Skip to main content

Prepared By/For

system security plan prepared by, prepared for page image

"Prepared by" and "Prepared for" follow the Roles pattern, using the prepared-by and prepared-for roles.

For an SSP:

  • prepared-by may identify the cloud service provider or a thrid party advisory organization
  • prepared-for always identifes the cloud service provider

Defined Identifiers Required Role IDs:

  • prepared-by
  • prepared-for
Prepared By - Third Party

The representation below demonstrates the Prepared by section in the FedRAMP SSP template when it is prepared by a party than the party owning the system security plan.

Representation

metadata:
  roles:
  - id: prepared-by
    title: Prepared By
    description: The organization that prepared the document. If developed in-house, this is the CSP itself.
  parties:
  - uuid: d865602c-9d3b-49d7-8125-ce3f1ca04231
    type: organization
    name: Name of the person or the organization that prepared the document
    address:
      type: work
      addr-lines:
      - Suite 0000
      - 1234 Some Street
      city: Haven
      state: ME
      postal-code: '00000'
      country: US
    links:
    - href: #891263fb-a5d6-44db-8d73-51bb8a9a3610
      rel: logo
  responsible-parties:
  - role-id: prepared-by
    party-uuids:
    - d865602c-9d3b-49d7-8125-ce3f1ca04231

back-matter:
  resources:
  - uuid: 891263fb-a5d6-44db-8d73-51bb8a9a3610
    title: Logo
    description: Logo of the CSP or the organization that prepared the document.
    props:
    - name: type
      value: logo
    rlinks:
    - href: ./attachments/img/logo.png
    base64:
      filename: logo.png
      media-type: image/png
      value: 00000000
Prepared By - CSP or Self‑Prepared

This section is applicable when the CSP creates or updates its own SSP or POA&M content. A CSP must never prepare the FedRAMP SAP and SAR documents.

metadata:
  roles:
  - id: prepared-by
    title: Prepared By
    description: The organization that prepared the document.
  locations:
  - uuid: 60d612ba-1ab4-49ab-858b-d83b1bcbf006
    title: Name of the organization that prepared the document
    address:
      type: work
      addr-lines:
      - Suite 0000
      - 1234 Some Street
      city: Haven
      state: ME
      postal-code: '00000'
      country: US 
  parties:
  - uuid: d865602c-9d3b-49d7-8125-ce3f1ca04231
    type: organization
    name: Name of the person or the organization that prepared the document
    location-uuids:
    - 60d612ba-1ab4-49ab-858b-d83b1bcbf006
    links:
    - href: #891263fb-a5d6-44db-8d73-51bb8a9a3610
      rel: logo
  responsible-parties:
  - role-id: prepared-by
    party-uuids:
    - d865602c-9d3b-49d7-8125-ce3f1ca04231

back-matter:
  resources:
  - uuid: 891263fb-a5d6-44db-8d73-51bb8a9a3610
    title: Logo
    description: Logo of the organization that prepared the document.
    props:
    - name: type
      value: logo
    rlinks:
    - href: ./attachments/img/logo.png
    base64:
      filename: logo.png
      media-type: image/png
      value: 00000000
Prepared For - CSP

In the vast majority of cases, FedRAMP SSP, SAP, SAR, and POA&M documents are prepared for an CSP.

However, unforeseen circumstances may require another party to be named. For this reason, the prepared-for assemblies and CSPs have separately defined roles.

The screen shot below shows the Prepared for section in the FedRAMP SSP template.

metadata:
  roles:
  - id: prepared-for
    title: Prepared For
    description: The organization (typically, the CSP) for which the document was prepared.
  - id: cloud-service-provider
    title: Cloud Service Provider
  locations:
  - uuid: 60d612ba-1ab4-49ab-858b-d83b1bcbf006
    title: Name of the CSP
    address:
      type: work
      addr-lines:
      - Suite 0000
      - 1234 Some Street
      city: Haven
      state: ME
      postal-code: '00000'
      country: US 
  parties:
  - uuid: d865602c-9d3b-49d7-8125-ce3f1ca04231
    type: organization
    name: Cloud Service Provider
    links:
    - href: #891263fb-a5d6-44db-8d73-51bb8a9a3610
      rel: logo
    location-uuids:
    - 60d612ba-1ab4-49ab-858b-d83b1bcbf006
  responsible-parties:
  - role-id: prepared-for
    party-uuids:
    - d865602c-9d3b-49d7-8125-ce3f1ca04231

back-matter:
  resources:
  - uuid: 891263fb-a5d6-44db-8d73-51bb8a9a3610
    title: Logo
    description: Logo of the CSP.
    props:
    - name: type
      value: logo
    rlinks:
    - href: ./attachments/img/logo.png
    base64:
      filename: logo.png
      media-type: image/png
      value: 00000000

Note: For the logo, use rlink with a relative path or embed the logo as base64. FedRAMP prefers base64 for images and diagrams. All images must have sufficient resolution to render all their details in HTML5.

Back to top