" }, { "name": "privilege-level", "value": "privileged" }, { "name": "authentication-method", "ns": "https://fedramp.gov/ns/oscal", "value": "multi-factor OTP device" }, { "name": "type", "value": "internal" } ], "role-ids": [ "admin-unix" ], "authorized-privileges": [ { "title": "Full administrative access (root)", "functions-performed": [ "Add/remove users and hardware", "install and configure software", "OS updates, patches and hotfixes", "perform backups" ] } ] }, { "uuid": "16ec71e7-025c-43e4-9d3f-3acb485fac2e", "title": "[SAMPLE]Client Administrator", "props": [ { "name": "sensitivity", "ns": "https://fedramp.gov/ns/oscal", "value": "moderate" }, { "name": "privilege-level", "value": "non-privileged" }, { "name": "authentication-method", "ns": "https://fedramp.gov/ns/oscal", "value": "memorized seccret plus SF OTP device" }, { "name": "type", "value": "external" } ], "role-ids": [ "admin-client" ], "authorized-privileges": [ { "title": "Portal administration", "functions-performed": [ "Add/remove client users", "Create, modify and delete client applications" ] } ] }, { "uuid": "ba7708c1-4041-48ab-9b7b-1ddb5e175fe0", "title": "[SAMPLE]Program Director", "props": [ { "name": "sensitivity", "ns": "https://fedramp.gov/ns/oscal", "value": "limited" }, { "name": "privilege-level", "value": "no-logical-access" }, { "name": "authentication-method", "ns": "https://fedramp.gov/ns/oscal", "value": "not-applicable" }, { "name": "type", "value": "internal" } ], "role-ids": [ "information-system-security-officer", "isa-poc-local", "isa-authorizing-official-local" ], "authorized-privileges": [ { "title": "Administrative Access Approver", "functions-performed": [ "Approves access requests for administrative accounts." ] }, { "title": "Access Approver", "functions-performed": [ "Approves access requests for administrative accounts." ] } ] }, { "uuid": "73ae456f-5581-4ff7-9ada-49fc057b2e0b", "title": "[SAMPLE]ISA POC", "props": [ { "name": "sensitivity", "ns": "https://fedramp.gov/ns/oscal", "value": "not-applicable" }, { "name": "privilege-level", "value": "no-logical-access" }, { "name": "authentication-method", "ns": "https://fedramp.gov/ns/oscal", "value": "not-applicable" }, { "name": "type", "value": "external" } ], "role-ids": [ "isa-poc-remote", "isa-authorizing-official-remote" ], "authorized-privileges": [ { "title": "External System Access Provider", "functions-performed": [ "Authorizes access to external interconnected system." ] } ] } ], "components": [ { "uuid": "60f92bcf-f353-4236-9803-2a5d417555f4", "type": "this-system", "title": "This System", "description": "The entire system as depicted in the system authorization boundary\n\nEmail is employed", "status": { "state": "operational" } }, { "uuid": "95beec7e-6f82-4aaa-8211-969cd7c1f1ab", "type": "validation", "title": "[SAMPLE]Cryptographic Module Name", "description": "Provide a description and any pertinent note regarding the use of this CM.\n\nFor data-at-rest modules, describe type of encryption implemented (e.g., full disk, file, record-level, etc.)\n\nLastly, provide any supporting notes on FIPS status (e.g. historical) or lack of FIPS compliance (e.g., Module in Process).", "props": [ { "name": "asset-type", "ns": "https://fedramp.gov/ns/oscal", "value": "cryptographic-module" }, { "name": "vendor-name", "ns": "https://fedramp.gov/ns/oscal", "value": "CM Vendor" }, { "name": "cryptographic-module-usage", "ns": "https://fedramp.gov/ns/oscal", "value": "data-at-rest" }, { "name": "validation-type", "value": "fips-140-2" }, { "name": "validation-reference", "value": "3928" } ], "links": [ { "href": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/Certificate/3928", "rel": "validation-details" } ], "status": { "state": "operational" } }, { "uuid": "1eaaabbd-b3a6-4316-a868-7b815e7c40f5", "type": "validation", "title": "[SAMPLE]Cryptographic Module Name", "description": "Provide a description and any pertinent note regarding the use of this CM.\n\nFor example, any supporting notes on FIPS status (e.g. historical) or lack of FIPS compliance (e.g., Module in Process).", "props": [ { "name": "asset-type", "ns": "https://fedramp.gov/ns/oscal", "value": "cryptographic-module" }, { "name": "vendor-name", "ns": "https://fedramp.gov/ns/oscal", "value": "CM Vendor" }, { "name": "cryptographic-module-usage", "ns": "https://fedramp.gov/ns/oscal", "value": "data-in-transit" }, { "name": "validation-type", "value": "fips-140-3" }, { "name": "validation-reference", "value": "3920" } ], "links": [ { "href": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3920", "rel": "validation-details" } ], "status": { "state": "operational" } }, { "uuid": "e82e6e07-0c62-417e-8a19-3744991b4c65", "type": "leveraged-system", "title": "Name of Leveraged System", "description": "If the leveraged system owner provides a UUID for their system (such as in an OSCAL-based CRM), it should be reflected in the `inherited-uuid` property.\n\nMust include all leveraged services and features from the leveraged authorization here.", "props": [ { "name": "asset-type", "ns": "https://fedramp.gov/ns/oscal", "value": "paas" }, { "name": "isa-title", "value": "system interconnection agreement" }, { "name": "isa-date", "value": "2023-01-01T00:00:00Z" }, { "name": "nature-of-agreement", "ns": "https://fedramp.gov/ns/oscal", "value": "SLA" }, { "name": "ipv4-address", "value": "172.0.0.0" }, { "name": "ipv6-address", "value": "::" }, { "name": "direction", "value": "incoming" }, { "name": "information", "ns": "https://fedramp.gov/ns/oscal", "value": "describe information being transferred" }, { "name": "interconnection-data-type", "ns": "https://fedramp.gov/ns/oscal", "value": "C.3.5.1", "class": "fedramp" }, { "name": "interconnection-data-type", "ns": "https://fedramp.gov/ns/oscal", "value": "C.3.5.8", "class": "fedramp" }, { "name": "leveraged-authorization-uuid", "value": "5a9c98ab-8e5e-433d-a7bd-515c07cd1497" }, { "name": "implementation-point", "value": "external" }, { "name": "inherited-uuid", "value": "11111111-0000-4000-9001-000000000001" } ], "status": { "state": "operational" } }, { "uuid": "77A1614A-57B3-4B32-9FEE-613A6520EC58", "type": "service", "title": "Service Provided by Leveraged System", "description": "If the leveraged system owner provides a UUID for their service (such as in an OSCAL-based CRM), it should be reflected in the `inherited-uuid` property.\n\nMust include all leveraged services and features from the leveraged authorization here.", "props": [ { "name": "leveraged-authorization-uuid", "value": "5a9c98ab-8e5e-433d-a7bd-515c07cd1497" }, { "name": "implementation-point", "value": "external" }, { "name": "inherited-uuid", "value": "11111111-0000-4000-9001-000000000002" } ], "links": [ { "href": "60f92bcf-f353-4236-9803-2a5d417555f4", "rel": "used-by" } ], "status": { "state": "operational" } }, { "uuid": "2812ef51-61e7-4505-afbb-da5a073a2a5b", "type": "interconnection", "title": "[EXAMPLE]Authorized Connection Information System Name", "description": "Describe the purpose of the external system/service; specifically, provide reasons for connectivity (e.g., system monitoring, system alerting, download updates, etc.).", "props": [ { "name": "service-processor", "ns": "https://fedramp.gov/ns/oscal", "value": "[SAMPLE] Telco Name" }, { "name": "interconnection-type", "ns": "https://fedramp.gov/ns/oscal", "value": "1" }, { "name": "nature-of-agreement", "ns": "https://fedramp.gov/ns/oscal", "value": "Contract" }, { "name": "still-supported", "ns": "https://fedramp.gov/ns/oscal", "value": "yes" }, { "name": "interconnection-data-type", "ns": "https://fedramp.gov/ns/oscal", "value": "C.3.5.1", "class": "fedramp" }, { "name": "interconnection-data-type", "ns": "https://fedramp.gov/ns/oscal", "value": "C.3.5.8", "class": "fedramp" }, { "name": "interconnection-data-categorization", "ns": "https://fedramp.gov/ns/oscal", "value": "low", "class": "C.3.5.1" }, { "name": "interconnection-data-categorization", "ns": "https://fedramp.gov/ns/oscal", "value": "moderate", "class": "C.3.5.8" }, { "name": "authorized-users", "ns": "https://fedramp.gov/ns/oscal", "value": "SecOps engineers" }, { "name": "interconnection-compliance", "ns": "https://fedramp.gov/ns/oscal", "value": "PCI SOC 2", "class": "fedramp" }, { "name": "interconnection-compliance", "ns": "https://fedramp.gov/ns/oscal", "value": "ISO/IEC 27001", "class": "fedramp" }, { "name": "interconnection-hosting-environment", "ns": "https://fedramp.gov/ns/oscal", "value": "PaaS" }, { "name": "interconnection-risk", "ns": "https://fedramp.gov/ns/oscal", "value": "None" }, { "name": "isa-title", "value": "system interconnection agreement" }, { "name": "isa-date", "value": "2023-01-01T00:00:00Z" }, { "name": "ipv4-address", "value": "10.1.1.1", "class": "local" }, { "name": "ipv4-address", "value": "10.2.2.2", "class": "remote" }, { "name": "ipv6-address", "value": "::ffff:10.2.2.2" }, { "name": "direction", "value": "incoming" }, { "name": "direction", "value": "outgoing" }, { "name": "information", "ns": "https://fedramp.gov/ns/oscal", "value": "Describe the information being transmitted." }, { "name": "port", "ns": "https://fedramp.gov/ns/oscal", "value": "80", "class": "remote" }, { "name": "interconnection-security", "ns": "https://fedramp.gov/ns/oscal", "value": "ipsec", "remarks": "If \\\"other\\\", remarks are required. Optional otherwise." } ], "links": [ { "href": "#9d6cf2b4-8e88-4040-a33c-7bc206553a1a", "rel": "isa-agreement" } ], "status": { "state": "operational" }, "responsible-roles": [ { "role-id": "isa-poc-remote", "party-uuids": [ "09ad840f-aa79-43aa-9f22-25182c2ab11b" ] }, { "role-id": "isa-poc-local", "party-uuids": [ "09ad840f-aa79-43aa-9f22-25182c2ab11b" ] }, { "role-id": "isa-authorizing-official-remote", "party-uuids": [ "09ad840f-aa79-43aa-9f22-25182c2ab11b" ] }, { "role-id": "isa-authorizing-official-local", "party-uuids": [ "09ad840f-aa79-43aa-9f22-25182c2ab11b" ] } ], "remarks": "Optional notes about this interconnection" }, { "uuid": "05ceb8df-52e7-49db-9719-891723f366bd", "type": "software", "title": "[SAMPLE]Product Name", "description": "FUNCTION: Describe typical component function.", "props": [ { "name": "asset-type", "value": "operating-system" }, { "name": "scan-type", "ns": "https://fedramp.gov/ns/oscal", "value": "infrastructure" }, { "name": "vendor-name", "value": "Vendor Name" }, { "name": "model", "value": "Model Number" }, { "name": "version", "value": "Version Number" }, { "name": "patch-level", "value": "Patch Level" } ], "links": [ { "href": "#95beec7e-6f82-4aaa-8211-969cd7c1f1ab", "rel": "validation" } ], "status": { "state": "operational" }, "responsible-roles": [ { "role-id": "admin-unix", "party-uuids": [ "3360e343-9860-4bda-9dfc-ff427c3dfab6" ] } ], "remarks": "COMMENTS: Provide other comments as needed." }, { "uuid": "1541015b-6d19-42cb-a991-624cc082ed4d", "type": "hardware", "title": "[SAMPLE]Product", "description": "FUNCTION: Describe typical component function.", "props": [ { "name": "asset-type", "value": "database" }, { "name": "scan-type", "ns": "https://fedramp.gov/ns/oscal", "value": "infrastructure" }, { "name": "scan-type", "ns": "https://fedramp.gov/ns/oscal", "value": "database" }, { "name": "vendor-name", "value": "Vendor Name" }, { "name": "model", "value": "Model Number" }, { "name": "version", "value": "Version Number" } ], "status": { "state": "operational" }, "responsible-roles": [ { "role-id": "asset-administrator", "party-uuids": [ "b306f5af-b93a-4a7f-a2b2-37a44fc92a79" ] }, { "role-id": "asset-owner", "party-uuids": [ "36b8d6c0-3b25-42cc-b529-cf4066145cdd" ] } ], "remarks": "COMMENTS: Provide other comments as needed." }, { "uuid": "6617f60b-8bac-422d-9939-94f43ddc0f7a", "type": "software", "title": "OS Sample", "description": "None", "props": [ { "name": "asset-type", "value": "operating-system" }, { "name": "scan-type", "ns": "https://fedramp.gov/ns/oscal", "value": "infrastructure" }, { "name": "baseline-configuration-name", "value": "Baseline Config. Name" }, { "name": "allows-authenticated-scan", "value": "yes" } ], "status": { "state": "operational" } }, { "uuid": "120f1404-7c9f-4856-a247-63bd89d9e769", "type": "software", "title": "Database Sample", "description": "None", "props": [ { "name": "asset-type", "value": "database" }, { "name": "scan-type", "ns": "https://fedramp.gov/ns/oscal", "value": "database" }, { "name": "baseline-configuration-name", "value": "Baseline Config. Name" }, { "name": "allows-authenticated-scan", "value": "yes" } ], "status": { "state": "operational" } }, { "uuid": "8f230d84-2f9b-44a3-acdb-019566ab2554", "type": "software", "title": "Appliance Sample", "description": "None", "props": [ { "name": "asset-type", "value": "appliance" }, { "name": "scan-type", "ns": "https://fedramp.gov/ns/oscal", "value": "web" }, { "name": "login-url", "ns": "https://fedramp.gov/ns/oscal", "value": "https://admin.offering.com/login" }, { "name": "baseline-configuration-name", "value": "Baseline Config. Name" }, { "name": "allows-authenticated-scan", "value": "no", "remarks": "Vendor appliance. No admin-level access." } ], "status": { "state": "operational" } }, { "uuid": "88b8d7bb-ba23-4430-bf62-028eab822050", "type": "policy", "title": "[EXAMPLE]Policies", "description": "[EXAMPLE]component representing a collection of policies in appendix A.", "links": [ { "href": "#330bac69-5840-479a-981b-afda037d7a6f", "rel": "policy" }, { "href": "#184d2fc9-6c9e-4302-acb3-8c24f6843c79", "rel": "policy" }, { "href": "#64977a9e-cd62-4c04-891e-7943e9046179", "rel": "policy" }, { "href": "#f81fe324-844f-4b53-b915-8c72b6fde8cf", "rel": "policy" }, { "href": "#eb4467a5-c3ca-4cac-9181-557886d7d1dc", "rel": "policy" }, { "href": "#4c4395c5-a126-4b77-8c62-cac98c563915", "rel": "policy" }, { "href": "#f6070655-ac54-4c4c-847e-d073bcf23baf", "rel": "policy" }, { "href": "#e39a9f53-984b-429f-a062-a815228c6687", "rel": "policy" }, { "href": "#8b009787-771c-4b02-9a8f-3f3b581e9464", "rel": "policy" }, { "href": "#776b9f3b-2896-4118-87d9-7a5e62149afb", "rel": "policy" }, { "href": "#a54bc32c-6bae-4c89-b5b4-9299c56893fb", "rel": "policy" }, { "href": "#9de28452-4b02-4b49-b316-59142a7633c1", "rel": "policy" }, { "href": "#34f3388e-e5b2-4d85-b050-19f62dba6d7e", "rel": "policy" }, { "href": "#53fbc1b6-0f3c-4298-9554-da5acfef3a5a", "rel": "policy" }, { "href": "#f969f849-8920-4325-9abe-dcc7133518d6", "rel": "policy" }, { "href": "#03ae437f-fffc-48e3-81f1-4040fce2d6e3", "rel": "policy" }, { "href": "#7a5ee0b7-402c-487f-8ac7-e1735b991674", "rel": "policy" } ], "status": { "state": "operational" }, "remarks": "Links to the components, attached as a `resource` in `back-matter`." }, { "uuid": "fa90644a-8bf8-47da-b0d3-82bffc708afc", "type": "procedure", "title": "[EXAMPLE]Procedures", "description": "[EXAMPLE]component representing a collection of procedures in appendix A.", "links": [ { "href": "#e1fa7a30-efb8-4738-b4e2-7fbeb86644cd", "rel": "procedure" }, { "href": "#ce9f3af2-f4bc-47b5-bc25-df52a917748b", "rel": "procedure" }, { "href": "#b1cdaad8-2127-4563-b248-3d2777307c4f", "rel": "procedure" }, { "href": "#a552272e-803c-40db-895c-5de35c76d871", "rel": "procedure" }, { "href": "#b4c87da0-0f96-4231-a3c1-2d1a9d0b99a3", "rel": "procedure" }, { "href": "#2f1cb360-a743-4ebe-915a-27f215f44dc5", "rel": "procedure" }, { "href": "#08a6ab70-8c56-4713-ae9c-81fbb6594943", "rel": "procedure" }, { "href": "#649eac51-c21b-4cb2-bd10-7828e0522e50", "rel": "procedure" }, { "href": "#fd29a63b-2a08-4d56-b91e-aadfa4c0f55b", "rel": "procedure" }, { "href": "#908175c9-7502-4ab4-b469-80450ed18a8b", "rel": "procedure" }, { "href": "#22522abe-fd09-4476-b09f-c6422b72bf12", "rel": "procedure" }, { "href": "#937dfbb6-9d82-4974-be85-23f1e4b130d8", "rel": "procedure" }, { "href": "#552dec25-74a9-4cbe-b3b0-f865d99bfa9d", "rel": "procedure" }, { "href": "#1a852337-d28f-4a66-a367-68aebec35698", "rel": "procedure" }, { "href": "#4a59a06d-3b1b-410f-b067-3fe1dab083f2", "rel": "procedure" }, { "href": "#936093ce-a567-4592-8fcc-eeeef024cdd4", "rel": "procedure" }, { "href": "#ac953d62-a392-499f-b832-b90b325cceb6", "rel": "procedure" } ], "status": { "state": "operational" }, "remarks": "Links to the components, attached as a `resource` in `back-matter`." }, { "uuid": "d5841417-de4c-4d84-ab3c-39dd1fd32a96", "type": "service", "title": "[SAMPLE]Service Name", "description": "Describe the service", "purpose": "Describe the reason the service is needed.", "links": [ { "href": "60f92bcf-f353-4236-9803-2a5d417555f4", "rel": "used-by" }, { "href": "77A1614A-57B3-4B32-9FEE-613A6520EC58", "rel": "provided-by" } ], "status": { "state": "operational" }, "protocols": [ { "uuid": "653ad9b9-9c78-4bc0-8a93-6ebd3c0fce54", "name": "http", "port-ranges": [ { "start": 80, "end": 80, "transport": "TCP" } ] }, { "uuid": "3ac9b137-479e-47d4-bc7e-aaa97c76aa63", "name": "https", "port-ranges": [ { "start": 443, "end": 443, "transport": "TCP" } ] } ], "remarks": "Section 10.2, Table 10-1. Ports, Protocols and Services\n\n **SERVICES ARE NOW COMPONENTS WITH type='service'** " }, { "uuid": "2812ef51-61e7-4505-afbb-da5a073a2a5b", "type": "interconnection", "title": "[EXAMPLE]Authorized Connection Information System Name", "description": "Briefly describe the interconnection.", "props": [ { "name": "service-processor", "ns": "https://fedramp.gov/ns/oscal", "value": "[SAMPLE] Telco Name" }, { "name": "ipv4-address", "value": "10.1.1.1", "class": "local" }, { "name": "ipv4-address", "value": "10.2.2.2", "class": "remote" }, { "name": "ipv6-address", "value": "2001:0000:0000:0000:0000:ffff:0a02:0202" }, { "name": "direction", "value": "incoming" }, { "name": "direction", "value": "outgoing" }, { "name": "information", "ns": "https://fedramp.gov/ns/oscal", "value": "Describe the information being transmitted." }, { "name": "port", "ns": "https://fedramp.gov/ns/oscal", "value": "80", "class": "remote" }, { "name": "interconnection-security", "ns": "https://fedramp.gov/ns/oscal", "value": "ipsec", "remarks": "If \\\"other\\\", remarks are required. Optional otherwise." } ], "links": [ { "href": "#9d6cf2b4-8e88-4040-a33c-7bc206553a1a", "rel": "isa-agreement" } ], "status": { "state": "operational" }, "responsible-roles": [ { "role-id": "isa-poc-remote", "party-uuids": [ "09ad840f-aa79-43aa-9f22-25182c2ab11b" ] }, { "role-id": "isa-poc-local", "party-uuids": [ "09ad840f-aa79-43aa-9f22-25182c2ab11b" ] }, { "role-id": "isa-authorizing-official-remote", "party-uuids": [ "09ad840f-aa79-43aa-9f22-25182c2ab11b" ] }, { "role-id": "isa-authorizing-official-local", "party-uuids": [ "09ad840f-aa79-43aa-9f22-25182c2ab11b" ] } ], "remarks": "Optional notes about this interconnection" }, { "uuid": "55b55b3d-3bd9-409a-bc87-3b9a2074bacd", "type": "network", "title": "IPv4 Production Subnet", "description": "IPv4 Production Subnet.", "status": { "state": "operational" } }, { "uuid": "c0dbefa1-c8e8-4ca8-bd73-67cb7b1fa3f6", "type": "network", "title": "IPv4 Management Subnet", "description": "IPv4 Management Subnet.", "status": { "state": "operational" } }, { "uuid": "60f92bcf-f353-4236-9803-2a5d417555f5", "type": "service", "title": "Email Service", "description": "Email Service", "links": [ { "href": "60f92bcf-f353-4236-9803-2a5d417555f4", "rel": "used-by" } ], "status": { "state": "operational" } } ], "inventory-items": [ { "uuid": "98e37f90-fbb5-4177-badb-9b55229cc183", "description": "Legacy Example (No implemented-component).", "props": [ { "name": "asset-id", "value": "unique-asset-ID-1" }, { "name": "ipv4-address", "value": "10.1.1.1" }, { "name": "ipv6-address", "value": "2001:db8:3333:4444:5555:6666:7777:8888" }, { "name": "virtual", "value": "no" }, { "name": "public", "value": "no" }, { "name": "fqdn", "value": "dns.name" }, { "name": "uri", "value": "uniform.resource.identifier" }, { "name": "netbios-name", "value": "netbios-name" }, { "name": "mac-address", "value": "00:00:00:00:00:00" }, { "name": "software-name", "value": "software-name" }, { "name": "asset-type", "value": "operating-system" }, { "name": "serial-number", "value": "Serial #" }, { "name": "asset-tag", "value": "Asset Tag" }, { "name": "vlan-id", "value": "VLAN Identifier" }, { "name": "network-id", "value": "Network Identifier" }, { "name": "scan-type", "ns": "https://fedramp.gov/ns/oscal", "value": "infrastructure" }, { "name": "allows-authenticated-scan", "value": "no", "remarks": "If no, explain why. If yes, omit remarks field." }, { "name": "baseline-configuration-name", "value": "Baseline Config. Name" }, { "name": "physical-location", "value": "Physical location of Asset" }, { "name": "is-scanned", "value": "yes", "remarks": "If no, explain why. If yes, omit remarks field." }, { "name": "function", "value": "Required brief, text-based description.", "remarks": "Optional, longer, formatted description." } ], "links": [ { "href": "#95beec7e-6f82-4aaa-8211-969cd7c1f1ab", "rel": "validation" } ], "responsible-parties": [ { "role-id": "asset-owner", "party-uuids": [ "db234cb7-1776-425c-9ac4-b067c1723011" ] }, { "role-id": "asset-administrator", "party-uuids": [ "b306f5af-b93a-4a7f-a2b2-37a44fc92a79" ] } ], "implemented-components": [ { "component-uuid": "05ceb8df-52e7-49db-9719-891723f366bd", "remarks": "This links to a FIPS 140-2 validated software component that is used by this inventory item. This type of linkage to a validation through the component is preferable to the link[rel='validation'] example above." } ], "remarks": "COMMENTS: Additional information about this item." }, { "uuid": "c916d3c5-229e-4786-bf3f-4d71baa0e7a5", "description": "Component Inventory Example", "props": [ { "name": "asset-id", "value": "unique-asset-ID-2" }, { "name": "ipv4-address", "value": "10.2.2.2" }, { "name": "ipv6-address", "value": "0000:0000:0000:0000:0000:ffff:0a02:0202" }, { "name": "mac-address", "value": "00:00:00:00:00:00" }, { "name": "asset-type", "value": "appliance" }, { "name": "virtual", "value": "no" }, { "name": "public", "value": "no" }, { "name": "fqdn", "value": "dns.name" }, { "name": "uri", "value": "uniform.resource.locator" }, { "name": "netbios-name", "value": "netbios-name" }, { "name": "baseline-configuration-name", "value": "Baseline Configuration Name" }, { "name": "physical-location", "value": "Physical location of Asset" }, { "name": "allows-authenticated-scan", "value": "no", "remarks": "If no, explain why. If yes, omit remark." }, { "name": "scan-type", "ns": "https://fedramp.gov/ns/oscal", "value": "infrastructure" } ], "responsible-parties": [ { "role-id": "asset-owner", "party-uuids": [ "3360e343-9860-4bda-9dfc-ff427c3dfab6" ] }, { "role-id": "asset-administrator", "party-uuids": [ "b306f5af-b93a-4a7f-a2b2-37a44fc92a79" ] } ], "implemented-components": [ { "component-uuid": "05ceb8df-52e7-49db-9719-891723f366bd", "props": [ { "name": "asset-id", "value": "unique-asset-ID-3" } ] } ], "remarks": "COMMENTS: If needed, provide additional information about this inventory item." }, { "uuid": "37c00d5a-ccf2-4112-a0ee-8460be8cff40", "description": "None.", "props": [ { "name": "asset-id", "value": "unique-asset-ID-4" }, { "name": "asset-type", "value": "web-server" }, { "name": "virtual", "value": "yes" }, { "name": "public", "value": "no" }, { "name": "ipv4-address", "value": "10.3.3.3" }, { "name": "ipv6-address", "value": "0000:0000:0000:0000:0000:ffff:0a03:0303" }, { "name": "is-scanned", "value": "yes" }, { "name": "scan-type", "ns": "https://fedramp.gov/ns/oscal", "value": "infrastructure" } ], "implemented-components": [ { "component-uuid": "1541015b-6d19-42cb-a991-624cc082ed4d" } ] }, { "uuid": "fb7a84fb-7e30-4f5b-9997-2ecd4d270bdd", "description": "None.", "props": [ { "name": "asset-id", "value": "unique-asset-ID-5" }, { "name": "asset-type", "value": "appliance" }, { "name": "virtual", "value": "yes" }, { "name": "public", "value": "no" }, { "name": "ipv4-address", "value": "10.4.4.4" }, { "name": "ipv6-address", "value": "0000:0000:0000:0000:0000:ffff:0a04:0404" }, { "name": "is-scanned", "value": "yes" }, { "name": "scan-type", "ns": "https://fedramp.gov/ns/oscal", "value": "infrastructure" } ], "implemented-components": [ { "component-uuid": "05ceb8df-52e7-49db-9719-891723f366bd" } ] }, { "uuid": "779d4e89-bba6-432c-b50d-d699fe534129", "description": "None.", "props": [ { "name": "asset-id", "value": "unique-asset-ID-6" }, { "name": "asset-type", "value": "firewall" }, { "name": "ipv4-address", "value": "10.5.5.5" }, { "name": "ipv6-address", "value": "0000:0000:0000:0000:0000:ffff:0a05:0505" }, { "name": "virtual", "value": "no" }, { "name": "public", "value": "yes" }, { "name": "is-scanned", "value": "yes" }, { "name": "scan-type", "ns": "https://fedramp.gov/ns/oscal", "value": "infrastructure" } ], "implemented-components": [ { "component-uuid": "8f230d84-2f9b-44a3-acdb-019566ab2554" } ] }, { "uuid": "20b207d5-5e77-4501-b02d-5d2a6e88db85", "description": "None.", "props": [ { "name": "asset-id", "value": "unique-asset-ID-7" }, { "name": "ipv4-address", "value": "10.6.6.6" }, { "name": "ipv6-address", "value": "0000:0000:0000:0000:0000:ffff:0a06:0606" }, { "name": "asset-type", "value": "router" }, { "name": "virtual", "value": "no" }, { "name": "public", "value": "no" }, { "name": "is-scanned", "value": "no", "remarks": "Asset wasn't running at time of scan." } ], "implemented-components": [ { "component-uuid": "05ceb8df-52e7-49db-9719-891723f366bd" } ] }, { "uuid": "79b4f0d1-91ab-49e8-af28-045c12aa9272", "description": "None.", "props": [ { "name": "asset-id", "value": "unique-asset-ID-8" }, { "name": "asset-type", "value": "switch" }, { "name": "ipv4-address", "value": "10.7.7.7" }, { "name": "ipv6-address", "value": "0000:0000:0000:0000:0000:ffff:0a07:0707" }, { "name": "virtual", "value": "no" }, { "name": "public", "value": "no" }, { "name": "is-scanned", "value": "yes" }, { "name": "scan-type", "ns": "https://fedramp.gov/ns/oscal", "value": "infrastructure" } ], "implemented-components": [ { "component-uuid": "1541015b-6d19-42cb-a991-624cc082ed4d" } ] }, { "uuid": "b31b360d-b58b-4c7c-b344-68e17238d858", "description": "None.", "props": [ { "name": "asset-id", "value": "unique-asset-ID-9" }, { "name": "asset-type", "value": "web-server" }, { "name": "ipv4-address", "value": "10.8.8.8" }, { "name": "ipv6-address", "value": "0000:0000:0000:0000:0000:ffff:0a08:0808" }, { "name": "virtual", "value": "yes" }, { "name": "public", "value": "no" }, { "name": "is-scanned", "value": "no", "remarks": "Asset wasn't running at time of scan." } ], "implemented-components": [ { "component-uuid": "05ceb8df-52e7-49db-9719-891723f366bd" } ] }, { "uuid": "13c94c20-e4c4-44ee-bbbf-3d14fb01cb18", "description": "Email-Service", "props": [ { "name": "asset-id", "value": "unique-asset-ID-10" }, { "name": "asset-type", "value": "email-server" }, { "name": "ipv4-address", "value": "10.10.10.100" }, { "name": "ipv6-address", "value": "0000:0000:0000:0000:0000:ffff:0a08:0808" }, { "name": "virtual", "value": "yes" }, { "name": "public", "value": "no" }, { "name": "is-scanned", "value": "yes" }, { "name": "scan-type", "ns": "https://fedramp.gov/ns/oscal", "value": "infrastructure" } ], "implemented-components": [ { "component-uuid": "60f92bcf-f353-4236-9803-2a5d417555f5" } ] } ] }, "control-implementation": { "description": "Appendix A - FedRAMP SSP Rev5 Template\n\nThis description field is required by OSCAL.\n\nFedRAMP does not require any specific information here.", "implemented-requirements": [ { "uuid": "eee8697a-bc39-45aa-accc-d3e534932efb", "control-id": "ac-1", "props": [ { "name": "planned-completion-date", "ns": "https://fedramp.gov/ns/oscal", "value": "2024-01-31Z" }, { "name": "implementation-status", "ns": "https://fedramp.gov/ns/oscal", "value": "planned", "remarks": "Describe the plan to complete the implementation." }, { "name": "control-origination", "ns": "https://fedramp.gov/ns/oscal", "value": "sp-system" } ], "links": [ { "href": "#330bac69-5840-479a-981b-afda037d7a6f", "rel": "policy" }, { "href": "#e1fa7a30-efb8-4738-b4e2-7fbeb86644cd", "rel": "procedure" } ], "statements": [ { "statement-id": "ac-1_smt", "uuid": "240fa015-01df-4741-bff5-6958c7fb85e5", "by-components": [ { "component-uuid": "60f92bcf-f353-4236-9803-2a5d417555f4", "uuid": "d9d1ce66-ff47-474d-8596-5fdf2af60179", "description": "Describe how the control is satisfied within the system.", "set-parameters": [ { "param-id": "ac-1_prm_1", "values": [ "organization-defined personnel or roles" ] }, { "param-id": "ac-01_odp.05", "values": [ "at least every 3 years" ] }, { "param-id": "ac-01_odp.07", "values": [ "at least annually" ] } ] } ] }, { "statement-id": "ac-1_smt.a.1", "uuid": "fb4d039a-dc4f-46f5-9c1f-f6343eaf69bc", "by-components": [ { "component-uuid": "60f92bcf-f353-4236-9803-2a5d417555f4", "uuid": "3f5612a4-cd1d-4c47-8cae-75d2eaa332cd", "description": "Describe how Part a is satisfied within the system.\n\nLegacy approach. If no policy component is defined, describe here how the policy satisfies part a.\n\nIn this case, a link must be provided to the policy.\n\nFedRAMP prefers all policies and procedures be attached as a resource in the back-matter. The link points to a resource.", "links": [ { "href": "#330bac69-5840-479a-981b-afda037d7a6f", "rel": "policy" }, { "href": "#e1fa7a30-efb8-4738-b4e2-7fbeb86644cd", "rel": "procedure" } ], "remarks": "The specified component is the system itself.\n\nAny control implementation response that can not be associated with another component is associated with the component representing the system." }, { "component-uuid": "88b8d7bb-ba23-4430-bf62-028eab822050", "uuid": "2CF56836-6834-49A9-96CD-4F49C17AAB01", "description": "Describe how this policy component satisfies part a.\n\nComponent approach. This links to a component representing the Identity Management and Access Control Policy.\n\nThat component contains a link to the policy, so it does not have to be linked here too." } ] }, { "statement-id": "ac-1_smt.a.2", "uuid": "c365cf95-5bc0-4599-9773-f4eddf69798d", "by-components": [ { "component-uuid": "60f92bcf-f353-4236-9803-2a5d417555f4", "uuid": "00507a44-e0d7-4fe6-ad20-8d474a84ee15", "description": "Describe how Part b is satisfied within the system.\n\nLegacy approach. If no policy component is defined, describe here how the procedure satisfies part b.\n\nIn this case, a link must be provided to the procedure.\n\nFedRAMP prefers all policies and procedures be attached as a resource in the back-matter. The link points to a resource." }, { "component-uuid": "fa90644a-8bf8-47da-b0d3-82bffc708afc", "uuid": "42ac379e-4abc-4716-809c-119c03b5ac64", "description": "Describe how Part b is satisfied within the system.\n\nLegacy approach. If no policy component is defined, describe here how the procedure satisfies part b.\n\nIn this case, a link must be provided to the procedure.