Prepared By/For
"Prepared by" and "Prepared for" follow the Roles pattern, using the prepared-by and prepared-for roles.
For an SSP:
prepared-bymay identify the cloud service provider or a thrid party advisory organizationprepared-foralways identifes the cloud service provider
Defined Identifiers Required Role IDs:
prepared-byprepared-for
Prepared By - Third Party
The representation below demonstrates the Prepared by section in the FedRAMP SSP template when it is prepared by a party than the party owning the system security plan.
Representation
metadata:
roles:
- id: prepared-by
title: Prepared By
description: The organization that prepared the document. If developed in-house, this is the CSP itself.
parties:
- uuid: d865602c-9d3b-49d7-8125-ce3f1ca04231
type: organization
name: Name of the person or the organization that prepared the document
address:
type: work
addr-lines:
- Suite 0000
- 1234 Some Street
city: Haven
state: ME
postal-code: '00000'
country: US
links:
- href: #891263fb-a5d6-44db-8d73-51bb8a9a3610
rel: logo
responsible-parties:
- role-id: prepared-by
party-uuids:
- d865602c-9d3b-49d7-8125-ce3f1ca04231
back-matter:
resources:
- uuid: 891263fb-a5d6-44db-8d73-51bb8a9a3610
title: Logo
description: Logo of the CSP or the organization that prepared the document.
props:
- name: type
value: logo
rlinks:
- href: ./attachments/img/logo.png
base64:
filename: logo.png
media-type: image/png
value: 00000000
Prepared By - CSP or Self‑Prepared
This section is applicable when the CSP creates or updates its own SSP or POA&M content. A CSP must never prepare the FedRAMP SAP and SAR documents.
metadata:
roles:
- id: prepared-by
title: Prepared By
description: The organization that prepared the document.
locations:
- uuid: 60d612ba-1ab4-49ab-858b-d83b1bcbf006
title: Name of the organization that prepared the document
address:
type: work
addr-lines:
- Suite 0000
- 1234 Some Street
city: Haven
state: ME
postal-code: '00000'
country: US
parties:
- uuid: d865602c-9d3b-49d7-8125-ce3f1ca04231
type: organization
name: Name of the person or the organization that prepared the document
location-uuids:
- 60d612ba-1ab4-49ab-858b-d83b1bcbf006
links:
- href: #891263fb-a5d6-44db-8d73-51bb8a9a3610
rel: logo
responsible-parties:
- role-id: prepared-by
party-uuids:
- d865602c-9d3b-49d7-8125-ce3f1ca04231
back-matter:
resources:
- uuid: 891263fb-a5d6-44db-8d73-51bb8a9a3610
title: Logo
description: Logo of the organization that prepared the document.
props:
- name: type
value: logo
rlinks:
- href: ./attachments/img/logo.png
base64:
filename: logo.png
media-type: image/png
value: 00000000
Prepared For - CSP
In the vast majority of cases, FedRAMP SSP, SAP, SAR, and POA&M documents are prepared for an CSP.
However, unforeseen circumstances may require another party to be named. For this reason, the prepared-for assemblies and CSPs have separately defined roles.
The screen shot below shows the Prepared for section in the FedRAMP SSP template.
metadata:
roles:
- id: prepared-for
title: Prepared For
description: The organization (typically, the CSP) for which the document was prepared.
- id: cloud-service-provider
title: Cloud Service Provider
locations:
- uuid: 60d612ba-1ab4-49ab-858b-d83b1bcbf006
title: Name of the CSP
address:
type: work
addr-lines:
- Suite 0000
- 1234 Some Street
city: Haven
state: ME
postal-code: '00000'
country: US
parties:
- uuid: d865602c-9d3b-49d7-8125-ce3f1ca04231
type: organization
name: Cloud Service Provider
links:
- href: #891263fb-a5d6-44db-8d73-51bb8a9a3610
rel: logo
location-uuids:
- 60d612ba-1ab4-49ab-858b-d83b1bcbf006
responsible-parties:
- role-id: prepared-for
party-uuids:
- d865602c-9d3b-49d7-8125-ce3f1ca04231
back-matter:
resources:
- uuid: 891263fb-a5d6-44db-8d73-51bb8a9a3610
title: Logo
description: Logo of the CSP.
props:
- name: type
value: logo
rlinks:
- href: ./attachments/img/logo.png
base64:
filename: logo.png
media-type: image/png
value: 00000000
Note: For the logo, use rlink with a relative path or embed the logo as base64.