SlideShare uma empresa Scribd logo

Control Implementation Summary (CIS) Template

Transferir como DOCX, PDF
GovCloud Network
GovCloud Network

This template provides a sample format for preparing the Control Implementation Summary (CIS) Report for the CSP information system. The CSP may modify the format as necessary to comply with its internal policies and Federal Risk and Authorization Management Program (FedRAMP) requirements.

Tecnologia
1 de 10
Control Implementation Summary (CIS) Template <Information System Name>, <Date> Control Implementation Summary (CIS) Template <Vendor Name> <Information System Name> <Sensitivity Level> Version 1.0 May 2, 2012 Company Sensitive and Proprietary For Authorized Use Only
FedRAMP Control Implementation Summary (CIS) Template <Information System Name>, <Date>, <Version> Table of Contents ABOUT THIS DOCUMENT................................................................................................................. 4 Who should use this document? ..................................................................................................... 4 Conventions used in this document ................................................................................................ 4 How to contact us............................................................................................................................ 5 1. INTRODUCTION....................................................................................................................... 6 1.1. Purpose............................................................................................................................... 6 1.2. Scope .................................................................................................................................. 6 1.3. System Description ............................................................................................................. 6 2. CONTROL IMPLEMENTATION RESULTS .................................................................................. 7 APPENDIX A. ACRONYMS............................................................................................................... 9 APPENDIX B. REFERENCES ........................................................................................................... 10 Company Sensitive and Proprietary 2
FedRAMP Control Implementation Summary (CIS) Template <Information System Name>, <Date>, <Version> Document Revision History Date Description Version Author 05/02/2012 Document Publication 1.0 FedRAMP Office Company Sensitive and Proprietary3
FedRAMP Control Implementation Summary (CIS) Template <Information System Name>, <Date>, <Version> ABOUTTHIS DOCUMENT This document is released in template format. Once populated with content, this document will include detailed information about service provider information security controls. Who should use this document? This document is intended to be used by Cloud Service Providers (CSPs) who are applying for an Authorization to Operate (ATO) through the U.S. federal government FedRAMP program. This template provides a sample format for preparing the Control Implementation Summary (CIS) Report for the CSP information system. The CSP may modify the format as necessary to comply with its internal policies and Federal Risk and Authorization Management Program (FedRAMP) requirements. Conventions used in this document This document uses the following typographical conventions: Italic Italics are used for email addresses, security control assignments parameters, and formal document names. Italic blue in a box Italic blue text in a blue box indicates instructions to the individual filling out the template. Instruction: This is an instruction to the individual filling out of the template. Bold Bold text indicates a parameter or an additional requirement. Constant width Constant width text is used for text that is representative of characters that would show up on a computer screen. <Brackets> Bold blue text brackets indicate a user defined variable or word that should be replaced with a specific name. Once replaced, the brackets should be removed. Notes Notes are found between parallel lines and include additional information that may be helpful to the users of this template. Company Sensitive and Proprietary 4
FedRAMP Control Implementation Summary (CIS) Template <Information System Name>, <Date>, <Version> Note: This is a note. Sans Serif Sans Serif text is used for tables, table captions, figure captions, and table of contents. Sans Serif Gray Sans Serif gray text is used for examples. How to contact us If you have questions about something in this document, or how to fill it out, please write to: info@fedramp.gov For more information about the FedRAMP project, please see the website at: http://www.fedramp.gov Company Sensitive and Proprietary 5
FedRAMP Control Implementation Summary (CIS) Template <Information System Name>, <Date>, <Version> 1. INTRODUCTION The Control Implementation Summary (CIS) report is a key document in the security authorization package developed for submission to the Federal Risk and Authorization Management Program(FedRAMP) authorizing officials. The CIS report includes control implementation responsibility and implementation status of the FedRAMP security controls. CIS along with the Control Tailoring Workbook (CTW) and FIPS-199 Security Categorization should be submitted and approved by FedRAMP JAB before submitting the System Security Plan (SSP). 1.1. Purpose The purpose of the Control Implementation Summary (CIS) is to delineate the control responsibilities of CSPs and customer agencies. In addition, the CIS provides a summary of all required controls and enhancements across the system. CSPs are requested to coordinate with their assigned FedRAMP ISSO to ensure the CIS is appropriately formatted to reflect status and control origination responsibilities. 1.2. Scope The scope of the CIS template includes a description of all management, operational, and technical FedRAMP security controls that will be documented in the security plan(SP) at the determined impact level (Moderate or Low) by the CSP. 1.3. System Description The <Information System Name>system has been determined to have a security categorization of <Moderate/Low>. Instruction: Insert a brief high-level description of the system, business or purpose and system environment. Ensure this section is continuously updated with the latest description from the System Security Plan (SSP). Company Sensitive and Proprietary 6
