Prepared By/For

system security plan prepared by, prepared for page image

"Prepared ~~by"~~By and "Prepared ~~for"~~For follow the Roles pattern, using the prepared-by and prepared-for roles.

For an SSP:

prepared-by may identify the cloud service provider or a thrid party advisory organization
prepared-for always identifes the cloud service provider

Defined Identifiers Required Role IDs:

prepared-by
prepared-for

Prepared By - ThirdCSP Partyor Self‑Prepared

~~The representation below demonstrates~~When the ~~Prepared~~SSP is preapred by ~~section~~the CSP the metadata must include:

a roles entry with an id of prepared-by

a parties entry that represents the CSP

a responsible-parties entry with:
- a role-id of prepared-by
- a parties-uuid array with one entry:
  - the uuid value of the CSP entry in the ~~FedRAMP~~parties ~~SSP~~array ~~template~~above.
  it
~~prepared~~

~~by a party than the party owning the system security plan.~~

~~Representation~~

metadata:
  roles:
  - id: prepared-by
    title: Prepared By

  description: The organization that prepared the document. If developed in-house, this is the CSP itself.
  parties:
  - uuid: d865602c-9d3b-49d7-8125-ce3f1ca04231
    type: organization
    name: CSP Name of the person or the organization that prepared the document
    address:
      type: work
      addr-lines:
      - Suite 0000
      - 1234 Some Street
      city: Haven
      state: ME
      postal-code: '00000'
      country: US
    links:
    - href: #891263fb-a5d6-44db-8d73-51bb8a9a3610
      rel: logo

  responsible-parties:
  - role-id: prepared-by
    party-uuids:
    - d865602c-9d3b-49d7-8125-ce3f1ca04231



back-matter:##### resources:
  - uuid: 891263fb-a5d6-44db-8d73-51bb8a9a3610
    title: Logo
    description: Logo of the CSP or the organization that prepared the document.
    props:
    - name: type
      value: logo
    rlinks:
    - href: ./attachments/img/logo.png
    base64:
      filename: logo.png
      media-type: image/png
      value: 00000000

Prepared By - CSPThird orParty Self‑Prepared

When

~~This~~the ~~section~~SSP is ~~applicable~~preapred ~~when~~by an advisory firm, the ~~CSP creates or updates its own SSP or POA&M content. A CSP~~`metadata` must ~~never~~include: ~~prepare~~- a `roles` entry with an `id` of `prepared-by` - a `parties` entry that represents the ~~FedRAMP~~third ~~SAP~~party ~~and~~firm ~~SAR~~- ~~documents.~~

`responsible-parties` entry with:
  - a `role-id` of `prepared-by`
  - a `parties-uuid` array with one entry:
    - the `uuid` value of the third party firm's entry in the `parties` array above.


```yaml
metadata:
  roles:
  - id: prepared-by
    title: Prepared By
    description: The organization that prepared the document.
  locations:
  - uuid: 60d612ba-1ab4-49ab-858b-d83b1bcbf006
    title: Name of the organization that prepared the document
    address:
      type: work
      addr-lines:
      - Suite 0000
      - 1234 Some Street
      city: Haven
      state: ME
      postal-code: '00000'
      country: US

  parties:
  - uuid: d865602c-9d3b-49d7-8125-ce3f1ca04231
    type: organization
    name: Third Party Firm Name of the person or the organization that prepared the document
    location-uuids:
    - 60d612ba-1ab4-49ab-858b-d83b1bcbf006
    links:
    - href: #891263fb-a5d6-44db-8d73-51bb8a9a3610
      rel: logo

  responsible-parties:
  - role-id: prepared-by
    party-uuids:
    - d865602c-9d3b-49d7-8125-ce3f1ca04231

back-matter:
  resources:
  - uuid: 891263fb-a5d6-44db-8d73-51bb8a9a3610
    title: Logo
    description: Logo of the organization that prepared the document.
    props:
    - name: type
      value: logo
    rlinks:
    - href: ./attachments/img/logo.png
    base64:
      filename: logo.png
      media-type: image/png
      value: 00000000

Prepared For - CSP

InThe ~~the~~SSP ~~vast~~is ~~majority of cases, FedRAMP SSP, SAP, SAR, and POA&M documents are~~always prepared for the CSP. The metadata must include:

a roles entry with an ~~CSP.~~
id
~~However,~~of ~~unforeseen~~prepared-for

~~circumstances~~

a ~~may~~parties ~~require~~entry ~~another~~that ~~party to be named. For this reason,~~represents the CSP

a responsible-parties entry with:
- a role-id of prepared-for
- a ~~and~~parties-uuid ~~CSPs~~array ~~have~~with ~~separately~~one ~~defined~~entry: ~~roles.~~
  - the ~~screen~~uuid ~~shot~~value ~~below shows~~of the ~~Prepared~~CSP ~~for section~~entry in the ~~FedRAMP~~parties ~~SSP~~array ~~template.~~
    above.

metadata:
  roles:
  - id: prepared-for
    title: Prepared For

  description: The organization (typically, the CSP) for which the document was prepared.
  - id: cloud-service-provider
    title: Cloud Service Provider
  locations:
  - uuid: 60d612ba-1ab4-49ab-858b-d83b1bcbf006
    title: Name of the CSP
    address:
      type: work
      addr-lines:
      - Suite 0000
      - 1234 Some Street
      city: Haven
      state: ME
      postal-code: '00000'
      country: US 
  parties:
  - uuid: d865602c-9d3b-49d7-8125-ce3f1ca04231
    type: organization
    name: CloudCSP Service Provider
    links:
    - href: #891263fb-a5d6-44db-8d73-51bb8a9a3610
      rel: logo
    location-uuids:
    - 60d612ba-1ab4-49ab-858b-d83b1bcbf006Name

  responsible-parties:
  - role-id: prepared-for
    party-uuids:
    - d865602c-9d3b-49d7-8125-ce3f1ca04231
back-matter:
  resources:
  - uuid: 891263fb-a5d6-44db-8d73-51bb8a9a3610
    title: Logo
    description: Logo of the CSP.
    props:
    - name: type
      value: logo
    rlinks:
    - href: ./attachments/img/logo.png
    base64:
      filename: logo.png
      media-type: image/png
      value: 00000000

~~Note:~~To ~~For~~include ~~the~~location, ~~logo,~~log ~~use~~or ~~rlink~~other ~~with~~details for a ~~relative~~Party, ~~path~~see ~~or embed the logo as base64.~~

[link-needed].