\n\nFedRAMP prefers all policies and procedures be attached as a resource in the back-matter. The link points to a resource." } ] }, { "statement-id": "ac-1_smt.b.1", "uuid": "b46f97ec-55c1-4249-a9b9-3a228f1e3791", "by-components": [ { "component-uuid": "60f92bcf-f353-4236-9803-2a5d417555f4", "uuid": "767666cb-e558-484b-81ca-b0209932425c", "description": "Describe how Part b-1 is satisfied." } ] }, { "statement-id": "ac-1_smt.b.2", "uuid": "59c67969-3d5c-45f1-8e3e-1e642249633f", "by-components": [ { "component-uuid": "60f92bcf-f353-4236-9803-2a5d417555f4", "uuid": "5a869308-1625-4d92-9ed8-ff5d8bd13656", "description": "Describe how Part b-2 is satisfied." } ] } ] }, { "uuid": "7a36cf53-156d-4d1f-9a8b-433f61cc57b7", "control-id": "ac-2", "props": [ { "name": "planned-completion-date", "ns": "https://fedramp.gov/ns/oscal", "value": "2024-01-31Z" }, { "name": "implementation-status", "ns": "https://fedramp.gov/ns/oscal", "value": "planned", "remarks": "Describe the plan to complete the implementation." }, { "name": "control-origination", "ns": "https://fedramp.gov/ns/oscal", "value": "sp-system" }, { "name": "control-origination", "ns": "https://fedramp.gov/ns/oscal", "value": "customer-configured", "remarks": "Describe any customer-configured requirements for satisfying this control." } ], "responsible-roles": [ { "role-id": "admin-unix", "party-uuids": [ "3360e343-9860-4bda-9dfc-ff427c3dfab6" ] }, { "role-id": "information-system-security-officer", "party-uuids": [ "36b8d6c0-3b25-42cc-b529-cf4066145cdd" ] } ], "statements": [ { "statement-id": "ac-2_smt", "uuid": "4a2428eb-41eb-447a-81db-4f6d98a003ce", "by-components": [ { "component-uuid": "60f92bcf-f353-4236-9803-2a5d417555f4", "uuid": "eb710146-1ede-4876-9a3b-02c18408e506", "description": "Describe how the control is satisfied within the system.", "set-parameters": [ { "param-id": "ac-2_prm_1", "values": [ "[SAMPLE]privileged, non-privileged" ] }, { "param-id": "ac-2_prm_2", "values": [ "[SAMPLE]all" ] }, { "param-id": "ac-2_prm_3", "values": [ "[SAMPLE]The Access Control Procedure" ] }, { "param-id": "ac-2_prm_4", "values": [ "at least annually" ] } ] } ] }, { "statement-id": "ac-2_smt.a", "uuid": "24a85abb-25ad-4686-850c-5c0e8ab69a0c", "by-components": [ { "component-uuid": "60f92bcf-f353-4236-9803-2a5d417555f4", "uuid": "b29d1505-69fa-4ad0-834b-d179e7f44f98", "description": "Describe how AC-2, part a is satisfied within this system.\n\nThis points to the \\\"This System\\\" component, and is used any time a more specific component reference is not available.", "export": { "provided": [ { "uuid": "b068e08a-53b9-4f80-ac5f-0476c35c6e46", "description": "Leveraged system's statement of capabilities which may be inherited by a leveraging systems to satisfy AC-2, part a." } ], "responsibilities": [ { "uuid": "39e5b068-deb7-4f93-9a32-2dcce15b1107", "provided-uuid": "b068e08a-53b9-4f80-ac5f-0476c35c6e46", "description": "Leveraged system's statement of a leveraging system's responsibilities in satisfaction of AC-2, part a.\n\nNot associated with inheritance, thus associated this with the by-component for \\\"this system\\\".", "responsible-roles": [ { "role-id": "cloud-service-provider", "party-uuids": [ "6b286b5d-8f07-4fa7-8847-1dd0d88f73fb" ] } ] } ] } }, { "component-uuid": "d5841417-de4c-4d84-ab3c-39dd1fd32a96", "uuid": "8a72663c-28c7-41c2-8739-f1ee2d5761ac", "description": "For the portion of the control satisfied by the application component of this system, describe **how** the control is met.", "export": { "provided": [ { "uuid": "11111111-0000-4000-9009-002001002001", "description": "Consumer-appropriate description of what may be inherited from this application component by a leveraging system.\n\nIn the context of the application component in satisfaction of AC-2, part a.", "responsible-roles": [ { "role-id": "customer", "party-uuids": [ "f595397b-cbe4-4a87-8c86-9bff91c4e7fd" ] } ] } ], "responsibilities": [ { "uuid": "11111111-0000-4000-9009-002001002002", "provided-uuid": "11111111-0000-4000-9009-002001002001", "description": "Leveraging system's responsibilities with respect to inheriting this capability from this application.\n\nIn the context of the application component in satisfaction of AC-2, part a.", "responsible-roles": [ { "role-id": "customer", "party-uuids": [ "f595397b-cbe4-4a87-8c86-9bff91c4e7fd" ] } ] } ] }, "remarks": "The component-uuid above points to the \\\"this system\\\" component.\n\nAny control response content that does not cleanly fit another system component is placed here. This includes customer responsibility content.\n\nThis can also be used to provide a summary, such as a holistic overview of how multiple components work together.\n\nWhile the \\\"this system\\\" component is not explicitly required within every `statement`, it will typically be present." }, { "component-uuid": "e82e6e07-0c62-417e-8a19-3744991b4c65", "uuid": "84de735f-ba37-4bb4-b784-79760f986a40", "description": "For the portion inherited from an underlying FedRAMP-authorized provider, describe **what** is inherited.", "inherited": [ { "uuid": "780A3910-2019-4D33-A2F9-5C6AC91929D6", "provided-uuid": "11111111-0000-4000-9009-002001002001", "description": "Optional description.\n\nConsumer-appropriate description of what may be inherited as provided by the leveraged system.\n\nIn the context of this component in satisfaction of AC-2, part a.\n\nThe `provided-uuid` links this to the same statement in the leveraged system's SSP.\n\nIt may be linked directly, but is more commonly provided via an OSCAL-based CRM (Inheritance and Responsibility Model)." } ], "satisfied": [ { "uuid": "6486F725-1372-434F-9B1B-7CF3F50C32D1", "responsibility-uuid": "11111111-0000-4000-9009-002001002002", "description": "Description of how the responsibility was satisfied.\n\nThe `responsibility-uuid` links this to the same statement in the leveraged system's SSP.\n\nIt may be linked directly, but is more commonly provided via an OSCAL-based CRM (Inheritance and Responsibility Model).\n\nTools should use this to ensure all identified customer `responsibility` statements have a corresponding `satisfied` statement in the leveraging system's SSP.\n\nTool developers should be mindful that " } ] } ] } ] }, { "uuid": "c332a6f8-bbe6-4ee9-aaea-d89d251c68df", "control-id": "at-1", "props": [ { "name": "planned-completion-date", "ns": "https://fedramp.gov/ns/oscal", "value": "2024-01-31Z" }, { "name": "implementation-status", "ns": "https://fedramp.gov/ns/oscal", "value": "planned", "remarks": "Describe the plan to complete the implementation." }, { "name": "control-origination", "ns": "https://fedramp.gov/ns/oscal", "value": "sp-system" } ], "links": [ { "href": "#184d2fc9-6c9e-4302-acb3-8c24f6843c79", "rel": "policy" }, { "href": "#ce9f3af2-f4bc-47b5-bc25-df52a917748b", "rel": "procedure" } ], "responsible-roles": [ { "role-id": "information-system-security-officer", "party-uuids": [ "36b8d6c0-3b25-42cc-b529-cf4066145cdd" ] } ], "statements": [ { "statement-id": "at-1_smt", "uuid": "ba380f9b-4364-4c0e-8629-cbada5d7d6b9", "by-components": [ { "component-uuid": "60f92bcf-f353-4236-9803-2a5d417555f4", "uuid": "490ebd59-a44b-46d6-9ecf-48a9e0103488", "description": "Describe how the control is satisfied within the system.", "set-parameters": [ { "param-id": "at-1_prm_1", "values": [ "organization-defined personnel or roles" ] }, { "param-id": "at-1_prm_2", "values": [ "at least every 3 years" ] }, { "param-id": "at-1_prm_3", "values": [ "at least annually" ] } ] } ] }, { "statement-id": "at-1_smt.a", "uuid": "ee5a11fb-9bae-4680-8f8c-575c85d47355", "by-components": [ { "component-uuid": "60f92bcf-f353-4236-9803-2a5d417555f4", "uuid": "fa90644a-8bf8-47da-b0d3-82bffc708afc", "description": "Describe how Part a is satisfied." }, { "component-uuid": "88b8d7bb-ba23-4430-bf62-028eab822050", "uuid": "da8633d1-38e8-4917-a62a-4b4427e6f50c", "description": "Describe how this policy component satisfies part a.\n\nComponent approach. This links to a component representing the Policy.\n\nThat component contains a link to the policy, so it does not have to be linked here too." }, { "component-uuid": "fa90644a-8bf8-47da-b0d3-82bffc708afc", "uuid": "a8e2c8b2-93ac-4c10-8f4e-55e1b7b57945", "description": "Describe how this procedure component satisfies part a.\n\nComponent approach. This links to a component representing the procedure.\n\nThat component contains a link to the procedure, so it does not have to be linked here too." } ] }, { "statement-id": "at-1_smt.b.1", "uuid": "29192f0b-edb1-4820-b951-65ffdc64bb3e", "by-components": [ { "component-uuid": "60f92bcf-f353-4236-9803-2a5d417555f4", "uuid": "5a5e5c3e-1108-47f1-a83f-05e0394219db", "description": "Describe how Part b-1 is satisfied." } ] }, { "statement-id": "at-1_smt.b.2", "uuid": "23a9bfa7-6e3f-4e00-a120-791b26a9157e", "by-components": [ { "component-uuid": "60f92bcf-f353-4236-9803-2a5d417555f4", "uuid": "fcc63699-04ab-4b69-b7b9-a13bee6685b3", "description": "Describe how Part b-2 is satisfied." } ] } ] }, { "uuid": "381c8d0c-e6ec-41a9-9b16-01657226c70f", "control-id": "au-1", "props": [ { "name": "planned-completion-date", "ns": "https://fedramp.gov/ns/oscal", "value": "2024-01-31Z" }, { "name": "implementation-status", "ns": "https://fedramp.gov/ns/oscal", "value": "planned", "remarks": "Describe the plan to complete the implementation." }, { "name": "control-origination", "ns": "https://fedramp.gov/ns/oscal", "value": "sp-system" } ], "links": [ { "href": "#64977a9e-cd62-4c04-891e-7943e9046179", "rel": "policy" }, { "href": "#b1cdaad8-2127-4563-b248-3d2777307c4f", "rel": "procedure" } ], "responsible-roles": [ { "role-id": "information-system-security-officer", "party-uuids": [ "36b8d6c0-3b25-42cc-b529-cf4066145cdd" ] } ], "statements": [ { "statement-id": "au-1_smt", "uuid": "a9a883f4-f550-4f11-941a-2eb9ce9c3faf", "by-components": [ { "component-uuid": "60f92bcf-f353-4236-9803-2a5d417555f4", "uuid": "e985ae45-6ab4-4f12-8699-3ebf87e35bd5", "description": "Describe how the control is satisfied within the system.", "set-parameters": [ { "param-id": "au-1_prm_1", "values": [ "organization-defined personnel or roles" ] }, { "param-id": "au-1_prm_2", "values": [ "at least every 3 years" ] }, { "param-id": "au-1_prm_3", "values": [ "at least annually" ] } ] } ] }, { "statement-id": "au-1_smt.a", "uuid": "9a2bd937-226e-4aaf-8261-2cf0c2e3aa10", "by-components": [ { "component-uuid": "60f92bcf-f353-4236-9803-2a5d417555f4", "uuid": "30042cb9-ff85-472f-b769-68bd7bb5bbd9", "description": "For the portion of the control satisfied by the service provider, describe **how** the control is met.", "links": [ { "href": "#64977a9e-cd62-4c04-891e-7943e9046179", "rel": "policy" } ] }, { "component-uuid": "88b8d7bb-ba23-4430-bf62-028eab822050", "uuid": "d3fca6df-63b7-4b73-b49c-c954e73c7ddb", "description": "Describe how this policy component satisfies part a.\n\nComponent approach. This links to a component representing the Policy.\n\nThat component contains a link to the policy, so it does not have to be linked here too." }, { "component-uuid": "fa90644a-8bf8-47da-b0d3-82bffc708afc", "uuid": "34cc172b-e868-4570-9947-c86b3612f2fb", "description": "Describe how this procedure component satisfies part a.\n\nComponent approach. This links to a component representing the procedure.\n\nThat component contains a link to the procedure, so it does not have to be linked here too." } ] }, { "statement-id": "au-1_smt.b.1", "uuid": "d01f186f-a14f-4e22-b069-84a55e48a112", "by-components": [ { "component-uuid": "60f92bcf-f353-4236-9803-2a5d417555f4", "uuid": "f41962c7-b53b-46f8-a84f-4aba25904bb8", "description": "For the portion of the control satisfied by the service provider, describe **how** the control is met.", "links": [ { "href": "#64977a9e-cd62-4c04-891e-7943e9046179", "rel": "policy" } ] } ] }, { "statement-id": "au-1_smt.b.2", "uuid": "ea153acb-2bd0-41d9-8ebd-ba022d31230a", "by-components": [ { "component-uuid": "60f92bcf-f353-4236-9803-2a5d417555f4", "uuid": "9ad59f0d-17a2-4f3f-af6a-a8529d692195", "description": "For the portion of the control satisfied by the service provider, describe **how** the control is met.", "links": [ { "href": "#64977a9e-cd62-4c04-891e-7943e9046179", "rel": "policy" } ] } ] } ] }, { "uuid": "43e388d9-3854-44f6-8c6f-17a6d51ee6a2", "control-id": "ca-1", "props": [ { "name": "planned-completion-date", "ns": "https://fedramp.gov/ns/oscal", "value": "2024-01-31Z" }, { "name": "implementation-status", "ns": "https://fedramp.gov/ns/oscal", "value": "planned", "remarks": "Describe the plan to complete the implementation." }, { "name": "control-origination", "ns": "https://fedramp.gov/ns/oscal", "value": "sp-system" } ], "links": [ { "href": "#f81fe324-844f-4b53-b915-8c72b6fde8cf", "rel": "policy" }, { "href": "#a552272e-803c-40db-895c-5de35c76d871", "rel": "procedure" } ], "responsible-roles": [ { "role-id": "information-system-security-officer", "party-uuids": [ "36b8d6c0-3b25-42cc-b529-cf4066145cdd" ] } ], "statements": [ { "statement-id": "ca-1_smt", "uuid": "cf2fa346-171d-48a1-a96a-0c6ca209f19c", "by-components": [ { "component-uuid": "60f92bcf-f353-4236-9803-2a5d417555f4", "uuid": "48f6a417-4669-4f18-a350-d2274d15e859", "description": "Describe how the control is satisfied within the system.", "set-parameters": [ { "param-id": "ca-1_prm_1", "values": [ "organization-defined personnel or roles" ] }, { "param-id": "ca-1_prm_2", "values": [ "at least every 3 years" ] }, { "param-id": "ca-1_prm_3", "values": [ "at least annually" ] } ] } ] }, { "statement-id": "ca-1_smt.a", "uuid": "e7bd0a7e-5f92-4769-8cd3-76ad2f663a5c", "by-components": [ { "component-uuid": "60f92bcf-f353-4236-9803-2a5d417555f4", "uuid": "e5815f1d-ec94-4d98-8896-ec57e339bd7b", "description": "For the portion of the control satisfied by the service provider, describe **how** the control is met." }, { "component-uuid": "88b8d7bb-ba23-4430-bf62-028eab822050", "uuid": "2b0ec2a8-0ec2-44e3-afaa-e900941643d8", "description": "Describe how this policy component satisfies part a.\n\nComponent approach. This links to a component representing the Policy.\n\nThat component contains a link to the policy, so it does not have to be linked here too." }, { "component-uuid": "fa90644a-8bf8-47da-b0d3-82bffc708afc", "uuid": "f8ecdae7-a46c-4a02-b4a2-976506d5a933", "description": "Describe how this procedure component satisfies part a.\n\nComponent approach. This links to a component representing the procedure.