FedRAMP Control Implementation Summary (CIS) Template <Information System Name>, <Date>, <Version> 2. CONTROL IMPLEMENTATION RESULTS Columns in the embedded Control Implementation Summary (CIS) spreadsheet are defined according to the definitions found in the table that follows. Control Origination Definition Example Service Provider A control that originates from the CSP DNS from the corporate network Corporate corporate network. provides address resolution services for the information system and the service offering. Service Provider System A control specific to a particular system A unique host based intrusion Specific at the CSP and the control is not part of detection system (HIDs) is available the service provider corporate controls. on the service offering platform but is not available on the corporate network. Service Provider Hybrid A control that makes use of both Scans of the corporate network corporate controls and additional infrastructure; scans of databases controls specific to a particular system and web based application are at the CSP. system specific. Configured by Customer A control where the customer needs to User profiles, policy/audit apply a configuration in order to meet configurations, enabling/disabling the control requirement. key switches (e.g., enable/disable http or https, etc.), entering an IP range specific to their organization are configurable by the customer. Provided by Customer A control where the customer needs to The customer provides a SAML SSO provide additional hardware or solution to implement two-factor software in order to meet the control authentication. requirement. Shared A control that is managed and Security awareness training must be implemented partially by the CSP and conducted by both the CSP and the partially by the customer. customer. Inherited from pre- A control that is inherited from another A PaaS or SaaS provider inherits PE existing Provisional CSP system that has already received a controls from an IaaS provider. Authorization Provisional Authorization. Company Sensitive and Proprietary 7
FedRAMP Control Implementation Summary (CIS) Template <Information System Name>, <Date>, <Version> Instruction: The CSP shouldindicate the control implementation status and control implementation origination of each of the controls identified in the CIS workbook by providing a checkmark in the appropriate cell. For the controls and enhancements identified as being a shared control, the CSP should explain the customer configuration and/or implementation responsibility in the “Customer Responsibility Matrix” which is on the second sheet in the workbook. The CIS should be entirely consistent with the Control Summary Information tables found in the System Security Plan. Embedded CIS Spreadsheet (Click to open): CIS_041612.xlsx Company Sensitive and Proprietary 8
FedRAMP Control Implementation Summary (CIS) Template <Information System Name>, <Date>, <Version> APPENDIX A. ACRONYMS Instruction: Update the acronyms based on the acronyms used in this document. AC Authentication Category AP Assurance Profile API Application Programming Interface ATO Authorization to Operate C&A Certification & Accreditation COTS Commercial Off the Shelf AO Authorizing Official FedRAMP Federal Risk and Authorization Management Program FIPS PUB Federal Information Processing Standard Publication FISMA Federal Information Security Management Act GSS General Support System IaaS Infrastructure as a Service (Model) IATO Interim Authorization to Operate ID Identification IT Information Technology LAN Local Area Network NIST National Institute of Standards and Technology OMB Office of Management and Budget PIA Privacy Impact Assessment POA&M Plan of Action and Milestones POC Point of Contact RA Risk Assessment Rev. Revision SA Security Assessment SAR Security Assessment Report SDLC System Development Life Cycle SP Special Publication SSP System Security Plan VLAN Virtual Local Area Network Company Sensitive and Proprietary 9
FedRAMP Control Implementation Summary (CIS) Template <Information System Name>, <Date>, <Version> APPENDIX B. REFERENCES Laws and Regulations: Federal Information Security Management Act of 2002, Title III – Information Security, P.L. 107-347. Consolidated Appropriations Act of 2005, Section 522. USA PATRIOT Act (P.L. 107-56), October 2001. OMB Circulars: OMB Circular A-130, Management of Federal Information Resources, November 2000. OMB Memorandum M-05-24, Implementation of Homeland Security Presidential Directive (HSPD) 12—Policy for a Common Identification Standard for Federal Employees and Contractors, August 2005. OMB Memorandum M-06-16, Protection of Sensitive Agency Information, June, 2006. FIPS Publications: FIPS PUB 199, Standards for Security Categorization of Federal Information and Information Systems FIPS PUB 200, Minimum Security Requirements for Federal Information and Information Systems FIPS PUB 201, Personal Identity Verification (PIV) of Federal Employees and Contractors NIST Publications: NIST 800-18 Revision 1 Guide for Developing Security Plans for Information Technology Systems NIST 800-30, Risk Management Guide for Information Technology Systems NIST 800-34, Contingency Planning Guide for Information Technology Systems NIST 800-37 Revision 1, Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach NIST 800-47, Security Guide for Interconnecting Information Technology Systems NIST 800-53 Revision 3, Recommended Security Controls for Federal Information Systems and Organizations NIST 800-53A Revision 1, Guide for Assessing the Security Controls in Federal Information System and Organizations NIST 800-60 Revision 1, Guide for Mapping Types of Information and Information Systems to Security NIST 800-63, Electronic Authentication Guideline: Recommendations of the National Institute of Standards and Technology NIST 800-64, Security Considerations in the Information System Development Life Cycle Company Sensitive and Proprietary 10

