Appendix K: FIPS-199 Worksheet
The FIPS-199 Categorization in the FedRAMP SSP template, illustrated in the figure below, is expressed through the following core OSCAL property.
OSCAL Representation
<system-security-plan>
<metadata>
<!-- cut CSP Name -->
</metadata>
<system-characteristics>
<!-- System Name & Abbreviation -->
<system-name>System's Full Name</system-name>
<system-name-short>System's Short Name or Acronym</system-name-short>
<!-- FedRAMP Unique Identifier -->
<system-id identifier-type="http://fedramp.gov">F00000000</system-id>
<!-- cut Service Model -->
<!-- cut Deployment Model -->
<!-- cut DIL Determination -->
<!-- FIPS PUB 199 Level (SSP Attachment 10) -->
<security-sensitivity-level>fips-199-moderate</security-sensitivity-level>
<!-- cut -->
</system-characteristics>
<!-- cut -->
</system-security-plan>
OSCAL Allowed Values
Valid values for security-sensitivity-level:
- fips-199-low
- fips-199-moderate
- fips-199-high
XPath Queries
System Sensitivity Level:
/*/system-characteristics/security-sensitivity-level
NOTES:
- The identified System Sensitivity Level governs which FedRAMP baseline applies. See the Importing the FedRAMP Baseline section for more information about importing the appropriate FedRAMP baseline.