\n\nThat component contains a link to the procedure, so it does not have to be linked here too." } ] }, { "statement-id": "ca-1_smt.b.1", "uuid": "b2c3ec86-b976-4e5a-9dc3-4ac2d570765e", "by-components": [ { "component-uuid": "60f92bcf-f353-4236-9803-2a5d417555f4", "uuid": "ca6b2bd5-3ddf-4167-a942-06e1955e49f8", "description": "For the portion of the control satisfied by the service provider, describe **how** the control is met." } ] }, { "statement-id": "ca-1_smt.b.2", "uuid": "e9474eb8-36d6-4eab-abeb-f9bd17e66b22", "by-components": [ { "component-uuid": "60f92bcf-f353-4236-9803-2a5d417555f4", "uuid": "507b8b9d-2d40-4748-81c9-c5a13c8f8f05", "description": "For the portion of the control satisfied by the service provider, describe **how** the control is met." } ] } ] }, { "uuid": "c8e45d78-2afe-42ae-80e1-c1e2499a0346", "control-id": "cm-1", "props": [ { "name": "planned-completion-date", "ns": "https://fedramp.gov/ns/oscal", "value": "2024-01-31Z" }, { "name": "implementation-status", "ns": "https://fedramp.gov/ns/oscal", "value": "planned", "remarks": "Describe the plan to complete the implementation." }, { "name": "control-origination", "ns": "https://fedramp.gov/ns/oscal", "value": "sp-system" } ], "links": [ { "href": "#eb4467a5-c3ca-4cac-9181-557886d7d1dc", "rel": "policy" }, { "href": "#b4c87da0-0f96-4231-a3c1-2d1a9d0b99a3", "rel": "procedure" } ], "responsible-roles": [ { "role-id": "information-system-security-officer", "party-uuids": [ "36b8d6c0-3b25-42cc-b529-cf4066145cdd" ] } ], "statements": [ { "statement-id": "cm-1_smt", "uuid": "ad732048-a744-456f-9555-c80fdf4cd304", "by-components": [ { "component-uuid": "60f92bcf-f353-4236-9803-2a5d417555f4", "uuid": "406e6a62-7b5f-48c6-b56f-1f17974fbde8", "description": "Describe how the control is satisfied within the system.", "set-parameters": [ { "param-id": "cm-1_prm_1", "values": [ "organization-defined personnel or roles" ] }, { "param-id": "cm-1_prm_2", "values": [ "at least every 3 years" ] }, { "param-id": "cm-1_prm_3", "values": [ "at least annually" ] } ] } ] }, { "statement-id": "cm-1_smt.a", "uuid": "52339583-19b6-4774-9213-50b9f42fe51f", "by-components": [ { "component-uuid": "60f92bcf-f353-4236-9803-2a5d417555f4", "uuid": "2916ebd5-c45a-466e-b8e9-00dd15b0c94d", "description": "For the portion of the control satisfied by the service provider, describe **how** the control is met." }, { "component-uuid": "88b8d7bb-ba23-4430-bf62-028eab822050", "uuid": "a1606990-7d49-43a5-b881-f1f177221dda", "description": "Describe how this policy component satisfies part a.\n\nComponent approach. This links to a component representing the Policy.\n\nThat component contains a link to the policy, so it does not have to be linked here too." }, { "component-uuid": "fa90644a-8bf8-47da-b0d3-82bffc708afc", "uuid": "4ae3ed72-ea26-469e-a78e-02dcdca7d857", "description": "Describe how this procedure component satisfies part a.\n\nComponent approach. This links to a component representing the procedure.\n\nThat component contains a link to the procedure, so it does not have to be linked here too." } ] }, { "statement-id": "cm-1_smt.b.1", "uuid": "f9cc6f3f-c64f-4fae-9a32-f964ebdc8e74", "by-components": [ { "component-uuid": "60f92bcf-f353-4236-9803-2a5d417555f4", "uuid": "678db1d2-a538-4986-ac94-63da312fe3f9", "description": "For the portion of the control satisfied by the service provider, describe **how** the control is met." } ] }, { "statement-id": "cm-1_smt.b.2", "uuid": "c548a71f-41d6-4e8c-b400-1764379348c4", "by-components": [ { "component-uuid": "60f92bcf-f353-4236-9803-2a5d417555f4", "uuid": "a871cf91-04c7-4e03-9df6-80b3d5afc9bf", "description": "For the portion of the control satisfied by the service provider, describe **how** the control is met." } ] } ] }, { "uuid": "13af9343-73e7-4d71-b386-9a0844fa7e45", "control-id": "cp-1", "props": [ { "name": "planned-completion-date", "ns": "https://fedramp.gov/ns/oscal", "value": "2024-01-31Z" }, { "name": "implementation-status", "ns": "https://fedramp.gov/ns/oscal", "value": "planned", "remarks": "Describe the plan to complete the implementation." }, { "name": "control-origination", "ns": "https://fedramp.gov/ns/oscal", "value": "sp-system" } ], "responsible-roles": [ { "role-id": "information-system-security-officer", "party-uuids": [ "36b8d6c0-3b25-42cc-b529-cf4066145cdd" ] } ], "statements": [ { "statement-id": "cp-1_smt", "uuid": "a719de81-694c-4455-b8db-5f2b6b1d9076", "by-components": [ { "component-uuid": "60f92bcf-f353-4236-9803-2a5d417555f4", "uuid": "adff4737-d9be-4859-a682-bcf1ce9cfb8d", "description": "Describe how the control is satisfied within the system.", "set-parameters": [ { "param-id": "cp-1_prm_1", "values": [ "organization-defined personnel or roles" ] }, { "param-id": "cp-1_prm_2", "values": [ "at least every 3 years" ] }, { "param-id": "cp-1_prm_3", "values": [ "at least annually" ] } ] } ] }, { "statement-id": "cp-1_smt.a", "uuid": "8bde1fa5-eb81-4a1b-9e6e-5827e176025a", "by-components": [ { "component-uuid": "60f92bcf-f353-4236-9803-2a5d417555f4", "uuid": "157d7751-938c-441f-9299-02a339d98532", "description": "For the portion of the control satisfied by the service provider, describe **how** the control is met." }, { "component-uuid": "88b8d7bb-ba23-4430-bf62-028eab822050", "uuid": "7981c7db-ad79-485c-88f0-a2be21f37cd3", "description": "Describe how this policy component satisfies part a.\n\nComponent approach. This links to a component representing the Policy.\n\nThat component contains a link to the policy, so it does not have to be linked here too." }, { "component-uuid": "fa90644a-8bf8-47da-b0d3-82bffc708afc", "uuid": "53057aa8-d286-456b-8542-24f3d01b04f0", "description": "Describe how this procedure component satisfies part a.\n\nComponent approach. This links to a component representing the procedure.\n\nThat component contains a link to the procedure, so it does not have to be linked here too." } ] }, { "statement-id": "cp-1_smt.b.1", "uuid": "2fc9eec1-a49f-4cfa-9f7b-c702a1e21619", "by-components": [ { "component-uuid": "60f92bcf-f353-4236-9803-2a5d417555f4", "uuid": "6358db78-bab1-4139-b512-f65d3e48248b", "description": "For the portion of the control satisfied by the service provider, describe **how** the control is met." } ] }, { "statement-id": "cp-1_smt.b.2", "uuid": "db5b3977-bd51-4505-b3e2-1597bbd4d930", "by-components": [ { "component-uuid": "60f92bcf-f353-4236-9803-2a5d417555f4", "uuid": "3de33bbe-1a15-4d10-b35d-56fd85e24571", "description": "For the portion of the control satisfied by the service provider, describe **how** the control is met." } ] } ] }, { "uuid": "4050c933-3ecc-4a8d-8da7-391364685cbb", "control-id": "ia-1", "props": [ { "name": "planned-completion-date", "ns": "https://fedramp.gov/ns/oscal", "value": "2024-01-31Z" }, { "name": "implementation-status", "ns": "https://fedramp.gov/ns/oscal", "value": "planned", "remarks": "Describe the plan to complete the implementation." }, { "name": "control-origination", "ns": "https://fedramp.gov/ns/oscal", "value": "sp-system" } ], "links": [ { "href": "#f6070655-ac54-4c4c-847e-d073bcf23baf", "rel": "policy" }, { "href": "#08a6ab70-8c56-4713-ae9c-81fbb6594943", "rel": "procedure" } ], "responsible-roles": [ { "role-id": "information-system-security-officer", "party-uuids": [ "36b8d6c0-3b25-42cc-b529-cf4066145cdd" ] } ], "statements": [ { "statement-id": "ia-1_smt", "uuid": "3146724d-b623-45de-a9af-fd7a0556a273", "by-components": [ { "component-uuid": "60f92bcf-f353-4236-9803-2a5d417555f4", "uuid": "7ebf7f73-652d-432d-aa9c-16c718cc5692", "description": "Describe how the control is satisfied within the system.", "set-parameters": [ { "param-id": "ia-1_prm_1", "values": [ "organization-defined personnel or roles" ] }, { "param-id": "ia-1_prm_2", "values": [ "at least every 3 years" ] }, { "param-id": "ia-1_prm_3", "values": [ "at least annually" ] } ] } ] }, { "statement-id": "ia-1_smt.a", "uuid": "ba92e479-705f-47a4-a763-dfc098ba239d", "by-components": [ { "component-uuid": "60f92bcf-f353-4236-9803-2a5d417555f4", "uuid": "5add335d-7375-49f0-843c-ac994e4d147b", "description": "For the portion of the control satisfied by the service provider, describe **how** the control is met." }, { "component-uuid": "88b8d7bb-ba23-4430-bf62-028eab822050", "uuid": "a01f8aa8-fd36-473f-96c9-64000f833afa", "description": "Describe how this policy component satisfies part a.\n\nComponent approach. This links to a component representing the Policy.\n\nThat component contains a link to the policy, so it does not have to be linked here too." }, { "component-uuid": "fa90644a-8bf8-47da-b0d3-82bffc708afc", "uuid": "5f29154a-f7b7-4ef0-8032-894ccef9c2f7", "description": "Describe how this procedure component satisfies part a.\n\nComponent approach. This links to a component representing the procedure.\n\nThat component contains a link to the procedure, so it does not have to be linked here too." } ] }, { "statement-id": "ia-1_smt.b.1", "uuid": "dba8c469-5758-497e-9856-e472a2e08677", "by-components": [ { "component-uuid": "60f92bcf-f353-4236-9803-2a5d417555f4", "uuid": "b04d86a0-b68c-41f0-9c0b-88a8daa457b7", "description": "For the portion of the control satisfied by the service provider, describe **how** the control is met." } ] }, { "statement-id": "ia-1_smt.b.2", "uuid": "b56e37b1-1f4c-479b-bfa1-a2773c2eebfd", "by-components": [ { "component-uuid": "60f92bcf-f353-4236-9803-2a5d417555f4", "uuid": "c8fde380-9a41-404a-a88b-c20479a21618", "description": "For the portion of the control satisfied by the service provider, describe **how** the control is met." } ] } ] }, { "uuid": "229846dc-83cc-4ff2-a9ed-210490a343d9", "control-id": "ir-1", "props": [ { "name": "planned-completion-date", "ns": "https://fedramp.gov/ns/oscal", "value": "2024-01-31Z" }, { "name": "implementation-status", "ns": "https://fedramp.gov/ns/oscal", "value": "planned", "remarks": "Describe the plan to complete the implementation." }, { "name": "control-origination", "ns": "https://fedramp.gov/ns/oscal", "value": "sp-system" } ], "links": [ { "href": "#f6070655-ac54-4c4c-847e-d073bcf23baf", "rel": "policy" }, { "href": "#649eac51-c21b-4cb2-bd10-7828e0522e50", "rel": "procedure" } ], "responsible-roles": [ { "role-id": "information-system-security-officer", "party-uuids": [ "36b8d6c0-3b25-42cc-b529-cf4066145cdd" ] } ], "statements": [ { "statement-id": "ir-1_smt", "uuid": "c0d7699a-45d8-49af-abba-81c5d2fc5d1b", "by-components": [ { "component-uuid": "60f92bcf-f353-4236-9803-2a5d417555f4", "uuid": "053cfba5-18d9-4b51-968c-f486069ec53a", "description": "Describe how the control is satisfied within the system.", "set-parameters": [ { "param-id": "ir-1_prm_1", "values": [ "organization-defined personnel or roles" ] }, { "param-id": "ir-1_prm_2", "values": [ "at least every 3 years" ] }, { "param-id": "ir-1_prm_3", "values": [ "at least annually" ] } ] } ] }, { "statement-id": "ir-1_smt.a", "uuid": "7284efc2-d953-486c-ab8a-3caef6ce06c3", "by-components": [ { "component-uuid": "60f92bcf-f353-4236-9803-2a5d417555f4", "uuid": "7b385445-5e7b-4656-98f1-0f1353aab59e", "description": "For the portion of the control satisfied by the service provider, describe **how** the control is met." }, { "component-uuid": "88b8d7bb-ba23-4430-bf62-028eab822050", "uuid": "f9d24cc5-6b77-4829-bccc-31ef1d468d57", "description": "Describe how this policy component satisfies part a.\n\nComponent approach. This links to a component representing the Policy.\n\nThat component contains a link to the policy, so it does not have to be linked here too." }, { "component-uuid": "fa90644a-8bf8-47da-b0d3-82bffc708afc", "uuid": "3a631a49-17f6-40ad-ab25-dacc2ca724fe", "description": "Describe how this procedure component satisfies part a.\n\nComponent approach. This links to a component representing the procedure.\n\nThat component contains a link to the procedure, so it does not have to be linked here too." } ] }, { "statement-id": "ir-1_smt.b.1", "uuid": "75c37e1a-6e8d-4ef0-99f4-c16f7995706c", "by-components": [ { "component-uuid": "60f92bcf-f353-4236-9803-2a5d417555f4", "uuid": "e7ae4685-2e30-4e00-9ada-b00b5eaf5578", "description": "For the portion of the control satisfied by the service provider, describe **how** the control is met." } ] }, { "statement-id": "ir-1_smt.b.2", "uuid": "900591ec-2006-4622-bc87-59828d884d4f", "by-components": [ { "component-uuid": "60f92bcf-f353-4236-9803-2a5d417555f4", "uuid": "f443c391-479d-492d-b7e9-55c9c2c107be", "description": "For the portion of the control satisfied by the service provider, describe **how** the control is met." } ] } ] }, { "uuid": "f0c6b63f-6b94-448f-bb16-db3d54b91734", "control-id": "ma-1", "props": [ { "name": "planned-completion-date", "ns": "https://fedramp.gov/ns/oscal", "value": "2024-01-31Z" }, { "name": "implementation-status", "ns": "https://fedramp.gov/ns/oscal", "value": "planned", "remarks": "Describe the plan to complete the implementation." }, { "name": "control-origination", "ns": "https://fedramp.gov/ns/oscal", "value": "sp-system" } ], "links": [ { "href": "#8b009787-771c-4b02-9a8f-3f3b581e9464", "rel": "policy" }, { "href": "#fd29a63b-2a08-4d56-b91e-aadfa4c0f55b", "rel": "procedure" } ], "responsible-roles": [ { "role-id": "information-system-security-officer", "party-uuids": [ "36b8d6c0-3b25-42cc-b529-cf4066145cdd" ] } ], "statements": [ { "statement-id": "ma-1_smt", "uuid": "36fd8d6c-4d47-46af-a5be-fca3c0fa143c", "by-components": [ { "component-uuid": "60f92bcf-f353-4236-9803-2a5d417555f4", "uuid": "82d21629-d0e1-40cd-955f-5fccd7bb652a", "description": "Describe how the control is satisfied within the system.", "set-parameters": [ { "param-id": "ma-1_prm_1", "values": [ "organization-defined personnel or roles" ] }, { "param-id": "ma-1_prm_2", "values": [ "at least every 3 years" ] }, { "param-id": "ma-1_prm_3", "values": [ "at least annually" ] } ] } ] }, { "statement-id": "ma-1_smt.a", "uuid": "d609e538-3976-418e-a368-58fc75cd03c0", "by-components": [ { "component-uuid": "60f92bcf-f353-4236-9803-2a5d417555f4", "uuid": "93a9b046-63c4-4628-8547-39bc7d8df70c", "description": "For the portion of the control satisfied by the service provider, describe **how** the control is met." }, { "component-uuid": "88b8d7bb-ba23-4430-bf62-028eab822050", "uuid": "e74b7ecd-7e36-4298-b56e-167ba93ba813", "description": "Describe how this policy component satisfies part a.\n\nComponent approach. This links to a component representing the Policy.\n\nThat component contains a link to the policy, so it does not have to be linked here too." }, { "component-uuid": "fa90644a-8bf8-47da-b0d3-82bffc708afc", "uuid": "a16bb867-a75f-41b5-9513-bed11f090772", "description": "Describe how this procedure component satisfies part a.\n\nComponent approach. This links to a component representing the procedure.\n\nThat component contains a link to the procedure, so it does not have to be linked here too." } ] }, { "statement-id": "ma-1_smt.b.1", "uuid": "df1a6dd8-9e18-4408-8783-cb30e0413f22", "by-components": [ { "component-uuid": "60f92bcf-f353-4236-9803-2a5d417555f4", "uuid": "ad14f76a-a3eb-4349-8f6c-54cd99f1c040", "description": "For the portion of the control satisfied by the service provider, describe **how** the control is met." } ] }, { "statement-id": "ma-1_smt.b.2", "uuid": "f02f759d-7d4c-41f2-b153-f3cc1e157e39", "by-components": [ { "component-uuid": "60f92bcf-f353-4236-9803-2a5d417555f4", "uuid": "32b337f6-eb61-4945-a139-4d2ae7737488", "description": "For the portion of the control satisfied by the service provider, describe **how** the control is met." } ] } ] }, { "uuid": "fa3a9747-3451-456a-aae9-9896e03a52c8", "control-id": "mp-1", "props": [ { "name": "planned-completion-date", "ns": "https://fedramp.gov/ns/oscal", "value": "2024-01-31Z" }, { "name": "implementation-status", "ns": "https://fedramp.gov/ns/oscal", "value": "planned", "remarks": "Describe the plan to complete the implementation." }, { "name": "control-origination", "ns": "https://fedramp.gov/ns/oscal", "value": "sp-system" } ], "links": [ { "href": "#776b9f3b-2896-4118-87d9-7a5e62149afb", "rel": "policy" }, { "href": "#908175c9-7502-4ab4-b469-80450ed18a8b", "rel": "procedure" } ], "responsible-roles": [ { "role-id": "information-system-security-officer", "party-uuids": [ "36b8d6c0-3b25-42cc-b529-cf4066145cdd" ] } ], "statements": [ { "statement-id": "_smt", "uuid": "a2653c46-fbfc-4a70-b318-403f5f13cc46", "by-components": [ { "component-uuid": "60f92bcf-f353-4236-9803-2a5d417555f4", "uuid": "a7e29aef-1cf2-4736-bc9a-ee885d433848", "description": "Describe how the control is satisfied within the system.", "set-parameters": [ { "param-id": "mp-1_prm_1", "values": [ "organization-defined personnel or roles" ] }, { "param-id": "mp-1_prm_2", "values": [ "at least every 3 years" ] }, { "param-id": "mp-1_prm_3", "values": [ "at least annually" ] } ] } ] }, { "statement-id": "mp-1_smt.a", "uuid": "bab45ad3-65ee-43bc-9c3e-c3e4e2db8001", "by-components": [ { "component-uuid": "60f92bcf-f353-4236-9803-2a5d417555f4", "uuid": "6668f521-4d5c-4317-868f-804878675bf2", "description": "For the portion of the control satisfied by the service provider, describe **how** the control is met." }, { "component-uuid": "88b8d7bb-ba23-4430-bf62-028eab822050", "uuid": "b32a203d-aa70-4f72-9f3f-a10e738247cc", "description": "Describe how this policy component satisfies part a.