Recomendados

FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...
FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...
FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...James W. De Rienzo
 
WHY SOC Services needed?
WHY SOC Services needed?WHY SOC Services needed?
WHY SOC Services needed?manoharparakh
 
Enterprise Security Architecture Design
Enterprise Security Architecture DesignEnterprise Security Architecture Design
Enterprise Security Architecture DesignPriyanka Aash
 
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...Sounil Yu
 
Security-by-Design in Enterprise Architecture
Security-by-Design in Enterprise ArchitectureSecurity-by-Design in Enterprise Architecture
Security-by-Design in Enterprise ArchitectureThe Open Group SA
 
Cyber Security Needs and Challenges
Cyber Security Needs and ChallengesCyber Security Needs and Challenges
Cyber Security Needs and ChallengesHappiest Minds Technologies
 
Enterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityEnterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityThe Open Group SA
 
Active Directory in ICS: Lessons Learned From The Field
Active Directory in ICS: Lessons Learned From The FieldActive Directory in ICS: Lessons Learned From The Field
Active Directory in ICS: Lessons Learned From The FieldDigital Bond
 

Recomendados

FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...
FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...
FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...James W. De Rienzo
 
WHY SOC Services needed?
WHY SOC Services needed?WHY SOC Services needed?
WHY SOC Services needed?manoharparakh
 
Enterprise Security Architecture Design
Enterprise Security Architecture DesignEnterprise Security Architecture Design
Enterprise Security Architecture DesignPriyanka Aash
 
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...Sounil Yu
 
Security-by-Design in Enterprise Architecture
Security-by-Design in Enterprise ArchitectureSecurity-by-Design in Enterprise Architecture
Security-by-Design in Enterprise ArchitectureThe Open Group SA
 
Cyber Security Needs and Challenges
Cyber Security Needs and ChallengesCyber Security Needs and Challenges
Cyber Security Needs and ChallengesHappiest Minds Technologies
 
Enterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityEnterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityThe Open Group SA
 
Active Directory in ICS: Lessons Learned From The Field
Active Directory in ICS: Lessons Learned From The FieldActive Directory in ICS: Lessons Learned From The Field
Active Directory in ICS: Lessons Learned From The FieldDigital Bond
 
ISO 27001 In The Age Of Privacy
ISO 27001 In The Age Of PrivacyISO 27001 In The Age Of Privacy
ISO 27001 In The Age Of PrivacyControlCase
 
DISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETS
DISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETSDISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETS
DISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETSiQHub
 
ICS security
ICS securityICS security
ICS securityAhmed Shitta
 
The Board and Cyber Security
The Board and Cyber SecurityThe Board and Cyber Security
The Board and Cyber SecurityFireEye, Inc.
 
ISO 27001
ISO 27001ISO 27001
ISO 27001n|u - The Open Security Community
 
Modelling Security Architecture
Modelling Security ArchitectureModelling Security Architecture
Modelling Security Architecturenarenvivek
 
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdfMicrosoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdfParishSummer
 
SOC and SIEM.pptx
SOC and SIEM.pptxSOC and SIEM.pptx
SOC and SIEM.pptxSandeshUprety4
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation centerMuhammad Sahputra
 
How to Build a Winning Cybersecurity Team
How to Build a Winning Cybersecurity TeamHow to Build a Winning Cybersecurity Team
How to Build a Winning Cybersecurity TeamGlobal Knowledge Training
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesKrist Davood - Principal - CIO
 
Guide to Risk Management Framework (RMF)
Guide to Risk Management Framework (RMF)Guide to Risk Management Framework (RMF)
Guide to Risk Management Framework (RMF)MetroStar
 
Cyber security investments 2021
Cyber security investments 2021Cyber security investments 2021
Cyber security investments 2021Management Events
 
Build an Information Security Strategy
Build an Information Security StrategyBuild an Information Security Strategy
Build an Information Security StrategyAndrew Byers
 
Government and SOX Compliance for ERP Systems
Government and SOX Compliance for ERP SystemsGovernment and SOX Compliance for ERP Systems
Government and SOX Compliance for ERP SystemsDan Aldridge, ERP Software Evangelist, LION
 
How To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete DeckHow To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete DeckSlideTeam
 
AWS + Confluent: Better Together
AWS + Confluent: Better TogetherAWS + Confluent: Better Together
AWS + Confluent: Better Togetherconfluent
 
Network Security - Defense Through Layered Information Security
Network Security - Defense Through Layered Information SecurityNetwork Security - Defense Through Layered Information Security
Network Security - Defense Through Layered Information SecurityEryk Budi Pratama
 
What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance BOC Group
 
Training Information Asset Owners
Training Information Asset OwnersTraining Information Asset Owners
Training Information Asset OwnersTommy Vandepitte
 
VAL-210-Computer-Validati-Plan-sample.pdf
VAL-210-Computer-Validati-Plan-sample.pdfVAL-210-Computer-Validati-Plan-sample.pdf
VAL-210-Computer-Validati-Plan-sample.pdfSamehMostafa33
 
Jon shende fbcs citp q&a
Jon shende fbcs citp q&aJon shende fbcs citp q&a
Jon shende fbcs citp q&aPublicly traded global multi-billion services company
 

Mais conteúdo relacionado

Mais procurados

ISO 27001 In The Age Of Privacy
ISO 27001 In The Age Of PrivacyISO 27001 In The Age Of Privacy
ISO 27001 In The Age Of PrivacyControlCase
 
DISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETS
DISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETSDISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETS
DISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETSiQHub
 
The Board and Cyber Security
The Board and Cyber SecurityThe Board and Cyber Security
The Board and Cyber SecurityFireEye, Inc.
 
Modelling Security Architecture
Modelling Security ArchitectureModelling Security Architecture
Modelling Security Architecturenarenvivek
 
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdfMicrosoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdfParishSummer
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation centerMuhammad Sahputra
 
Guide to Risk Management Framework (RMF)
Guide to Risk Management Framework (RMF)Guide to Risk Management Framework (RMF)
Guide to Risk Management Framework (RMF)MetroStar
 
Cyber security investments 2021
Cyber security investments 2021Cyber security investments 2021
Cyber security investments 2021Management Events
 
Build an Information Security Strategy
Build an Information Security StrategyBuild an Information Security Strategy
Build an Information Security StrategyAndrew Byers
 
How To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete DeckHow To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete DeckSlideTeam
 
AWS + Confluent: Better Together
AWS + Confluent: Better TogetherAWS + Confluent: Better Together
AWS + Confluent: Better Togetherconfluent
 
Network Security - Defense Through Layered Information Security
Network Security - Defense Through Layered Information SecurityNetwork Security - Defense Through Layered Information Security
Network Security - Defense Through Layered Information SecurityEryk Budi Pratama
 
What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance BOC Group
 
Training Information Asset Owners
Training Information Asset OwnersTraining Information Asset Owners
Training Information Asset OwnersTommy Vandepitte
 

Mais procurados (20)

ISO 27001 In The Age Of Privacy
ISO 27001 In The Age Of PrivacyISO 27001 In The Age Of Privacy
ISO 27001 In The Age Of Privacy
 
DISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETS
DISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETSDISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETS
DISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETS
 
ICS security
ICS securityICS security
ICS security
 
The Board and Cyber Security
The Board and Cyber SecurityThe Board and Cyber Security
The Board and Cyber Security
 
ISO 27001
ISO 27001ISO 27001
ISO 27001
 
Modelling Security Architecture
Modelling Security ArchitectureModelling Security Architecture
Modelling Security Architecture
 
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdfMicrosoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
 
SOC and SIEM.pptx
SOC and SIEM.pptxSOC and SIEM.pptx
SOC and SIEM.pptx
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation center
 
How to Build a Winning Cybersecurity Team
How to Build a Winning Cybersecurity TeamHow to Build a Winning Cybersecurity Team
How to Build a Winning Cybersecurity Team
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
 
Guide to Risk Management Framework (RMF)
Guide to Risk Management Framework (RMF)Guide to Risk Management Framework (RMF)
Guide to Risk Management Framework (RMF)
 
Cyber security investments 2021
Cyber security investments 2021Cyber security investments 2021
Cyber security investments 2021
 
Build an Information Security Strategy
Build an Information Security StrategyBuild an Information Security Strategy
Build an Information Security Strategy
 
Government and SOX Compliance for ERP Systems
Government and SOX Compliance for ERP SystemsGovernment and SOX Compliance for ERP Systems
Government and SOX Compliance for ERP Systems
 
How To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete DeckHow To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete Deck
 
AWS + Confluent: Better Together
AWS + Confluent: Better TogetherAWS + Confluent: Better Together
AWS + Confluent: Better Together
 
Network Security - Defense Through Layered Information Security
Network Security - Defense Through Layered Information SecurityNetwork Security - Defense Through Layered Information Security
Network Security - Defense Through Layered Information Security
 
What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance
 
Training Information Asset Owners
Training Information Asset OwnersTraining Information Asset Owners
Training Information Asset Owners
 

Semelhante a Control Implementation Summary (CIS) Template

VAL-210-Computer-Validati-Plan-sample.pdf
VAL-210-Computer-Validati-Plan-sample.pdfVAL-210-Computer-Validati-Plan-sample.pdf
VAL-210-Computer-Validati-Plan-sample.pdfSamehMostafa33
 
Plan of Action and Milestones (POA&M)
Plan of Action and Milestones (POA&M)Plan of Action and Milestones (POA&M)
Plan of Action and Milestones (POA&M)GovCloud Network
 
System Center Configuration Manager 2012 Overview
System Center Configuration Manager 2012 OverviewSystem Center Configuration Manager 2012 Overview
System Center Configuration Manager 2012 OverviewAmit Gatenyo
 
Continuous Integration and Continuous Delivery on Azure
Continuous Integration and Continuous Delivery on AzureContinuous Integration and Continuous Delivery on Azure
Continuous Integration and Continuous Delivery on AzureCitiusTech
 
Microsoft Server and Cloud Enrollment - Program Guide
Microsoft Server and Cloud Enrollment - Program GuideMicrosoft Server and Cloud Enrollment - Program Guide
Microsoft Server and Cloud Enrollment - Program GuidePavan Verma
 
Tideway Foundation 7.2 Cmdb Population
Tideway Foundation 7.2 Cmdb PopulationTideway Foundation 7.2 Cmdb Population
Tideway Foundation 7.2 Cmdb PopulationPeter Grant
 
0828 Windows Server 2008 新安全功能探討
0828 Windows Server 2008 新安全功能探討0828 Windows Server 2008 新安全功能探討
0828 Windows Server 2008 新安全功能探討Timothy Chen
 
Software Requirements
Software RequirementsSoftware Requirements
Software RequirementsBala Ganesh
 
Webinar: How to Ace Your SaaS-based EDC System Validation for Sponsors and CROs
Webinar: How to Ace Your SaaS-based EDC System Validation for Sponsors and CROsWebinar: How to Ace Your SaaS-based EDC System Validation for Sponsors and CROs
Webinar: How to Ace Your SaaS-based EDC System Validation for Sponsors and CROsStatistics & Data Corporation
 
Sccm 2012
Sccm 2012Sccm 2012
Sccm 2012ebuc
 
PSI Pharmaway 1.0
PSI Pharmaway 1.0PSI Pharmaway 1.0
PSI Pharmaway 1.0Dash Way
 
DFARS CMMC SPRS NIST 800-171 Explainer.pdf
DFARS CMMC SPRS NIST 800-171 Explainer.pdfDFARS CMMC SPRS NIST 800-171 Explainer.pdf
DFARS CMMC SPRS NIST 800-171 Explainer.pdfControlCase
 
Modern Security and Compliance Through Automation | AWS Public Sector Summit ...
Modern Security and Compliance Through Automation | AWS Public Sector Summit ...Modern Security and Compliance Through Automation | AWS Public Sector Summit ...
Modern Security and Compliance Through Automation | AWS Public Sector Summit ...Amazon Web Services
 
Update CMDB Using Discovery Topology (BMC ADDM)
Update CMDB Using Discovery Topology (BMC ADDM) Update CMDB Using Discovery Topology (BMC ADDM)
Update CMDB Using Discovery Topology (BMC ADDM) Vyom Labs
 
Pivotal Cloud Foundry 2.4: A First Look
Pivotal Cloud Foundry 2.4: A First LookPivotal Cloud Foundry 2.4: A First Look
Pivotal Cloud Foundry 2.4: A First LookVMware Tanzu
 
System Center Operations Manager 2012 Overview
System Center Operations Manager 2012 OverviewSystem Center Operations Manager 2012 Overview
System Center Operations Manager 2012 OverviewAmit Gatenyo
 

Semelhante a Control Implementation Summary (CIS) Template (20)

VAL-210-Computer-Validati-Plan-sample.pdf
VAL-210-Computer-Validati-Plan-sample.pdfVAL-210-Computer-Validati-Plan-sample.pdf
VAL-210-Computer-Validati-Plan-sample.pdf
 
Jon shende fbcs citp q&a
Jon shende fbcs citp q&aJon shende fbcs citp q&a
Jon shende fbcs citp q&a
 
Plan of Action and Milestones (POA&M)
Plan of Action and Milestones (POA&M)Plan of Action and Milestones (POA&M)
Plan of Action and Milestones (POA&M)
 
System Center Configuration Manager 2012 Overview
System Center Configuration Manager 2012 OverviewSystem Center Configuration Manager 2012 Overview
System Center Configuration Manager 2012 Overview
 
Continuous Integration and Continuous Delivery on Azure
Continuous Integration and Continuous Delivery on AzureContinuous Integration and Continuous Delivery on Azure
Continuous Integration and Continuous Delivery on Azure
 
Microsoft Server and Cloud Enrollment - Program Guide
Microsoft Server and Cloud Enrollment - Program GuideMicrosoft Server and Cloud Enrollment - Program Guide
Microsoft Server and Cloud Enrollment - Program Guide
 
Tideway Foundation 7.2 Cmdb Population
Tideway Foundation 7.2 Cmdb PopulationTideway Foundation 7.2 Cmdb Population
Tideway Foundation 7.2 Cmdb Population
 
0828 Windows Server 2008 新安全功能探討
0828 Windows Server 2008 新安全功能探討0828 Windows Server 2008 新安全功能探討
0828 Windows Server 2008 新安全功能探討
 
Saas security
Saas securitySaas security
Saas security
 
Software Requirements
Software RequirementsSoftware Requirements
Software Requirements
 
Webinar: How to Ace Your SaaS-based EDC System Validation for Sponsors and CROs
Webinar: How to Ace Your SaaS-based EDC System Validation for Sponsors and CROsWebinar: How to Ace Your SaaS-based EDC System Validation for Sponsors and CROs
Webinar: How to Ace Your SaaS-based EDC System Validation for Sponsors and CROs
 
Yongsan presentation 3
Yongsan presentation 3Yongsan presentation 3
Yongsan presentation 3
 
Sccm 2012
Sccm 2012Sccm 2012
Sccm 2012
 
PSI Pharmaway 1.0
PSI Pharmaway 1.0PSI Pharmaway 1.0
PSI Pharmaway 1.0
 
DFARS CMMC SPRS NIST 800-171 Explainer.pdf
DFARS CMMC SPRS NIST 800-171 Explainer.pdfDFARS CMMC SPRS NIST 800-171 Explainer.pdf
DFARS CMMC SPRS NIST 800-171 Explainer.pdf
 
Modern Security and Compliance Through Automation | AWS Public Sector Summit ...
Modern Security and Compliance Through Automation | AWS Public Sector Summit ...Modern Security and Compliance Through Automation | AWS Public Sector Summit ...
Modern Security and Compliance Through Automation | AWS Public Sector Summit ...
 
