PLEASE REMOVE THE INSTRUCTIONS BEFORE SUBMITTING FORM

Please Remove The Instructions Before Submitting Form-Free PDF

  • Date:06 Apr 2020
  • Views:19
  • Downloads:0
  • Pages:12
  • Size:1.98 MB

Share Pdf : Please Remove The Instructions Before Submitting Form

Download and Preview : Please Remove The Instructions Before Submitting Form


Report CopyRight/DMCA Form For : Please Remove The Instructions Before Submitting Form


Transcription:

FedRAMP Significant Change Request Form, 1 Complete the form and attach additional pages if necessary. Instructions 2 Upload either a digitally signed copy or a physically signed and scanned copy to OMB MAX. 3 Send a notification message to info fedramp gov include OMB MAX location of the document. CSP Contact Information,Company Name,System Name,System Owner Name Title. Name Title,Primary POC,Phone Email,System Information. Type of System Please choose from the drop down menu ClickChoose. on arrowantoitem,choose an item,System Description. List of current and,pending Federal,3PAO Information Required.
3PAO Company Name,3PAO Primary Name Title,POC Phone Email. Currently on contract for significant change proposed Yes No. Security Assessment Plan attached Yes No,Nature of Change. Change Details,Please provide background,and brief description Attach. additional pages if necessary,Version 2 1 August 28 2018. Form Page 1 of 3,FedRAMP Significant Change Request Form.
Type of Change Authentication or access control Backup mechanism or process. Check all that apply Storage SaaS or PaaS changing underlying. New code release provider, Replacement of COTS product Changing alternate or compensating. Change in services offered,Removal of security control s. Change in FIPS 199 Categorization Level, Moderate to High requires Attachment A Change in system scope. Other Please Specify,System Component s,Security Control s Impacted. Has the 3PAO validated above control list Yes No Signature. Status of Change, Is there a date by which Yes No If yes what is the date.
this change must be,operational If yes why,Validation. Please describe how,the impacted controls,will be validated. Attach additional pages,if necessary,Version 2 1 August 28 2018 Form Page 2 of 3. FedRAMP Significant Change Request Form,Demand Justification. Which customers are driving this,change Required for changes to.
service scope or FIPS 199 Level,Justification for Change Attach. additional pages if necessary,Is the change required because a Yes No. previous version is reaching end of, life or end of support If yes what is the end of life date. Is this change intended to enhance ConMon performance Yes No. CSP Signature Must be signed by an individual with the authority to represent the CSP to FedRAMP. Name Printed,Signature Date,FedRAMP Standing To be completed by FedRAMP. Annual Assessment,Was the last assessment completed Yes No.
When is the next annual assessment due,Is CSP currently overdue on its annual Yes No. assessment,If yes why,ConMon Performance, Was CSP on a corrective action plan in the past six months Yes No. Version 2 1 August 28 2018 Form Page 3 of 3,FedRAMP Significant Change Request Form. Attachment A Part 1, Attachment A This attachment is only required if changing the system s FIPS 199 categorization level from Moderate to High If. Instructions this is the case please complete all subsequent pages Otherwise remove these pages before submission. Table A 1 below lists all additional controls that do not exist in the Moderate baseline but must be addressed as. Table A 1 part of the High baseline,Instructions, Please provide the status of each control in the table below.
Table A 1 New controls required when changing from Moderate to High. Applicability Check one per row Implementation Status Notes. Control Pending If Pending Implementation provide implementation date. Implemented Not Applicable,Implementation If Not Applicable explain why. Version 2 1 August 28 2018 ATTACH ONLY IF CHANGING FROM MODERATE TO HIGH Attachment A Page 1 of 8. Applicability Check one per row Implementation Status Notes. Control Pending If Pending Implementation provide implementation date. Implemented Not Applicable,Implementation If Not Applicable explain why. Version 2 1 August 28 2018 ATTACH ONLY IF CHANGING FROM MODERATE TO HIGH Attachment A Page 2 of 8. Applicability Check one per row Implementation Status Notes. Control Pending If P ending Implementation provide implementation date. Implemented Not Applicable,Implementation If Not Applicable explain why. Version 2 1 August 28 2018 ATTACH ONLY IF CHANGING FROM MODERATE TO HIGH Attachment A Page 3 of 8. Applicability Check one per row Implementation Status Notes. Control Pending If Pending Implementation provide implementation date. Implemented Not Applicable,Implementation If Not Applicable explain why. Version 2 1 August 28 2018 ATTACH ONLY IF CHANGING FROM MODERATE TO HIGH Attachment A Page 4 of 8. Applicability Check one per row Implementation Status Notes. Control Pending If Pending Implementation provide implementation date. Implemented Not Applicable,Implementation If Not Applicable explain why.
Version 2 1 August 28 2018 ATTACH ONLY IF CHANGING FROM MODERATE TO HIGH Attachment A Page 5 of 8. FedRAMP Significant Change Request Form,Attachment A Part 2. Attachment A This attachment is only required if changing the system s FIPS 199 categorization level from Moderate to High. Instructions If this is the case please complete all subsequent pages Otherwise remove these pages before submission. The controls listed in Table A 2 below exist in both the Moderate and High baselines however the FedRAMP. prescribed parameter is different in the High baseline. Table A 2 When transitioning from Moderate to High the CSP must update these parameters appropriately in their System. Instructions Security Plan SSP The revised parameter changes the control requirement The CSP must also revise the control. implementation within the system and the control description within the SSP to align with the new parameter. Please provide the status of each in the table below. Table A 2 Controls with different FedRAMP parameters when changing from Moderate to High. Applicability Check one per row,Implementation Status Notes. Control Parameter Parameter If Parameter Pending provide implementation date. Control Control Not Applicable,If Not Applicable explain why. Updated Update Pending, Version 2 1 August 28 2018 ATTACH ONLY IF CHANGING FROM MODERATE TO HIGH Attachment A Page 6 of 8. Applicability Check one per row,Implementation Status Notes.
Control Parameter Parameter If Parameter Pending provide implementation date. Control Control Not Applicable,If Not Applicable explain why. Updated Update Pending, Version 2 1 August 28 2018 ATTACH ONLY IF CHANGING FROM MODERATE TO HIGH Attachment A Page 7 of 8. Applicability Check one per row,Implementation Status Notes. Control Parameter Parameter If Parameter Pending provide implementation date. Control Control Not Applicable,If Not Applicable explain why. Updated Update Pending,Additional Guidance, If the significant change is to increase the FIPS 199 system categorization level from Moderate to High FedRAMP will.
not approve the change until all High vulnerability findings in the significant change SAR are mitigated to a lower level. or remediated, Version 2 1 August 28 2018 ATTACH ONLY IF CHANGING FROM MODERATE TO HIGH Attachment A Page 8 of 8. significant change to a system with an existing FedRAMP authorization For more information about significant changes see the FedRAMP Continuous Monitoring Strategy Guide Section 3 2 Change Control FORM AND ATTACHMENT INSTRUCTIONS 1 Complete the form and attach additional pages if necessary a The 3PAO must sign page 2 as an indication that they have reviewed this form including the

Related Books