Control Response: Normalized Approach

The normalized approach is prefered. Organizations starting new with no legacy SSP content should use this. 
 For organizations converting from a legacy FedRAMP SSP Word template, consider starting with the Control Response: Flat Approach and migrating to the normalized approach over time. 
 
 With the normalized approach, system elements are first defined as OSCAL components . Relvant components are then associated with control statements via statements / by-components entries. Control responses are then provided in the approrpiate by-component entry. 
 
 system-security-plan: