Search Results

System Information CSP Name The cloud service provider (CSP) name and abbreviation are represented in the SSP metadata. A roles extry must exist with id = cloud-service-provider A parties entry must exist with the CSP's name and short-name. A responsible-par...

FedRAMP's baselines are available in OSCAL XML, JSON and YAML formats on the OSCAL Foundation's fedramp-resources GitHub repository. The OSCAL Foundation is making FedRAMP baselines available both as OSCAL profiles and as pre-processed resolved profile catalog...

All FedRAMP artifacts include a title page. The content found on the title page is represented using core OSCAL content in metadata. title the artifact title as FedRAMP requires it to appear published the formal publication date of the artifact (using OSCAL ...

"Prepared by" and "Prepared for" follow the Roles pattern, using the prepared-by and prepared-for roles. For an SSP: prepared-by may identify the cloud service provider or a thrid party advisory organization prepared-for always identifes the cloud service pr...

SSP Approvals follow the Roles pattern, using the content-approver role. Defined Identifiers Required Role IDs: content-approver

The system's overall FIPS-199 impact level is determined primarily by the sensitivity of the information it processes. The overall FIPS-199 impact level is represented under system-characteristics: security-sensitivity-level The value must be one of fips-19...

The leveraged FedRAMP-Authorized services table is used to list both underlying leveraged authorizations, such as a SaaS running on an IaaS, and use of external cloud services with FedRAMP authorizations, such as a FedRAMP-authorized third party identity manag...

FedRAMP authorized services should be used, whenever possible, since their risk is defined. However, there are instances where CSOs have external systems or services that are not FedRAMP authorized. In OSCAL, these external systems and services must be ident...

The Digital Identity Level (DIL) is represented on the page below. Within system-characteristics there must be three entries to the props array as follows: name set to identity-assurance-level and a value set to 1, 2 or 3. name set to authenticator-assurance...

Cryptographic Modules Implemented for Data-in-Transit (DIT) This page needs work: The examples needs to be converted to YAML A description of the YAML constructs needs to be provided OSCAL's component model treats independent validation of products and ser...

The Architecture, Network and Data Flow Diagramss are each represented using the same OSCAL patterns, with only the top level assemby name changing. Authorization Boundary The OSCAL approach to this type of diagram is to treat the image data as either a linked...

Entries in the services, ports, and protocols table are represented as component assemblies, with the component-type flag set to "service". Use a protocol assembly for each protocol associated with the service. For a single port, set the port-range start flag ...