Skip to Content

 Security Assessment and Authorization (CA)

FedRAMP - Continuous Monitoring CA-7

Thu, Sep 29, 2022 0 0 549 0/5 (0 Vote)

Overview:The organization develops a continuous monitoring strategy and implements a continuous monitoring program that includes:a. Establishment of [Assignment: organization-defined metrics] to be monitored;b. Establishment of [Assignment:... Read More

FedRAMP - External Organizations CA-2(3)

Thu, Sep 29, 2022 0 0 416 0/5 (0 Vote)

Overview:The organization accepts the results of an assessment of [Assignment: organization-defined information system] performed by [Assignment: organization-defined external organization] when the assessment meets [Assignment: organization-defined... Read More

FedRAMP - Independent Assessment CA-7(1)

Thu, Sep 29, 2022 0 0 387 0/5 (0 Vote)

Overview:The organization employs assessors or assessment teams with [Assignment: organization-defined level of independence] to monitor the security controls in the information system on an ongoing basis. Supplemental Guidance:Organizations can... Read More

FedRAMP - Independent Assessors CA-2(1)

Thu, Sep 29, 2022 0 0 436 0/5 (0 Vote)

Overview:The organization employs assessors or assessment teams with [Assignment: organization-defined level of independence] to conduct security control assessments. Supplemental Guidance:Independent assessors or assessment teams are individuals or... Read More

FedRAMP - Independent Penetration Agent or Team CA-8(1)

Thu, Sep 29, 2022 0 0 432 0/5 (0 Vote)

Overview:The organization employs an independent penetration agent or penetration team to perform penetration testing on the information system or system components. Supplemental Guidance:Independent penetration agents or teams are individuals or... Read More

FedRAMP - Internal System Connections CA-9

Thu, Sep 29, 2022 0 0 477 0/5 (0 Vote)

Overview:The organization:a. Authorizes internal connections of [Assignment: organization-defined information system components or classes of components] to the information system; andb. Documents, for each internal connection, the interface... Read More

FedRAMP - Penetration Testing CA-8

Thu, Sep 29, 2022 0 0 397 0/5 (0 Vote)

Overview:The organization conducts penetration testing [Assignment: organization-defined frequency] on [Assignment: organization-defined information systems or system components]. Supplemental Guidance:Penetration testing is a specialized type of... Read More

FedRAMP - Plan of Action and Milestones CA-5

Thu, Sep 29, 2022 0 0 427 0/5 (0 Vote)

Overview:The organization:a. Develops a plan of action and milestones for the information system to document the organization’s planned remedial actions to correct weaknesses or deficiencies noted duringthe assessment of the security controls... Read More

FedRAMP - Restrictions on External System Connections CA-3(5)

Thu, Sep 29, 2022 0 0 401 0/5 (0 Vote)

Overview:The organization employs [Selection: allow-all, deny-by-exception; deny-all, permit-by-exception] policy for allowing [Assignment: organization-defined information systems] to connect to external information systems. Supplemental Guidance... Read More

Results 1 - 10 of 15