Skip to main content

Appendices A - Q


Appendicies Overview

Most attachments required by FedRAMP are called out in the NIST SP 800-53 controls appearning in ...

Appendix A: FedRAMP Security Controls

See [Controls citation and link]

Appendix B: Related Acronyms

There is no OSCAL construct for representing an acronyms list. Attach a document (e.g., Word, Exc...

Appendix C: Security Policies and Procedures

This needs work that may have been completed elsewhere and nees to be moved into here. This ...

Appendix D: User Guide

This needs work that may have been completed elsewhere and nees to be moved into here. This ...

Appendix E: Digital Identity Level (DIL) Determination

The Digital Identity Level (DIL) is represented on the page below. Within system-characteristics...

Appendix F: Rules of Behavior (RoB)

This needs work that may have been completed elsewhere and nees to be moved into here. This ...

Appendix G: Information System Contingency Plan (ISCP)

This needs work that may have been completed elsewhere and nees to be moved into here. This ...

Appendix H: Configuration Management Plan (CMP)

This needs work that may have been completed elsewhere and nees to be moved into here. This ...

Appendix I: Incident Response Plan (IRP)

This needs work that may have been completed elsewhere and nees to be moved into here. This ...

Appendix J: CIS and CRM Workbook

The FedRAMP Control Information Summary (CIS) and Customer Responsibility Matrix (CRM) are derive...

Appendix K: FIPS-199 Worksheet

The system's overall FIPS-199 impact level is determined primarily by the sensitivity of the info...

Appendix L: CSO-Specific Required Laws and Regulations

Needs Work Content cleanup YAML Example For MVP: attach a Word or PDF document enumerating t...

Appendix M: Integrated Inventory Workbook

See Inventory Approaches for guidance.

Appendix N: Continuous Monitoring Plan

This needs work that may have been completed elsewhere and nees to be moved into here. This ...

Appendix O: POA&M

See the FedRAMP POA&M book.

Appendix P: Supply Chain Risk Management Plan (SCRMP)

This needs work that may have been completed elsewhere and nees to be moved into here. This ...

Appendix Q: Cryptographic Modules

Cryptographic Modules Implemented for Data-in-Transit (DIT) This page needs work: The examples ...
Back to top