\n\nComponent approach. This links to a component representing the Policy.\n\nThat component contains a link to the policy, so it does not have to be linked here too." }, { "component-uuid": "fa90644a-8bf8-47da-b0d3-82bffc708afc", "uuid": "79170a56-7f2f-4002-9665-6ba6d531b8ab", "description": "Describe how this procedure component satisfies part a.\n\nComponent approach. This links to a component representing the procedure.\n\nThat component contains a link to the procedure, so it does not have to be linked here too." } ] }, { "statement-id": "mp-1_smt.b.1", "uuid": "ca35d4a5-ca73-4b3a-aa66-6c712c7a4a49", "by-components": [ { "component-uuid": "60f92bcf-f353-4236-9803-2a5d417555f4", "uuid": "57e65240-5b41-40ee-89b1-f75d8fb259ad", "description": "For the portion of the control satisfied by the service provider, describe **how** the control is met." } ] }, { "statement-id": "mp-1_smt.b.2", "uuid": "0c5c6eda-9644-46f2-a29c-16fe4e248621", "by-components": [ { "component-uuid": "60f92bcf-f353-4236-9803-2a5d417555f4", "uuid": "ea6c7fa7-ccbf-414c-8c6b-9c928e914b35", "description": "For the portion of the control satisfied by the service provider, describe **how** the control is met." } ] } ] }, { "uuid": "a85ff28e-517c-4455-8bd4-866103a2c94a", "control-id": "pe-1", "props": [ { "name": "planned-completion-date", "ns": "https://fedramp.gov/ns/oscal", "value": "2024-01-31Z" }, { "name": "implementation-status", "ns": "https://fedramp.gov/ns/oscal", "value": "planned", "remarks": "Describe the plan to complete the implementation." }, { "name": "control-origination", "ns": "https://fedramp.gov/ns/oscal", "value": "sp-system" } ], "links": [ { "href": "#a54bc32c-6bae-4c89-b5b4-9299c56893fb", "rel": "policy" }, { "href": "#22522abe-fd09-4476-b09f-c6422b72bf12", "rel": "procedure" } ], "responsible-roles": [ { "role-id": "information-system-security-officer", "party-uuids": [ "36b8d6c0-3b25-42cc-b529-cf4066145cdd" ] } ], "statements": [ { "statement-id": "_smt", "uuid": "35d98964-5e8c-4068-abed-2729cbb1a5e3", "by-components": [ { "component-uuid": "60f92bcf-f353-4236-9803-2a5d417555f4", "uuid": "978ac2cf-b4ce-4eb1-aefd-831b4a6b0f44", "description": "Describe how the control is satisfied within the system.", "set-parameters": [ { "param-id": "pe-1_prm_1", "values": [ "organization-defined personnel or roles" ] }, { "param-id": "pe-1_prm_2", "values": [ "at least every 3 years" ] }, { "param-id": "pe-1_prm_3", "values": [ "at least annually" ] } ] } ] }, { "statement-id": "pe-1_smt.a", "uuid": "11fd3e46-4735-4986-91bc-747345fe608a", "by-components": [ { "component-uuid": "60f92bcf-f353-4236-9803-2a5d417555f4", "uuid": "dceb4401-c1fd-41a7-9e07-8d82a8042e61", "description": "For the portion of the control satisfied by the service provider, describe **how** the control is met." }, { "component-uuid": "88b8d7bb-ba23-4430-bf62-028eab822050", "uuid": "6bc3915b-2bd4-4ca2-bff6-347569c0f122", "description": "Describe how this policy component satisfies part a.\n\nComponent approach. This links to a component representing the Policy.\n\nThat component contains a link to the policy, so it does not have to be linked here too." }, { "component-uuid": "fa90644a-8bf8-47da-b0d3-82bffc708afc", "uuid": "60d7a330-bddb-4d60-86d3-204933594cbe", "description": "Describe how this procedure component satisfies part a.\n\nComponent approach. This links to a component representing the procedure.\n\nThat component contains a link to the procedure, so it does not have to be linked here too." } ] }, { "statement-id": "pe-1_smt.b.1", "uuid": "a37f91e2-190d-40f7-829c-39776c14c8b4", "by-components": [ { "component-uuid": "60f92bcf-f353-4236-9803-2a5d417555f4", "uuid": "bbd2b372-b57d-4a3a-90c2-2189dd23664b", "description": "For the portion of the control satisfied by the service provider, describe **how** the control is met." } ] }, { "statement-id": "pe-1_smt.b.2", "uuid": "f3d57138-916c-4064-b2fc-aa8dd76849f8", "by-components": [ { "component-uuid": "60f92bcf-f353-4236-9803-2a5d417555f4", "uuid": "f4a94538-220f-4f73-9487-73b72b68813e", "description": "For the portion of the control satisfied by the service provider, describe **how** the control is met." } ] } ] }, { "uuid": "97ba1f95-92a8-480b-a489-960661e4206b", "control-id": "pl-1", "props": [ { "name": "planned-completion-date", "ns": "https://fedramp.gov/ns/oscal", "value": "2024-01-31Z" }, { "name": "implementation-status", "ns": "https://fedramp.gov/ns/oscal", "value": "planned", "remarks": "Describe the plan to complete the implementation." }, { "name": "control-origination", "ns": "https://fedramp.gov/ns/oscal", "value": "sp-system" } ], "links": [ { "href": "#de28452-4b02-4b49-b316-59142a7633c1", "rel": "policy" }, { "href": "#937dfbb6-9d82-4974-be85-23f1e4b130d8", "rel": "procedure" } ], "responsible-roles": [ { "role-id": "information-system-security-officer", "party-uuids": [ "36b8d6c0-3b25-42cc-b529-cf4066145cdd" ] } ], "statements": [ { "statement-id": "pl-1_smt", "uuid": "0acd7328-133f-4df8-8518-b9b3cb3bd4ed", "by-components": [ { "component-uuid": "60f92bcf-f353-4236-9803-2a5d417555f4", "uuid": "50a9c8fa-53a8-4f6a-a75f-cfa7ea6f5a7a", "description": "Describe how the control is satisfied within the system.", "set-parameters": [ { "param-id": "pl-1_prm_1", "values": [ "organization-defined personnel or roles" ] }, { "param-id": "pl-1_prm_2", "values": [ "at least every 3 years" ] }, { "param-id": "pl-1_prm_3", "values": [ "at least annually" ] } ] } ] }, { "statement-id": "pl-1_smt.a", "uuid": "ec7af577-ff22-46bf-ac0a-cf9d75c72ebb", "by-components": [ { "component-uuid": "60f92bcf-f353-4236-9803-2a5d417555f4", "uuid": "679837fb-601e-4517-abe6-11ff6fc551b4", "description": "For the portion of the control satisfied by the service provider, describe **how** the control is met." }, { "component-uuid": "88b8d7bb-ba23-4430-bf62-028eab822050", "uuid": "6f825ee7-c8e4-48d9-8a07-c3b1dfad6e30", "description": "Describe how this policy component satisfies part a.\n\nComponent approach. This links to a component representing the Policy.\n\nThat component contains a link to the policy, so it does not have to be linked here too." }, { "component-uuid": "fa90644a-8bf8-47da-b0d3-82bffc708afc", "uuid": "4aaa5534-0fd3-4ba7-8832-e48f36e8b2c6", "description": "Describe how this procedure component satisfies part a.\n\nComponent approach. This links to a component representing the procedure.\n\nThat component contains a link to the procedure, so it does not have to be linked here too." } ] }, { "statement-id": "pl-1_smt.b.1", "uuid": "438f3e29-670a-49f2-8b9f-05d951318294", "by-components": [ { "component-uuid": "60f92bcf-f353-4236-9803-2a5d417555f4", "uuid": "ddce2988-ce9b-4f15-a427-6f18e4ba1817", "description": "For the portion of the control satisfied by the service provider, describe **how** the control is met." } ] }, { "statement-id": "pl-1_smt.b.2", "uuid": "96a4d13c-bd2b-4038-96c5-0f923f404bbd", "by-components": [ { "component-uuid": "60f92bcf-f353-4236-9803-2a5d417555f4", "uuid": "18d7c02e-f21b-4cd2-bf33-d27971ced47f", "description": "For the portion of the control satisfied by the service provider, describe **how** the control is met." } ] } ] }, { "uuid": "5e7498de-b540-4a28-b041-4381b023e98a", "control-id": "ps-1", "props": [ { "name": "planned-completion-date", "ns": "https://fedramp.gov/ns/oscal", "value": "2024-01-31Z" }, { "name": "implementation-status", "ns": "https://fedramp.gov/ns/oscal", "value": "planned", "remarks": "Describe the plan to complete the implementation." }, { "name": "control-origination", "ns": "https://fedramp.gov/ns/oscal", "value": "sp-system" } ], "links": [ { "href": "#34f3388e-e5b2-4d85-b050-19f62dba6d7e", "rel": "policy" }, { "href": "#552dec25-74a9-4cbe-b3b0-f865d99bfa9d", "rel": "procedure" } ], "responsible-roles": [ { "role-id": "information-system-security-officer", "party-uuids": [ "36b8d6c0-3b25-42cc-b529-cf4066145cdd" ] } ], "statements": [ { "statement-id": "ps-1_smt", "uuid": "98f8537b-cce1-4904-b220-02552eae76e5", "by-components": [ { "component-uuid": "60f92bcf-f353-4236-9803-2a5d417555f4", "uuid": "f0c81ea6-7063-42b5-8adb-92e28eb030e9", "description": "Describe how the control is satisfied within the system.", "set-parameters": [ { "param-id": "ps-1_prm_1", "values": [ "organization-defined personnel or roles" ] }, { "param-id": "ps-1_prm_2", "values": [ "at least every 3 years" ] }, { "param-id": "ps-1_prm_3", "values": [ "at least annually" ] } ] } ] }, { "statement-id": "ps-1_smt.a", "uuid": "afe1703d-5e59-460b-b048-41b49699c5a1", "by-components": [ { "component-uuid": "60f92bcf-f353-4236-9803-2a5d417555f4", "uuid": "7d6cafb2-b613-4807-ad61-4f0f649bd5ee", "description": "For the portion of the control satisfied by the service provider, describe **how** the control is met." }, { "component-uuid": "88b8d7bb-ba23-4430-bf62-028eab822050", "uuid": "3249a317-4997-40e7-910a-40830bc984a1", "description": "Describe how this policy component satisfies part a.\n\nComponent approach. This links to a component representing the Policy.\n\nThat component contains a link to the policy, so it does not have to be linked here too." }, { "component-uuid": "fa90644a-8bf8-47da-b0d3-82bffc708afc", "uuid": "3c330caf-d489-49fd-a18f-d08f067deb64", "description": "Describe how this procedure component satisfies part a.\n\nComponent approach. This links to a component representing the procedure.\n\nThat component contains a link to the procedure, so it does not have to be linked here too." } ] }, { "statement-id": "ps-1_smt.b.1", "uuid": "956c93e2-cf8f-482c-aaf7-91ab44c7cbd6", "by-components": [ { "component-uuid": "60f92bcf-f353-4236-9803-2a5d417555f4", "uuid": "f4fbfbc2-1a94-456d-a713-9d547f18a0c7", "description": "For the portion of the control satisfied by the service provider, describe **how** the control is met." } ] }, { "statement-id": "ps-1_smt.b.2", "uuid": "6926c688-3fb2-4ab8-9acb-cff0b5acd365", "by-components": [ { "component-uuid": "60f92bcf-f353-4236-9803-2a5d417555f4", "uuid": "2f9c701a-0f3e-4e3d-beae-debb08c406ed", "description": "For the portion of the control satisfied by the service provider, describe **how** the control is met." } ] } ] }, { "uuid": "789e6c0f-acda-4a94-9b48-7d41dd4c607c", "control-id": "ra-1", "props": [ { "name": "planned-completion-date", "ns": "https://fedramp.gov/ns/oscal", "value": "2024-01-31Z" }, { "name": "implementation-status", "ns": "https://fedramp.gov/ns/oscal", "value": "planned", "remarks": "Describe the plan to complete the implementation." }, { "name": "control-origination", "ns": "https://fedramp.gov/ns/oscal", "value": "sp-system" } ], "links": [ { "href": "#53fbc1b6-0f3c-4298-9554-da5acfef3a5a", "rel": "policy" }, { "href": "#1a852337-d28f-4a66-a367-68aebec35698", "rel": "procedure" } ], "responsible-roles": [ { "role-id": "information-system-security-officer", "party-uuids": [ "36b8d6c0-3b25-42cc-b529-cf4066145cdd" ] } ], "statements": [ { "statement-id": "ra-1_smt", "uuid": "ffb439c2-3445-495c-ba10-ba0ca4e30465", "by-components": [ { "component-uuid": "60f92bcf-f353-4236-9803-2a5d417555f4", "uuid": "b36613ac-b0ea-459d-b5a2-2fc574d1185a", "description": "Describe how the control is satisfied within the system.", "set-parameters": [ { "param-id": "ra-1_prm_1", "values": [ "organization-defined personnel or roles" ] }, { "param-id": "ra-1_prm_2", "values": [ "at least every 3 years" ] }, { "param-id": "ra-1_prm_3", "values": [ "at least annually" ] } ] } ] }, { "statement-id": "ra-1_smt.a", "uuid": "8fe541ea-0920-42d0-8561-4e08f04d796c", "by-components": [ { "component-uuid": "60f92bcf-f353-4236-9803-2a5d417555f4", "uuid": "5894d92b-05bf-4fc4-85dc-f5c37e112bc4", "description": "For the portion of the control satisfied by the service provider, describe **how** the control is met." }, { "component-uuid": "88b8d7bb-ba23-4430-bf62-028eab822050", "uuid": "a6495df7-aec6-496d-93db-f844f561dc87", "description": "Describe how this policy component satisfies part a.\n\nComponent approach. This links to a component representing the Policy.\n\nThat component contains a link to the policy, so it does not have to be linked here too." }, { "component-uuid": "fa90644a-8bf8-47da-b0d3-82bffc708afc", "uuid": "17b75f6d-5e68-4c18-972f-f98d51452c3c", "description": "Describe how this procedure component satisfies part a.\n\nComponent approach. This links to a component representing the procedure.\n\nThat component contains a link to the procedure, so it does not have to be linked here too." } ] }, { "statement-id": "ra-1_smt.b.1", "uuid": "b0e9ed47-fe83-485d-8d79-979833543a83", "by-components": [ { "component-uuid": "60f92bcf-f353-4236-9803-2a5d417555f4", "uuid": "c90ad6ee-5a40-4996-8e6c-d85ff3f7559e", "description": "For the portion of the control satisfied by the service provider, describe **how** the control is met." } ] }, { "statement-id": "ra-1_smt.b.2", "uuid": "d9a38f95-ded1-4d1d-afe2-242987222ebd", "by-components": [ { "component-uuid": "60f92bcf-f353-4236-9803-2a5d417555f4", "uuid": "d6f6ac98-4f15-45f2-9ecc-4447e96af44f", "description": "For the portion of the control satisfied by the service provider, describe **how** the control is met." } ] } ] }, { "uuid": "55358f60-db9b-4d75-a313-5fa6c328273c", "control-id": "sa-1", "props": [ { "name": "planned-completion-date", "ns": "https://fedramp.gov/ns/oscal", "value": "2024-01-31Z" }, { "name": "implementation-status", "ns": "https://fedramp.gov/ns/oscal", "value": "planned", "remarks": "Describe the plan to complete the implementation." }, { "name": "control-origination", "ns": "https://fedramp.gov/ns/oscal", "value": "sp-system" } ], "links": [ { "href": "#f969f849-8920-4325-9abe-dcc7133518d6", "rel": "policy" }, { "href": "#4a59a06d-3b1b-410f-b067-3fe1dab083f2", "rel": "procedure" } ], "responsible-roles": [ { "role-id": "information-system-security-officer", "party-uuids": [ "36b8d6c0-3b25-42cc-b529-cf4066145cdd" ] } ], "statements": [ { "statement-id": "sa-1_smt", "uuid": "d0dc3f13-50cc-40d1-a980-fe78797c7417", "by-components": [ { "component-uuid": "60f92bcf-f353-4236-9803-2a5d417555f4", "uuid": "8c9ac356-b5ef-4be2-a540-35ce69faef42", "description": "Describe how the control is satisfied within the system.", "set-parameters": [ { "param-id": "sa-1_prm_1", "values": [ "organization-defined personnel or roles" ] }, { "param-id": "sa-1_prm_2", "values": [ "at least every 3 years" ] }, { "param-id": "sa-1_prm_3", "values": [ "at least annually" ] } ] } ] }, { "statement-id": "sa-1_smt.a", "uuid": "ae3f64be-2e62-4347-b06a-727bc28e4f9b", "by-components": [ { "component-uuid": "60f92bcf-f353-4236-9803-2a5d417555f4", "uuid": "e5864f16-83f2-4faf-b7be-0810c6e58fc4", "description": "For the portion of the control satisfied by the service provider, describe **how** the control is met." }, { "component-uuid": "88b8d7bb-ba23-4430-bf62-028eab822050", "uuid": "8a0a4aed-578d-4967-86c7-c1a42312e2f7", "description": "Describe how this policy component satisfies part a.