This week, FedRAMP published questions and answers that discuss FedRAMP documents, and points of contact:
Q: What information does the FedRAMP PMO require for Contingency Plans and Incident Response Plans, and for testing them?
A: You must use the Contingency Plan template from the Templates section of the FedRAMP website, at https://www.fedramp.gov/resources/templates-2016/. In Section 6, insert the test procedures you will follow for testing the Contingency Plan. In Appendix G, enter summary information about the execution of the test.
FedRAMP does not provide an Incident Response Plan template. Your Incident Response Plan must describe a functioning and tested Incident Response process, including roles, responsibilities, procedures, and reporting. You must include a description of an Incident Response test.
Q: Who do I contact if I have changes to the information that I submitted in my CSP Information Form or the information that is displayed on my FedRAMP Marketplace page?
A Please email email@example.com to request any changes and/or updates to information (i.e. offering, description, point of contact).
Read more about this week’s FedRAMP’s Tip and cues here.