Presentation is loading. Please wait.

Presentation is loading. Please wait.

Agency ATO Quick Guide September 21, 2015

Published byAleesha Thomas Modified over 7 years ago

Similar presentations

Presentation on theme: "Agency ATO Quick Guide September 21, 2015"— Presentation transcript:

1 Agency ATO Quick Guide September 21, 2015
Logo and branding updated June 6, 2017

2 Assessment Process The FedRAMP Agency ATO authorization process should follow the FedRAMP Security Assessment Framework (SAF) The FedRAMP SAF is based on the NIST Risk Management Framework (RMF) The FedRAMP SAF is available on FedRAMP.gov by navigating to the Resources  Documents webpage

3 Document Check List – FedRAMP Templates
FedRAMP templates are available at FedRAMP.gov on the Resources  Templates webpage Agency ATO packages submitted to FedRAMP must include 14 FedRAMP templates The PMO will check these templates for completeness, critical security control showstoppers, and quality It’s recommended that you use the Rev 4 Security Assessment Test Cases that the FedRAMP PMO released in Excel format for public comment: Test-Cases-Rev-4-v1_.xlsx FedRAMP Templates Available: System Security Plan (SSP) FIPS Pub 199 E-Authentication Control Implementation Summary (CIS) CIS Worksheet IT Contingency Plan (CP) and CP Test Privacy Threshold Analysis (PTA) / Privacy Impact Assessment (PIA) Rules of Behavior (ROB) Security Assessment Plan (SAP) Security Assessment Test Cases Security Assessment Report (SAR) Security Test Cases Plan of Action and Milestone (POA&M) Agency ATO Letter

4 Document Check List – Documents without a FedRAMP Template
Agency ATO packages submitted to FedRAMP should have 8 attachments that are not FedRAMP templates The PMO will check these templates for completeness, critical security control showstoppers, and quality No FedRAMP Templates Available: SSP Attachments Information System Security Policies & Procedures Configuration Management (CM) Plan Incident Response Plan (IRP) User Guide Signature Page SAP Attachment Rules of Engagement (ROE) SAR Attachment Vulnerability Scans Ad Hoc Evidence

5 FedRAMP Agency ATO Letter Template
An Agency ATO letter must be included in a FedRAMP Agency ATO package The FedRAMP Agency ATO Letter template is attached below: Click the letter to view You can find this template on FedRAMP.gov by navigating to the Resources Templates webpage

Download ppt "Agency ATO Quick Guide September 21, 2015"

Similar presentations

SHIFTING INFORMATION SECURITY LANDSCAPE FROM C&AS TO CONTINUOUS MONITORING ANDREW PATCHAN JD, CISA ASSOCIATE IG FOR IT, FRB LOUIS C. KING, CPA, CISA, CMA,

SHIFTING INFORMATION SECURITY LANDSCAPE FROM C&AS TO CONTINUOUS MONITORING ANDREW PATCHAN JD, CISA ASSOCIATE IG FOR IT, FRB LOUIS C. KING, CPA, CISA, CMA,
Corporate Headquarters: 1010 Wayne Avenue, Suite 1150 Silver Spring, Maryland 20910 301.565.2988 Telephone 301.565.2995 Facsimile www.e-mcinc.com Satellite.

Corporate Headquarters: 1010 Wayne Avenue, Suite 1150 Silver Spring, Maryland Telephone Facsimile Satellite.
1 NIST, FIPS, and you... Bob Grill Medi-Cal ISO July 16, 2009.

1 NIST, FIPS, and you... Bob Grill Medi-Cal ISO July 16, 2009.
Federal Risk and Authorization Management Program (FedRAMP) Lisa Carnahan, Computer Scientist National Institute of Standards & Technology Standards Coordination.

Federal Risk and Authorization Management Program (FedRAMP) Lisa Carnahan, Computer Scientist National Institute of Standards & Technology Standards Coordination.
PAGE www.fedramp.gov Quick Guide to the FedRAMP Readiness Process 1 August 2014 Presented by: FedRAMP PMO www.fedramp.gov.

PAGE Quick Guide to the FedRAMP Readiness Process 1 August 2014 Presented by: FedRAMP PMO
PAGE www.fedramp.gov Agency ATO Quick Guide 1 December 23, 2014 www.fedramp.gov.

PAGE Agency ATO Quick Guide 1 December 23,
NIH Security, FISMA and EPLC Lots of Updates! Where do we start? Kay Coupe NIH FISMA Program Coordinator Office of the Chief Information Officer Project.

NIH Security, FISMA and EPLC Lots of Updates! Where do we start? Kay Coupe NIH FISMA Program Coordinator Office of the Chief Information Officer Project.
DoD Information Assurance Certification and Accreditation Process (DIACAP) August 2011.

DoD Information Assurance Certification and Accreditation Process (DIACAP) August 2011.
Risk-Based Policy & Implementation Guidance Risk-Based Policy & Implementation Guidance Program Management Plan Program Management Plan Subordinate System.

Risk-Based Policy & Implementation Guidance Risk-Based Policy & Implementation Guidance Program Management Plan Program Management Plan Subordinate System.
National Institute of Standards and Technology 1 NIST Guidance and Standards on System Level Information Security Management Dr. Alicia Clay Deputy Chief.

National Institute of Standards and Technology 1 NIST Guidance and Standards on System Level Information Security Management Dr. Alicia Clay Deputy Chief.
Information Security Policies and Standards

Information Security Policies and Standards
PAGE www.fedramp.gov Agency ATO Quick Guide 1 May 1, 2015 www.fedramp.gov.

PAGE Agency ATO Quick Guide 1 May 1,
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
PAGE[classification marking]www.fedramp.gov[classification marking] FedRAMP Government Discussion Matt Goodrich, FedRAMP Director January 14, 2015 www.fedramp.gov.

PAGE[classification marking] marking] FedRAMP Government Discussion Matt Goodrich, FedRAMP Director January 14,
Risk Management Framework

Risk Management Framework
Security Assessments FITSP-M Module 5. Security control assessments are not about checklists, simple pass-fail results, or generating paperwork to pass.

Security Assessments FITSP-M Module 5. Security control assessments are not about checklists, simple pass-fail results, or generating paperwork to pass.
Complying With The Federal Information Security Act (FISMA)

Complying With The Federal Information Security Act (FISMA)
Ensuring Information Security

Ensuring Information Security
An overview of the NIST Risk Management Framework ISA 652 Fall 2010

An overview of the NIST Risk Management Framework ISA 652 Fall 2010
FedRAMP Federal Risk and Authorization Management Program Industry Day June 4, 2014 Industry Day.

FedRAMP Federal Risk and Authorization Management Program Industry Day June 4, 2014 Industry Day.

Similar presentations

Ads by Google