This week, FedRAMP published one Tip one Q&A for Cloud Service Providers(CSPs):
Cloud Service Providers (CSPs)
TIP: At the FedRAMP briefing to discuss the SAR findings, the CSP may be called upon to provide a system overview/ architecture briefing. The CSP should also be prepared to discuss the status of the SAR findings, including:
○ Total SAR findings on schedule
○ Total SAR findings delayed (or expected to be delayed) and why
○ Deviations (ORs, RAs, FPs) for SAR findings that will be submitted during continuous monitoring (ConMon)
Cloud Service Providers (CSPs)
Q: What are “Security Procedures”?
A: NIST SP 800-12 defines “Security Procedures” as detailed steps to be followed by users, system operations personnel, or others to accomplish a particular task (e.g. preparing new user accounts and assigning the appropriate privileges).”
Security Procedures generally explain how to perform a task such as a technical task or a business process.
Examples of procedures are:
- How To Create User Accounts
- How To Test Backups
- How To Authorize A User Account
- How To Perform Friendly Terminations
- How To Perform Unfriendly Terminations
- How To Lockdown a Windows 2012 Server
- How To Manually Turn On a Generator
- Standard Operating Procedures For Adding New Storage Arrays
- Media Sanitization Procedures
- Procedures For Adding Firewall Rules
- Procedure For Configuring Live Migrations of Virtual Machines
- How To Review a Log File for Suspicious Activity
- How To Configure Audit Storage Capacity Alerts
- How To Use Cron To Schedule Alerts
- How To Configure The Log Delivery Service
- How To Test The Contingency Plan
More Information
Read more about this week’s FedRAMP’s Tip and cues here
