FedRAMP Weekly Tips & Cues – December 19, 2018

This week, FedRAMP published one Tip one Q&A for Cloud Service Providers(CSPs):

Cloud Service Providers (CSPs)

TIP: At the FedRAMP briefing to discuss the SAR findings, the CSP may be called upon to provide a system overview/ architecture briefing. The CSP should also be prepared to discuss the status of the SAR findings, including:

○ Total SAR findings on schedule

○ Total SAR findings delayed (or expected to be delayed) and why

○ Deviations (ORs, RAs, FPs) for SAR findings that will be submitted during continuous monitoring (ConMon)

Cloud Service Providers (CSPs)

Q: What are “Security Procedures”?

A: NIST SP 800-12 defines “Security Procedures” as detailed steps to be followed by users, system operations personnel, or others to accomplish a particular task (e.g. preparing new user accounts and assigning the appropriate privileges).”

Security Procedures generally explain how to perform a task such as a technical task or a business process.

Examples of procedures are:

  • How To Create User Accounts
  • How To Test Backups
  • How To Authorize A User Account
  • How To Perform Friendly Terminations
  • How To Perform Unfriendly Terminations
  • How To Lockdown a Windows 2012 Server
  • How To Manually Turn On a Generator
  • Standard Operating Procedures For Adding New Storage Arrays
  • Media Sanitization Procedures
  • Procedures For Adding Firewall Rules
  • Procedure For Configuring Live Migrations of Virtual Machines
  • How To Review a Log File for Suspicious Activity
  • How To Configure Audit Storage Capacity Alerts
  • How To Use Cron To Schedule Alerts
  • How To Configure The Log Delivery Service
  • How To Test The Contingency Plan
More Information

Read more about this week’s FedRAMP’s Tip and cues here

Free Chatbot Call-To-Action