Skip to main content

Control Response: Normalized Approach

The normalized approach is prefered. Organizations starting new with no legacy SSP content should use this.

For organizations converting from a legacy FedRAMP SSP Word template, consider starting with the Control Response: Flat Approach and migrating to the normalized approach over time.

With the normalized approach, system elements are first defined as OSCAL components. Relvant components are then associated with control statements via statements/by-components entries. Control responses are then provided in the approrpiate by-component entry.

controls-normalized.png

system-security-plan:
Back to top