\n\nComponent approach. This links to a component representing the Policy.\n\nThat component contains a link to the policy, so it does not have to be linked here too." }, { "component-uuid": "fa90644a-8bf8-47da-b0d3-82bffc708afc", "uuid": "5cf0732e-ab06-4320-968e-7a86870ecd5d", "description": "Describe how this procedure component satisfies part a.\n\nComponent approach. This links to a component representing the procedure.\n\nThat component contains a link to the procedure, so it does not have to be linked here too." } ] }, { "statement-id": "sa-1_smt.b.1", "uuid": "959519a9-3e12-47bc-8d76-50d9ab0b6544", "by-components": [ { "component-uuid": "60f92bcf-f353-4236-9803-2a5d417555f4", "uuid": "bed8f51a-1773-493c-8167-c83712e03f01", "description": "For the portion of the control satisfied by the service provider, describe **how** the control is met." } ] }, { "statement-id": "sa-1_smt.b.2", "uuid": "9daa3848-9672-469c-9aa0-f363e3339123", "by-components": [ { "component-uuid": "60f92bcf-f353-4236-9803-2a5d417555f4", "uuid": "518d4987-9436-4c1f-9e07-afa6b332f124", "description": "For the portion of the control satisfied by the service provider, describe **how** the control is met." } ] } ] }, { "uuid": "9e2852c6-f48a-47b2-9ea5-77cbbb42b365", "control-id": "sc-1", "props": [ { "name": "planned-completion-date", "ns": "https://fedramp.gov/ns/oscal", "value": "2024-01-31Z" }, { "name": "implementation-status", "ns": "https://fedramp.gov/ns/oscal", "value": "planned", "remarks": "Describe the plan to complete the implementation." }, { "name": "control-origination", "ns": "https://fedramp.gov/ns/oscal", "value": "sp-system" } ], "links": [ { "href": "#03ae437f-fffc-48e3-81f1-4040fce2d6e3", "rel": "policy" }, { "href": "#936093ce-a567-4592-8fcc-eeeef024cdd4", "rel": "procedure" } ], "responsible-roles": [ { "role-id": "information-system-security-officer", "party-uuids": [ "36b8d6c0-3b25-42cc-b529-cf4066145cdd" ] } ], "statements": [ { "statement-id": "sc-1_smt", "uuid": "3f1307fa-7405-42ea-a9ad-61b7a94bc704", "by-components": [ { "component-uuid": "60f92bcf-f353-4236-9803-2a5d417555f4", "uuid": "8c52b949-a7ad-4bef-9da2-b342cef3dc45", "description": "Describe how the control is satisfied within the system.", "set-parameters": [ { "param-id": "sc-1_prm_1", "values": [ "organization-defined personnel or roles" ] }, { "param-id": "sc-1_prm_2", "values": [ "at least every 3 years" ] }, { "param-id": "sc-1_prm_3", "values": [ "at least annually" ] } ] } ] }, { "statement-id": "sc-1_smt.a", "uuid": "5e2e8372-c13b-4cf5-90c5-e8833a9fe241", "by-components": [ { "component-uuid": "60f92bcf-f353-4236-9803-2a5d417555f4", "uuid": "88cfadba-043b-483b-8032-73344aa53c96", "description": "For the portion of the control satisfied by the service provider, describe **how** the control is met." }, { "component-uuid": "88b8d7bb-ba23-4430-bf62-028eab822050", "uuid": "7a673b8a-4c21-49b0-89bd-216753af6bbc", "description": "Describe how this policy component satisfies part a.\n\nComponent approach. This links to a component representing the Policy.\n\nThat component contains a link to the policy, so it does not have to be linked here too." }, { "component-uuid": "fa90644a-8bf8-47da-b0d3-82bffc708afc", "uuid": "b1b50bf8-58ae-4e93-a5f6-b6f0b8b1d7af", "description": "Describe how this procedure component satisfies part a.\n\nComponent approach. This links to a component representing the procedure.\n\nThat component contains a link to the procedure, so it does not have to be linked here too." } ] }, { "statement-id": "sc-1_smt.b.1", "uuid": "8166980a-86c0-497d-87e4-453adfd0d4bd", "by-components": [ { "component-uuid": "60f92bcf-f353-4236-9803-2a5d417555f4", "uuid": "9abaeb64-56d2-48a1-bd8d-7b55411d31ca", "description": "For the portion of the control satisfied by the service provider, describe **how** the control is met." } ] }, { "statement-id": "sc-1_smt.b.2", "uuid": "eeea34ff-18ab-4c35-bf32-c74dbf746e7b", "by-components": [ { "component-uuid": "60f92bcf-f353-4236-9803-2a5d417555f4", "uuid": "ad20ff50-8a7c-4ffc-a918-260960f6fb42", "description": "For the portion of the control satisfied by the service provider, describe **how** the control is met." } ] } ] }, { "uuid": "81ba4fe8-1649-437b-9ecf-367fd87336e6", "control-id": "si-1", "props": [ { "name": "planned-completion-date", "ns": "https://fedramp.gov/ns/oscal", "value": "2024-01-31Z" }, { "name": "implementation-status", "ns": "https://fedramp.gov/ns/oscal", "value": "planned", "remarks": "Describe the plan to complete the implementation." }, { "name": "control-origination", "ns": "https://fedramp.gov/ns/oscal", "value": "sp-system" } ], "links": [ { "href": "#7a5ee0b7-402c-487f-8ac7-e1735b991674", "rel": "policy" }, { "href": "#ac953d62-a392-499f-b832-b90b325cceb6", "rel": "procedure" } ], "responsible-roles": [ { "role-id": "information-system-security-officer", "party-uuids": [ "36b8d6c0-3b25-42cc-b529-cf4066145cdd" ] } ], "statements": [ { "statement-id": "si-1_smt", "uuid": "9e061e1e-10fa-4896-8597-294d8fd8e52a", "by-components": [ { "component-uuid": "60f92bcf-f353-4236-9803-2a5d417555f4", "uuid": "663f84e5-9c13-49a5-b7de-25ced4e8aef8", "description": "Describe how the control is satisfied within the system.", "set-parameters": [ { "param-id": "si-1_prm_1", "values": [ "organization-defined personnel or roles" ] }, { "param-id": "si-1_prm_2", "values": [ "at least every 3 years" ] }, { "param-id": "si-1_prm_3", "values": [ "at least annually" ] } ] } ] }, { "statement-id": "si-1_smt.a", "uuid": "915b10d2-2275-4d86-951a-eec23f9ee77a", "by-components": [ { "component-uuid": "60f92bcf-f353-4236-9803-2a5d417555f4", "uuid": "682311e7-e3f7-4d94-acf9-131149887fda", "description": "For the portion of the control satisfied by the service provider, describe **how** the control is met." }, { "component-uuid": "88b8d7bb-ba23-4430-bf62-028eab822050", "uuid": "e671969f-12b4-4db2-9c11-336065eb78ec", "description": "Describe how this policy component satisfies part a.\n\nComponent approach. This links to a component representing the Policy.\n\nThat component contains a link to the policy, so it does not have to be linked here too." }, { "component-uuid": "fa90644a-8bf8-47da-b0d3-82bffc708afc", "uuid": "ebf7568d-97cb-4316-8a90-9beb667d2e91", "description": "Describe how this procedure component satisfies part a.\n\nComponent approach. This links to a component representing the procedure.\n\nThat component contains a link to the procedure, so it does not have to be linked here too." } ] }, { "statement-id": "si-1_smt.b.1", "uuid": "2a5a6f7f-aeea-4ea4-be1e-859df4bf7521", "by-components": [ { "component-uuid": "60f92bcf-f353-4236-9803-2a5d417555f4", "uuid": "80ee0fe9-7f87-4dfa-887a-ac3bb2131943", "description": "For the portion of the control satisfied by the service provider, describe **how** the control is met." } ] }, { "statement-id": "si-1_smt.b.2", "uuid": "c152bbde-57fc-4864-ac51-861bd8bb83b4", "by-components": [ { "component-uuid": "60f92bcf-f353-4236-9803-2a5d417555f4", "uuid": "78e8f2bb-67d7-49d3-a993-ce4bedcfbc47", "description": "For the portion of the control satisfied by the service provider, describe **how** the control is met." } ] } ] }, { "uuid": "f33674dc-d16f-4a8c-8902-b8e60f947ce7", "control-id": "si-8", "props": [ { "name": "control-origination", "ns": "https://fedramp.gov/ns/oscal", "value": "sp-system" }, { "name": "implementation-status", "ns": "https://fedramp.gov/ns/oscal", "value": "implemented" } ], "responsible-roles": [ { "role-id": "asset-administrator", "party-uuids": [ "59cdc953-5902-4fa4-a878-f3163854624c" ] } ], "statements": [ { "statement-id": "si-8_smt", "uuid": "9e061e1e-10fa-4896-8597-294d8fd8e52b", "by-components": [ { "component-uuid": "60f92bcf-f353-4236-9803-2a5d417555f5", "uuid": "d63e6f79-c7c5-455b-8b42-8c60c4e7939b", "description": "Describe how the control is satisfied within the system.\n\nDMARC is employed.\n\nSPF is employed.\n\nDKIM is employed.", "set-parameters": [ { "param-id": "si-8_prm_1", "values": [ "organization-defined personnel or roles" ] }, { "param-id": "si-8_prm_2", "values": [ "[specify frequency]" ] }, { "param-id": "si-8_prm_3", "values": [ "[specify frequency]" ] } ] } ] } ] }, { "uuid": "2286bf93-2664-4852-bc4c-e235ec076b94", "control-id": "sr-1", "props": [ { "name": "planned-completion-date", "ns": "https://fedramp.gov/ns/oscal", "value": "2024-01-31Z" }, { "name": "implementation-status", "ns": "https://fedramp.gov/ns/oscal", "value": "planned", "remarks": "Describe the plan to complete the implementation." }, { "name": "control-origination", "ns": "https://fedramp.gov/ns/oscal", "value": "sp-system" } ], "links": [ { "href": "#7d440e15-ca4d-4e4a-8fcc-50bb05ffa2fd", "rel": "policy" }, { "href": "#b2aaedad-5ff0-4b0c-b490-bbe64b2033b0", "rel": "procedure" } ], "responsible-roles": [ { "role-id": "information-system-security-officer", "party-uuids": [ "36b8d6c0-3b25-42cc-b529-cf4066145cdd" ] } ], "statements": [ { "statement-id": "sr-1_smt", "uuid": "ea3cc181-1a55-4350-94a6-faf42f003045", "by-components": [ { "component-uuid": "60f92bcf-f353-4236-9803-2a5d417555f4", "uuid": "ea3cc181-1a55-4350-94a6-faf42f003045", "description": "Describe how the control is satisfied within the system.", "set-parameters": [ { "param-id": "sr-1_prm_1", "values": [ "to include chief privacy and ISSO and/or similar role or designees" ] }, { "param-id": "sr-1_prm_2", "values": [ "at least every 3 years" ] }, { "param-id": "sr-1_prm_3", "values": [ "at least annually" ] } ] } ] }, { "statement-id": "sr-1_smt.a", "uuid": "76bc5347-1fbd-4386-a839-ac042e59ac82", "by-components": [ { "component-uuid": "60f92bcf-f353-4236-9803-2a5d417555f4", "uuid": "319cc842-aebc-4625-8cfe-1586e57148a5", "description": "For the portion of the control satisfied by the service provider, describe **how** the control is met." }, { "component-uuid": "88b8d7bb-ba23-4430-bf62-028eab822050", "uuid": "51c4938e-7239-4b6f-ac7a-226719347d54", "description": "Describe how this policy component satisfies part a.\n\nComponent approach. This links to a component representing the Policy.\n\nThat component contains a link to the policy, so it does not have to be linked here too." }, { "component-uuid": "fa90644a-8bf8-47da-b0d3-82bffc708afc", "uuid": "73b85fca-3995-447a-a47f-23531335ea58", "description": "Describe how this procedure component satisfies part a.\n\nComponent approach. This links to a component representing the procedure.\n\nThat component contains a link to the procedure, so it does not have to be linked here too." } ] } ] } ] }, "back-matter": { "resources": [ { "uuid": "ace2963d-ecb4-4be5-bdd0-1f6fd7610f41", "title": "Resolution Resource", "props": [ { "name": "dataset", "value": "Special Publication", "class": "collection" }, { "name": "dataset", "value": "800-53", "class": "name" }, { "name": "dataset", "value": "5.0.2", "class": "version" }, { "name": "dataset", "value": "gov.nist.csrc", "class": "organization" } ], "remarks": "This \\\"resolution resource\\\" is used by FedRAMP as a local, authoritative indicator of what version SSP (rev 4 or rev 5) this OSCAL document is for." }, { "uuid": "2ff2eb61-d8b3-4d17-8257-727468329c82", "description": "SSP Signature", "props": [ { "name": "type", "ns": "https://fedramp.gov/ns/oscal", "value": "signed-ssp" } ], "rlinks": [ { "href": "./signed-ssp.pdf", "media-type": "application/pdf" } ], "base64": { "filename": "ssp.pdf", "media-type": "application/pdf", "value": "00000000" }, "remarks": "FedRAMP is formulating guidelines for handling digital/electronic signatures in OSCAL, and welcome feedback on solutions.\n\nFor now, FedRAMP recommends one of the following:\n\n* Render the OSCAL SSP content as a PDF that is digitally signed and attached.\n* Render the OSCAL SSP content as a printed page that is physically signed, scanned, and attached.\n\n\nIf your organization prefers another approach, please seek prior approval from the FedRAMP PMO." }, { "uuid": "985475ee-d4d6-4581-8fdf-d84d3d8caa48", "title": "FedRAMP Applicable Laws and Regulations", "props": [ { "name": "type", "ns": "https://fedramp.gov/ns/oscal", "value": "fedramp-citations" } ], "rlinks": [ { "href": "https://www.fedramp.gov/assets/resources/templates/SSP-A12-FedRAMP-Laws-and-Regulations-Template.xlsx" } ], "base64": { "filename": "SSP-A12-FedRAMP-Laws-and-Regulations-Template.xlsx", "media-type": "application/vnd.ms-excel", "value": "00000000" }, "remarks": "Must be present in a FedRAMP SAP." }, { "uuid": "1a23a771-d481-4594-9a1a-71d584fa4123", "title": "FedRAMP Master Acronym and Glossary", "props": [ { "name": "type", "ns": "https://fedramp.gov/ns/oscal", "value": "fedramp-acronyms" } ], "rlinks": [ { "href": "https://www.fedramp.gov/assets/resources/documents/FedRAMP_Master_Acronym_and_Glossary.pdf" } ], "base64": { "filename": "FedRAMP_Master_Acronym_and_Glossary.pdf", "media-type": "application/pdf", "value": "00000000" }, "remarks": "Must be present in a FedRAMP SSP." }, { "uuid": "330bac69-5840-479a-981b-afda037d7a6f", "title": "Access Control Policy Title", "description": "AC Policy document", "props": [ { "name": "type", "value": "policy", "class": "ac" }, { "name": "published", "value": "2023-01-01T00:00:00Z" }, { "name": "version", "value": "Document Version" } ], "rlinks": [ { "href": "./documents/policies/sample_AC_policy.pdf", "media-type": "application/pdf" } ], "base64": { "filename": "sample_policy.pdf", "media-type": "application/pdf", "value": "00000000" }, "remarks": "Table 12-1 Attachments: Policy Attachment\n\nMay use `rlink` with a relative path, or embedded as `base64`." }, { "uuid": "184d2fc9-6c9e-4302-acb3-8c24f6843c79", "title": "Awareness and Training Policy Title", "description": "AT Policy document", "props": [ { "name": "type", "value": "policy", "class": "at" }, { "name": "published", "value": "2023-01-01T00:00:00Z" }, { "name": "version", "value": "Document Version" } ], "rlinks": [ { "href": "./documents/policies/sample_AT_policy.pdf", "media-type": "application/pdf" } ], "base64": { "filename": "sample_policy.pdf", "media-type": "application/pdf", "value": "00000000" }, "remarks": "Table 12-1 Attachments: Policy Attachment\n\nMay use `rlink` with a relative path, or embedded as `base64`." }, { "uuid": "64977a9e-cd62-4c04-891e-7943e9046179", "title": "Audit and Accountability Policy Title", "description": "AU Policy document", "props": [ { "name": "type", "value": "policy", "class": "au" }, { "name": "published", "value": "2023-01-01T00:00:00Z" }, { "name": "version", "value": "Document Version" } ], "rlinks": [ { "href": "./documents/policies/sample_AU_policy.pdf", "media-type": "application/pdf" } ], "base64": { "filename": "sample_policy.pdf", "media-type": "application/pdf", "value": "00000000" }, "remarks": "Table 12-1 Attachments: Policy Attachment\n\nMay use `rlink` with a relative path, or embedded as `base64`." }, { "uuid": "f81fe324-844f-4b53-b915-8c72b6fde8cf", "title": "Security Assessment and Authorization Policy Title", "description": "CA Policy document", "props": [ { "name": "type", "value": "policy", "class": "ca" }, { "name": "published", "value": "2023-01-01T00:00:00Z" }, { "name": "version", "value": "Document Version" } ], "rlinks": [ { "href": "./documents/policies/sample_CA_policy.pdf", "media-type": "application/pdf" } ], "base64": { "filename": "sample_policy.pdf", "media-type": "application/pdf", "value": "00000000" }, "remarks": "Table 12-1 Attachments: Policy Attachment\n\nMay use `rlink` with a relative path, or embedded as `base64`." }, { "uuid": "eb4467a5-c3ca-4cac-9181-557886d7d1dc", "title": "Configuration Management Policy Title", "description": "CM Policy document", "props": [ { "name": "type", "value": "policy", "class": "cm" }, { "name": "published", "value": "2023-01-01T00:00:00Z" }, { "name": "version", "value": "Document Version" } ], "rlinks": [ { "href": "./documents/policies/sample_CM_policy.pdf", "media-type": "application/pdf" } ], "base64": { "filename": "sample_policy.pdf", "media-type": "application/pdf", "value": "00000000" }, "remarks": "Table 12-1 Attachments: Policy Attachment\n\nMay use `rlink` with a relative path, or embedded as `base64`." }, { "uuid": "4c4395c5-a126-4b77-8c62-cac98c563915", "title": "Contingency Planning Policy Title", "description": "CP Policy document", "props": [ { "name": "type", "value": "policy", "class": "cp" }, { "name": "published", "value": "2023-01-01T00:00:00Z" }, { "name": "version", "value": "Document Version" } ], "rlinks": [ { "href": "./documents/policies/sample_CP_policy.pdf", "media-type": "application/pdf" } ], "base64": { "filename": "sample_policy.pdf", "media-type": "application/pdf", "value": "00000000" }, "remarks": "Table 12-1 Attachments: Policy Attachment\n\nMay use `rlink` with a relative path, or embedded as `base64`." }, { "uuid": "f6070655-ac54-4c4c-847e-d073bcf23baf", "title": "Identification and Authentication Policy Title", "description": "IA Policy document", "props": [ { "name": "type", "value": "policy", "class": "ia" }, { "name": "published", "value": "2023-01-01T00:00:00Z" }, { "name": "version", "value": "Document Version" } ], "rlinks": [ { "href": "./documents/policies/sample_IA_policy.pdf", "media-type": "application/pdf" } ], "base64": { "filename": "sample_policy.pdf", "media-type": "application/pdf", "value": "00000000" }, "remarks": "Table 12-1 Attachments: Policy Attachment\n\nMay use `rlink` with a relative path, or embedded as `base64`." }, { "uuid": "e39a9f53-984b-429f-a062-a815228c6687", "title": "Incident Response Policy Title", "description": "IR Policy document", "props": [ { "name": "type", "value": "policy", "class": "ir" }, { "name": "published", "value": "2023-01-01T00:00:00Z" }, { "name": "version", "value": "Document Version" } ], "rlinks": [ { "href": "./documents/policies/sample_IR_policy.pdf", "media-type": "application/pdf" } ], "base64": { "filename": "sample_policy.pdf", "media-type": "application/pdf", "value": "00000000" }, "remarks": "Table 12-1 Attachments: Policy Attachment\n\nMay use `rlink` with a relative path, or embedded as `base64`." }, { "uuid": "8b009787-771c-4b02-9a8f-3f3b581e9464", "title": "Maintenance Policy Title", "description": "MA Policy document", "props": [ { "name": "type", "value": "policy", "class": "ma" }, { "name": "published", "value": "2023-01-01T00:00:00Z" }, { "name": "version", "value": "Document Version" } ], "rlinks": [ { "href": "./documents/policies/sample_MA_policy.pdf", "media-type": "application/pdf" } ], "base64": { "filename": "sample_policy.pdf", "media-type": "application/pdf", "value": "00000000" }, "remarks": "Table 12-1 Attachments: Policy Attachment\n\nMay use `rlink` with a relative path, or embedded as `base64`." }, { "uuid": "776b9f3b-2896-4118-87d9-7a5e62149afb", "title": "Media Protection Policy Title", "description": "MP Policy document", "props": [ { "name": "type", "value": "policy", "class": "mp" }, { "name": "published", "value": "2023-01-01T00:00:00Z" }, { "name": "version", "value": "Document Version" } ], "rlinks": [ { "href": "./documents/policies/sample_MP_policy.pdf", "media-type": "application/pdf" } ], "base64": { "filename": "sample_policy.pdf", "media-type": "application/pdf", "value": "00000000" }, "remarks": "Table 12-1 Attachments: Policy Attachment\n\nMay use `rlink` with a relative path, or embedded as `base64`." }, { "uuid": "a54bc32c-6bae-4c89-b5b4-9299c56893fb", "title": "Physical and Environmental Protection Policy Title", "description": "PE Policy document", "props": [ { "name": "type", "value": "policy", "class": "pe" }, { "name": "published", "value": "2023-01-01T00:00:00Z" }, { "name": "version", "value": "Document Version" } ], "rlinks": [ { "href": "./documents/policies/sample_PE_policy.pdf", "media-type": "application/pdf" } ], "base64": { "filename": "sample_policy.pdf", "media-type": "application/pdf", "value": "00000000" }, "remarks": "Table 12-1 Attachments: Policy Attachment\n\nMay use `rlink` with a relative path, or embedded as `base64`." }, { "uuid": "9de28452-4b02-4b49-b316-59142a7633c1", "title": "Planning Policy Title", "description": "PL Policy document", "props": [ { "name": "type", "value": "policy", "class": "pl" }, { "name": "published", "value": "2023-01-01T00:00:00Z" }, { "name": "version", "value": "Document Version" } ], "rlinks": [ { "href": "./documents/policies/sample_PL_policy.pdf", "media-type": "application/pdf" } ], "base64": { "filename": "sample_policy.pdf", "media-type": "application/pdf", "value": "00000000" }, "remarks": "Table 12-1 Attachments: Policy Attachment\n\nMay use `rlink` with a relative path, or embedded as `base64`." }, { "uuid": "34f3388e-e5b2-4d85-b050-19f62dba6d7e", "title": "Personnel Security Policy Title", "description": "PS Policy document", "props": [ { "name": "type", "value": "policy", "class": "ps" }, { "name": "published", "value": "2023-01-01T00:00:00Z" }, { "name": "version", "value": "Document Version" } ], "rlinks": [ { "href": "./documents/policies/sample_PS_policy.pdf" } ], "base64": { "filename": "sample_policy.pdf", "media-type": "application/pdf", "value": "00000000" }, "remarks": "Table 12-1 Attachments: Policy Attachment\n\nMay use `rlink` with a relative path, or embedded as `base64`." }, { "uuid": "53fbc1b6-0f3c-4298-9554-da5acfef3a5a", "title": "Risk Adjustment Policy Title", "description": "RA Policy document", "props": [ { "name": "type", "value": "policy", "class": "ra" }, { "name": "published", "value": "2023-01-01T00:00:00Z" }, { "name": "version", "value": "Document Version" } ], "rlinks": [ { "href": "./documents/policies/sample_RA_policy.pdf" } ], "base64": { "filename": "sample_policy.pdf", "media-type": "application/pdf", "value": "00000000" }, "remarks": "Table 12-1 Attachments: Policy Attachment\n\nMay use `rlink` with a relative path, or embedded as `base64`." }, { "uuid": "f969f849-8920-4325-9abe-dcc7133518d6", "title": "System and Service Acquisition Policy Title", "description": "SA Policy document", "props": [ { "name": "type", "value": "policy", "class": "sa" }, { "name": "published", "value": "2023-01-01T00:00:00Z" }, { "name": "version", "value": "Document Version" } ], "rlinks": [ { "href": "./documents/policies/sample_SA_policy.pdf" } ], "base64": { "filename": "sample_policy.pdf", "media-type": "application/pdf", "value": "00000000" }, "remarks": "Table 12-1 Attachments: Policy Attachment\n\nMay use `rlink` with a relative path, or embedded as `base64`." }, { "uuid": "03ae437f-fffc-48e3-81f1-4040fce2d6e3", "title": "System and Communications Protection Policy Title", "description": "SC Policy document", "props": [ { "name": "type", "value": "policy", "class": "sc" }, { "name": "published", "value": "2023-01-01T00:00:00Z" }, { "name": "version", "value": "Document Version" } ], "rlinks": [ { "href": "./documents/policies/sample_SC_policy.pdf" } ], "base64": { "filename": "sample_policy.pdf", "media-type": "application/pdf", "value": "00000000" }, "remarks": "Table 12-1 Attachments: Policy Attachment\n\nMay use `rlink` with a relative path, or embedded as `base64`." }, { "uuid": "7a5ee0b7-402c-487f-8ac7-e1735b991674", "title": "System and Information Integrity Policy Title", "description": "SI Policy document", "props": [ { "name": "type", "value": "policy", "class": "si" }, { "name": "published", "value": "2023-01-01T00:00:00Z" }, { "name": "version", "value": "Document Version" } ], "rlinks": [ { "href": "./documents/policies/sample_SI_policy.pdf" } ], "base64": { "filename": "sample_policy.pdf", "media-type": "application/pdf", "value": "00000000" }, "remarks": "Table 12-1 Attachments: Policy Attachment\n\nMay use `rlink` with a relative path, or embedded as `base64`." }, { "uuid": "7d440e15-ca4d-4e4a-8fcc-50bb05ffa2fd", "title": "Supply Chain Risk Policy Title", "description": "SR Policy document", "props": [ { "name": "type", "value": "policy", "class": "sr" }, { "name": "published", "value": "2023-01-01T00:00:00Z" }, { "name": "version", "value": "Document Version" } ], "rlinks": [ { "href": "./documents/policies/sample_SR_policy.pdf" } ], "base64": { "filename": "sample_policy.pdf", "media-type": "application/pdf", "value": "00000000" }, "remarks": "Table 12-1 Attachments: Policy Attachment\n\nMay use `rlink` with a relative path, or embedded as `base64`." }, { "uuid": "e1fa7a30-efb8-4738-b4e2-7fbeb86644cd", "title": "Access Control Procedure Title", "description": "AC Procedure document", "props": [ { "name": "type", "value": "procedure", "class": "ac" }, { "name": "published", "value": "2023-01-01T00:00:00Z" }, { "name": "version", "value": "Document Version" } ], "rlinks": [ { "href": "./documents/policies/sample_AC_procedure.pdf", "media-type": "application/pdf" } ], "base64": { "filename": "sample_procedure.pdf", "media-type": "application/pdf", "value": "00000000" }, "remarks": "Table 12-1 Attachments: Procedure Attachment\n\nMay use `rlink` with a relative path, or embedded as `base64`." }, { "uuid": "ce9f3af2-f4bc-47b5-bc25-df52a917748b", "title": "Awareness and Training Procedure Title", "description": "AT Procedure document", "props": [ { "name": "type", "value": "procedure", "class": "at" }, { "name": "published", "value": "2023-01-01T00:00:00Z" }, { "name": "version", "value": "Document Version" } ], "rlinks": [ { "href": "./documents/policies/sample_AT_procedure.pdf", "media-type": "application/pdf" } ], "base64": { "filename": "sample_procedure.pdf", "media-type": "application/pdf", "value": "00000000" }, "remarks": "Table 12-1 Attachments: Procedure Attachment\n\nMay use `rlink` with a relative path, or embedded as `base64`." }, { "uuid": "b1cdaad8-2127-4563-b248-3d2777307c4f", "title": "Audit and Accountability Procedure Title", "description": "AU Procedure document", "props": [ { "name": "type", "value": "procedure", "class": "au" }, { "name": "published", "value": "2023-01-01T00:00:00Z" }, { "name": "version", "value": "Document Version" } ], "rlinks": [ { "href": "./documents/policies/sample_AU_procedure.pdf", "media-type": "application/pdf" } ], "base64": { "filename": "sample_procedure.pdf", "media-type": "application/pdf", "value": "00000000" }, "remarks": "Table 12-1 Attachments: Procedure Attachment\n\nMay use `rlink` with a relative path, or embedded as `base64`." }, { "uuid": "a552272e-803c-40db-895c-5de35c76d871", "title": "Security Assessment and Authorization Procedure Title", "description": "CA Procedure document", "props": [ { "name": "type", "value": "procedure", "class": "ca" }, { "name": "published", "value": "2023-01-01T00:00:00Z" }, { "name": "version", "value": "Document Version" } ], "rlinks": [ { "href": "./documents/policies/sample_CA_procedure.pdf", "media-type": "application/pdf" } ], "base64": { "filename": "sample_procedure.pdf", "media-type": "application/pdf", "value": "00000000" }, "remarks": "Table 12-1 Attachments: Procedure Attachment\n\nMay use `rlink` with a relative path, or embedded as `base64`." }, { "uuid": "b4c87da0-0f96-4231-a3c1-2d1a9d0b99a3", "title": "Configuration Management Procedure Title", "description": "CM Procedure document", "props": [ { "name": "type", "value": "procedure", "class": "cm" }, { "name": "published", "value": "2023-01-01T00:00:00Z" }, { "name": "version", "value": "Document Version" } ], "rlinks": [ { "href": "./documents/policies/sample_CM_procedure.pdf", "media-type": "application/pdf" } ], "base64": { "filename": "sample_procedure.pdf", "media-type": "application/pdf", "value": "00000000" }, "remarks": "Table 12-1 Attachments: Procedure Attachment\n\nMay use `rlink` with a relative path, or embedded as `base64`." }, { "uuid": "2f1cb360-a743-4ebe-915a-27f215f44dc5", "title": "Contingency Planning Procedure Title", "description": "CP Procedure document", "props": [ { "name": "type", "value": "procedure", "class": "cp" }, { "name": "published", "value": "2023-01-01T00:00:00Z" }, { "name": "version", "value": "Document Version" } ], "rlinks": [ { "href": "./documents/policies/sample_CP_procedure.pdf", "media-type": "application/pdf" } ], "base64": { "filename": "sample_procedure.pdf", "media-type": "application/pdf", "value": "00000000" }, "remarks": "Table 12-1 Attachments: Procedure Attachment\n\nMay use `rlink` with a relative path, or embedded as `base64`." }, { "uuid": "08a6ab70-8c56-4713-ae9c-81fbb6594943", "title": "Identification and Authentication Procedure Title", "description": "IA Procedure document", "props": [ { "name": "type", "value": "procedure", "class": "ia" }, { "name": "published", "value": "2023-01-01T00:00:00Z" }, { "name": "version", "value": "Document Version" } ], "rlinks": [ { "href": "./documents/policies/sample_IA_procedure.pdf", "media-type": "application/pdf" } ], "base64": { "filename": "sample_procedure.pdf", "media-type": "application/pdf", "value": "00000000" }, "remarks": "Table 12-1 Attachments: Procedure Attachment\n\nMay use `rlink` with a relative path, or embedded as `base64`." }, { "uuid": "649eac51-c21b-4cb2-bd10-7828e0522e50", "title": "Incident Response Procedure Title", "description": "IR Procedure document", "props": [ { "name": "type", "value": "procedure", "class": "ir" }, { "name": "published", "value": "2023-01-01T00:00:00Z" }, { "name": "version", "value": "Document Version" } ], "rlinks": [ { "href": "./documents/policies/sample_IR_procedure.pdf", "media-type": "application/pdf" } ], "base64": { "filename": "sample_procedure.pdf", "media-type": "application/pdf", "value": "00000000" }, "remarks": "Table 12-1 Attachments: Procedure Attachment\n\nMay use `rlink` with a relative path, or embedded as `base64`." }, { "uuid": "fd29a63b-2a08-4d56-b91e-aadfa4c0f55b", "title": "Maintenance Procedure Title", "description": "MA Procedure document", "props": [ { "name": "type", "value": "procedure", "class": "ma" }, { "name": "published", "value": "2023-01-01T00:00:00Z" }, { "name": "version", "value": "Document Version" } ], "rlinks": [ { "href": "./documents/policies/sample_MA_procedure.pdf", "media-type": "application/pdf" } ], "base64": { "filename": "sample_procedure.pdf", "media-type": "application/pdf", "value": "00000000" }, "remarks": "Table 12-1 Attachments: Procedure Attachment\n\nMay use `rlink` with a relative path, or embedded as `base64`." }, { "uuid": "908175c9-7502-4ab4-b469-80450ed18a8b", "title": "Media Protection Procedure Title", "description": "MP Procedure document", "props": [ { "name": "type", "value": "procedure", "class": "mp" }, { "name": "published", "value": "2023-01-01T00:00:00Z" }, { "name": "version", "value": "Document Version" } ], "rlinks": [ { "href": "./documents/policies/sample_MP_procedure.pdf", "media-type": "application/pdf" } ], "base64": { "filename": "sample_procedure.pdf", "media-type": "application/pdf", "value": "00000000" }, "remarks": "Table 12-1 Attachments: Procedure Attachment\n\nMay use `rlink` with a relative path, or embedded as `base64`." }, { "uuid": "22522abe-fd09-4476-b09f-c6422b72bf12", "title": "Physical and Environmental Protection Procedure Title", "description": "PE Procedure document", "props": [ { "name": "type", "value": "procedure", "class": "pe" }, { "name": "published", "value": "2023-01-01T00:00:00Z" }, { "name": "version", "value": "Document Version" } ], "rlinks": [ { "href": "./documents/policies/sample_PE_procedure.pdf", "media-type": "application/pdf" } ], "base64": { "filename": "sample_procedure.pdf", "media-type": "application/pdf", "value": "00000000" }, "remarks": "Table 12-1 Attachments: Procedure Attachment\n\nMay use `rlink` with a relative path, or embedded as `base64`." }, { "uuid": "937dfbb6-9d82-4974-be85-23f1e4b130d8", "title": "Planning Procedure Title", "description": "PL Procedure document", "props": [ { "name": "type", "value": "procedure", "class": "pl" }, { "name": "published", "value": "2023-01-01T00:00:00Z" }, { "name": "version", "value": "Document Version" } ], "rlinks": [ { "href": "./documents/policies/sample_PL_procedure.pdf", "media-type": "application/pdf" } ], "base64": { "filename": "sample_procedure.pdf", "media-type": "application/pdf", "value": "00000000" }, "remarks": "Table 12-1 Attachments: Procedure Attachment\n\nMay use `rlink` with a relative path, or embedded as `base64`." }, { "uuid": "552dec25-74a9-4cbe-b3b0-f865d99bfa9d", "title": "Personnel Security Procedure Title", "description": "PS Procedure document", "props": [ { "name": "type", "value": "procedure", "class": "ps" }, { "name": "published", "value": "2023-01-01T00:00:00Z" }, { "name": "version", "value": "Document Version" } ], "rlinks": [ { "href": "./documents/policies/sample_PS_procedure.pdf" } ], "base64": { "filename": "sample_procedure.pdf", "media-type": "application/pdf", "value": "00000000" }, "remarks": "Table 12-1 Attachments: Procedure Attachment\n\nMay use `rlink` with a relative path, or embedded as `base64`." }, { "uuid": "1a852337-d28f-4a66-a367-68aebec35698", "title": "Risk Adjustment Procedure Title", "description": "RA Procedure document", "props": [ { "name": "type", "value": "procedure", "class": "ra" }, { "name": "published", "value": "2023-01-01T00:00:00Z" }, { "name": "version", "value": "Document Version" } ], "rlinks": [ { "href": "./documents/policies/sample_RA_procedure.pdf" } ], "base64": { "filename": "sample_procedure.pdf", "media-type": "application/pdf", "value": "00000000" }, "remarks": "Table 12-1 Attachments: Procedure Attachment\n\nMay use `rlink` with a relative path, or embedded as `base64`." }, { "uuid": "4a59a06d-3b1b-410f-b067-3fe1dab083f2", "title": "System and Service Acquisition Procedure Title", "description": "SA Procedure document", "props": [ { "name": "type", "value": "procedure", "class": "sa" }, { "name": "published", "value": "2023-01-01T00:00:00Z" }, { "name": "version", "value": "Document Version" } ], "rlinks": [ { "href": "./documents/policies/sample_SA_procedure.pdf" } ], "base64": { "filename": "sample_procedure.pdf", "media-type": "application/pdf", "value": "00000000" }, "remarks": "Table 12-1 Attachments: Procedure Attachment\n\nMay use `rlink` with a relative path, or embedded as `base64`." }, { "uuid": "936093ce-a567-4592-8fcc-eeeef024cdd4", "title": "System and Communications Protection Procedure Title", "description": "SC Procedure document", "props": [ { "name": "type", "value": "procedure", "class": "sc" }, { "name": "published", "value": "2023-01-01T00:00:00Z" }, { "name": "version", "value": "Document Version" } ], "rlinks": [ { "href": "./documents/policies/sample_SC_procedure.pdf" } ], "base64": { "filename": "sample_procedure.pdf", "media-type": "application/pdf", "value": "00000000" }, "remarks": "Table 12-1 Attachments: Procedure Attachment\n\nMay use `rlink` with a relative path, or embedded as `base64`." }, { "uuid": "ac953d62-a392-499f-b832-b90b325cceb6", "title": "System and Information Integrity Procedure Title", "description": "SI Procedure document", "props": [ { "name": "type", "value": "procedure", "class": "si" }, { "name": "published", "value": "2023-01-01T00:00:00Z" }, { "name": "version", "value": "Document Version" } ], "rlinks": [ { "href": "./documents/policies/sample_SI_procedure.pdf" } ], "base64": { "filename": "sample_procedure.pdf", "media-type": "application/pdf", "value": "00000000" }, "remarks": "Table 12-1 Attachments: Procedure Attachment\n\nMay use `rlink` with a relative path, or embedded as `base64`." }, { "uuid": "b2aaedad-5ff0-4b0c-b490-bbe64b2033b0", "title": "Supply Chain Risk Procedure Title", "description": "SR Procedure document", "props": [ { "name": "type", "value": "procedure", "class": "sr" }, { "name": "published", "value": "2023-01-01T00:00:00Z" }, { "name": "version", "value": "Document Version" } ], "rlinks": [ { "href": "./documents/policies/sample_SR_procedure.pdf" } ], "base64": { "filename": "sample_policy.pdf", "media-type": "application/pdf", "value": "00000000" }, "remarks": "Table 12-1 Attachments: Procedure Attachment\n\nMay use `rlink` with a relative path, or embedded as `base64`." }, { "uuid": "90a128ac-c850-48f6-8fff-a55692f80b41", "title": "User's Guide", "description": "User's Guide", "props": [ { "name": "type", "value": "users-guide" }, { "name": "published", "value": "2023-01-01T00:00:00Z" } ], "rlinks": [ { "href": "./documents/guides/sample_guide.pdf" } ], "remarks": "Table 12-1 Attachments: User's Guide Attachment\n\nMay use `rlink` with a relative path, or embedded as `base64`." }, { "uuid": "489112e1-57f2-4c29-8dd0-95b1442fbf3b", "title": "Document Title", "description": "Rules of Behavior", "props": [ { "name": "type", "value": "rules-of-behavior" }, { "name": "published", "value": "2023-01-01T00:00:00Z" }, { "name": "version", "value": "Document Version" } ], "rlinks": [ { "href": "./documents/rob.docx", "media-type": "application/msword" } ], "base64": { "filename": "rob.docx", "media-type": "application/msword", "value": "00000000" }, "remarks": "Table 12-1 Attachments: Rules of Behavior (ROB)\n\nMay use `rlink` with a relative path, or embedded as `base64`." }, { "uuid": "c7860916-f2f4-43aa-b578-d48cf8e6d381", "title": "Document Title", "description": "Contingency Plan (CP)", "props": [ { "name": "type", "value": "plan", "class": "information-system-contingency-plan" }, { "name": "published", "value": "2023-01-01T00:00:00Z" }, { "name": "version", "value": "Document Version" } ], "rlinks": [ { "href": "./documents/cp.docx", "media-type": "application/msword" } ], "base64": { "filename": "cp.docx", "media-type": "application/msword", "value": "00000000" }, "remarks": "Table 12-1 Attachments: Contingency Plan (CP) Attachment\n\nMay use `rlink` with a relative path, or embedded as `base64`." }, { "uuid": "ab56cf27-0dae-40d6-89b7-d750137309af", "title": "Document Title", "description": "Configuration Management (CM) Plan", "props": [ { "name": "type", "value": "plan", "class": "configuration-management-plan" }, { "name": "published", "value": "2023-01-01T00:00:00Z" }, { "name": "version", "value": "Document Version" } ], "rlinks": [ { "href": "./documents/CM_Plan.docx", "media-type": "application/msword" } ], "base64": { "filename": "CM_Plan.docx", "media-type": "application/msword", "value": "00000000" }, "remarks": "Table 12-1 Attachments: Configuration Management (CM) Plan Attachment\n\nMay use `rlink` with a relative path, or embedded as `base64`." }, { "uuid": "3f771ab5-8016-4571-98d1-f0fb962e15e2", "title": "Document Title", "description": "Incident Response (IR) Plan", "props": [ { "name": "type", "value": "plan", "class": "incident-response-plan" }, { "name": "published", "value": "2023-01-01T00:00:00Z" }, { "name": "version", "value": "Document Version" } ], "rlinks": [ { "href": "./documents/IR_Plan.docx", "media-type": "application/msword" } ], "base64": { "filename": "IR_Plan.docx", "media-type": "application/msword", "value": "00000000" }, "remarks": "Table 12-1 Attachments: Incident Response (IR) Plan Attachment\n\nMay use `rlink` with a relative path, or embedded as `base64`." }, { "uuid": "a8a0cc81-800f-479f-93d3-8b8743d9b98d", "title": "[SAMPLE] Laws and Regulations ", "props": [ { "name": "type", "value": "law" }, { "name": "published", "value": "2023-01-01T00:00:00Z" } ], "document-ids": [ { "scheme": "https://www.doi.org/", "identifier": "Identification Number" } ], "rlinks": [ { "href": "https://example.com/path/to/document.pdf" } ], "base64": { "filename": "document.pdf", "media-type": "application/pdf", "value": "00000000" } }, { "uuid": "47ba08df-d619-4f18-9daf-78d416eede79", "title": "Document Title", "description": "Continuous Monitoring Plan", "props": [ { "name": "type", "value": "plan", "class": "continuous-monitoring-plan" }, { "name": "published", "value": "2023-01-01T00:00:00Z" }, { "name": "version", "value": "Document Version" } ], "rlinks": [ { "href": "./documents/ConMon_Plan.docx", "media-type": "application/msword" } ], "base64": { "filename": "ConMon_Plan.docx", "media-type": "application/msword", "value": "00000000" }, "remarks": "Table 12-1 Attachments: Continuous Monitoring Plan Attachment\n\nMay use `rlink` with a relative path, or embedded as `base64`." }, { "uuid": "e33c2763-d661-4638-a630-bd9138af1238", "title": "[SAMPLE]Plan of Actions and Milestones (POAM)", "props": [ { "name": "published", "value": "2023-05-31T00:00:00Z" }, { "name": "version", "value": "Document Version" }, { "name": "type", "value": "plan", "class": "poam" } ], "rlinks": [ { "href": "./documents/POAMs/SAMPLE_POAM_20230531.json" } ], "base64": { "filename": "SAMPLE_POAM_20230531.xml", "media-type": "application/xml", "value": "00000000" } }, { "uuid": "bdbb4fef-505f-466b-810a-0a5ba03e9fc9", "title": "Supply Chain Risk Management Plan", "description": "Supply Chain Risk Management Plan", "props": [ { "name": "type", "value": "plan", "class": "scrmp" }, { "name": "published", "value": "2023-01-01T00:00:00Z" }, { "name": "version", "value": "Document Version" } ], "rlinks": [ { "href": "./documents/plans/sample_SCRMP_procedure.pdf" } ], "base64": { "filename": "sample_SCRMP.pdf", "media-type": "application/pdf", "value": "00000000" }, "remarks": "Table 12-1 Attachments: Procedure Attachment\n\nMay use `rlink` with a relative path, or embedded as `base64`." }, { "uuid": "9d6cf2b4-8e88-4040-a33c-7bc206553a1a", "title": "[SAMPLE]Interconnection Security Agreement Title", "props": [ { "name": "published", "value": "2023-01-01T00:00:00Z" }, { "name": "version", "value": "Document Version" }, { "name": "type", "value": "agreement", "class": "isa" } ], "rlinks": [ { "href": "./documents/ISAs/ISA-1.docx" } ], "base64": { "filename": "ISA-1.docx", "media-type": "application/msword", "value": "00000000" } }, { "uuid": "a2381e87-3d04-4108-a30b-b4d2f36d001f", "title": "FedRAMP Logo", "description": "FedRAMP Logo", "props": [ { "name": "type", "ns": "https://fedramp.gov/ns/oscal", "value": "fedramp-logo" } ], "rlinks": [ { "href": "https://www.fedramp.gov/assets/img/logo-main-fedramp.png" } ], "base64": { "filename": "logo-main-fedramp.png", "media-type": "image/png", "value": "00000000" }, "remarks": "Must be present in a FedRAMP SSP." }, { "uuid": "31a46c4f-2959-4287-bc1c-67297d7da60b", "title": "CSP Logo", "description": "CSP Logo", "rlinks": [ { "href": "./img/logo.png", "media-type": "image/png" } ], "base64": { "filename": "logo.png", "media-type": "image/png", "value": "00000000" }, "remarks": "May use `rlink` with a relative path, or embedded as `base64`.\n\nFedRAMP prefers `base64` for images and diagrams.\n\nImages must be in sufficient resolution to read all detail when rendered in a browser via HTML5." }, { "uuid": "2c1747d6-874a-49a2-8488-2fd9735416bf", "title": "3PAO Logo", "description": "3PAO Logo", "rlinks": [ { "href": "./img/logo.png", "media-type": "image/png" } ], "base64": { "filename": "logo.png", "media-type": "image/png", "value": "00000000" }, "remarks": "May use `rlink` with a relative path, or embedded as `base64`.\n\nFedRAMP prefers `base64` for images and diagrams.\n\nImages must be in sufficient resolution to read all detail when rendered in a browser via HTML5." }, { "uuid": "d2eb3c18-6754-4e3a-a933-03d289e3fad5", "title": "Boundary Diagram", "description": "The primary authorization boundary diagram.", "rlinks": [ { "href": "./diagrams/boundary.png" } ], "base64": { "filename": "logo.png", "media-type": "image/png", "value": "00000000" }, "remarks": "Section 8.1, Figure 8-1 Authorization Boundary Diagram (graphic)\n\nThis should be referenced in the system-characteristics/authorization-boundary/diagram/link/@href flag using a value of \\\"#d2eb3c18-6754-4e3a-a933-03d289e3fad5\\\"\n\nMay use `rlink` with a relative path, or embedded as `base64`.\n\nFedRAMP prefers `base64` for images and diagrams.\n\nImages must be in sufficient resolution to read all detail when rendered in a browser via HTML5." }, { "uuid": "61081e81-850b-43c1-bf43-1ecbddcb9e7f", "title": "Network Diagram", "description": "The primary network diagram.", "rlinks": [ { "href": "./diagrams/network.png" } ], "base64": { "filename": "network.png", "media-type": "image/png", "value": "00000000" }, "remarks": "Section 8.1, Figure 8-2 Network Diagram (graphic)\n\nThis should be referenced in the system-characteristics/network-architecture/diagram/link/@href flag using a value of \\\"#61081e81-850b-43c1-bf43-1ecbddcb9e7f\\\"\n\nMay use `rlink` with a relative path, or embedded as `base64`.\n\nFedRAMP prefers `base64` for images and diagrams.\n\nImages must be in sufficient resolution to read all detail when rendered in a browser via HTML5." }, { "uuid": "ac5d7535-f3b8-45d3-bf3b-735c82c64547", "title": "Data Flow Diagram", "description": "The primary data flow diagram.", "rlinks": [ { "href": "./diagrams/dataflow.png" } ], "base64": { "filename": "dataflow.png", "media-type": "image/png", "value": "00000000" }, "remarks": "Section 8.1, Figure 8-3 Data Flow Diagram (graphic)\n\nThis should be referenced in the system-characteristics/data-flow/diagram/link/@href flag using a value of \\\"#ac5d7535-f3b8-45d3-bf3b-735c82c64547\\\"\n\nMay use `rlink` with a relative path, or embedded as `base64`.\n\nFedRAMP prefers `base64` for images and diagrams.\n\nImages must be in sufficient resolution to read all detail when rendered in a browser via HTML5." }, { "uuid": "49fb4631-1da2-41ca-b0b3-e1b1006d4025", "title": "Separation of Duties Matrix", "description": "Separation of Duties Matrix", "props": [ { "name": "type", "ns": "https://fedramp.gov/ns/oscal", "value": "separation-of-duties-matrix" }, { "name": "published", "value": "2023-01-01T00:00:00Z" }, { "name": "version", "value": "Document Version" } ], "rlinks": [ { "href": "./documents/Sep_Matrix.docx", "media-type": "application/msword" } ], "base64": { "filename": "Sep_Matrix.docx", "media-type": "application/msword", "value": "00000000" }, "remarks": "May use `rlink` with a relative path, or embedded as `base64`." } ] } } }