Update CMDB Using Discovery Topology (BMC ADDM)
Update CMDB Using Discovery Topology (BMC ADDM) Update CMDB Using Discovery Topology (BMC ADDM)
Update CMDB Using Discovery Topology (BMC ADDM)
 
Pivotal Cloud Foundry 2.4: A First Look
Pivotal Cloud Foundry 2.4: A First LookPivotal Cloud Foundry 2.4: A First Look
Pivotal Cloud Foundry 2.4: A First Look
 
Shirish Sonawane_CV
Shirish Sonawane_CVShirish Sonawane_CV
Shirish Sonawane_CV
 
System Center Operations Manager 2012 Overview
System Center Operations Manager 2012 OverviewSystem Center Operations Manager 2012 Overview
System Center Operations Manager 2012 Overview
 

Mais de GovCloud Network

IaaS Price performance-benchmark
IaaS Price performance-benchmarkIaaS Price performance-benchmark
IaaS Price performance-benchmarkGovCloud Network
 
Cloud computing training what's right for me
Cloud computing training what's right for meCloud computing training what's right for me
Cloud computing training what's right for meGovCloud Network
 
ViON Corporation: Surviving IT Change
ViON Corporation: Surviving IT ChangeViON Corporation: Surviving IT Change
ViON Corporation: Surviving IT ChangeGovCloud Network
 
Staying Safe in Cyberspace
Staying Safe in CyberspaceStaying Safe in Cyberspace
Staying Safe in CyberspaceGovCloud Network
 
Vets 360 Services - Military Dedication - Corporate Success
Vets 360 Services - Military Dedication - Corporate SuccessVets 360 Services - Military Dedication - Corporate Success
Vets 360 Services - Military Dedication - Corporate SuccessGovCloud Network
 
GovCloud Network LLC Overview - June 25, 2014
GovCloud Network LLC Overview - June 25, 2014GovCloud Network LLC Overview - June 25, 2014
GovCloud Network LLC Overview - June 25, 2014GovCloud Network
 
Army PEO EIS Cloud Architecture
Army PEO EIS Cloud Architecture Army PEO EIS Cloud Architecture
Army PEO EIS Cloud Architecture GovCloud Network
 
ICH Agile Cloud Session 1-Highlights /Prospective Svc Offerings Kevin Jackson
ICH Agile Cloud Session 1-Highlights /Prospective Svc Offerings Kevin JacksonICH Agile Cloud Session 1-Highlights /Prospective Svc Offerings Kevin Jackson
ICH Agile Cloud Session 1-Highlights /Prospective Svc Offerings Kevin JacksonGovCloud Network
 
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSA
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSAImproving Cybersecurity and Resilience Through Acquisition Emile Monette GSA
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSAGovCloud Network
 
@AgileCLoud_ICH Presentation - 20140521 US Navy OPNAV - Capt Christopher Page
@AgileCLoud_ICH Presentation - 20140521 US Navy OPNAV - Capt Christopher Page@AgileCLoud_ICH Presentation - 20140521 US Navy OPNAV - Capt Christopher Page
@AgileCLoud_ICH Presentation - 20140521 US Navy OPNAV - Capt Christopher PageGovCloud Network
 
Agile Cloud Conference 2 Introduction - John Brennan
Agile Cloud Conference 2 Introduction - John BrennanAgile Cloud Conference 2 Introduction - John Brennan
Agile Cloud Conference 2 Introduction - John BrennanGovCloud Network
 
DoD Business Capability Lifecycle (BCL) Guide (Draft)
DoD Business Capability Lifecycle (BCL) Guide (Draft)DoD Business Capability Lifecycle (BCL) Guide (Draft)
DoD Business Capability Lifecycle (BCL) Guide (Draft)GovCloud Network
 
GovCloud Network Overview Presentation
GovCloud Network Overview PresentationGovCloud Network Overview Presentation
GovCloud Network Overview PresentationGovCloud Network
 
PM ISE Information Interoperability Presentation -agile sourcing brief
PM ISE Information Interoperability Presentation -agile sourcing briefPM ISE Information Interoperability Presentation -agile sourcing brief
PM ISE Information Interoperability Presentation -agile sourcing briefGovCloud Network
 
Intrusion Detection on Public IaaS - Kevin L. Jackson
Intrusion Detection on Public IaaS - Kevin L. JacksonIntrusion Detection on Public IaaS - Kevin L. Jackson
Intrusion Detection on Public IaaS - Kevin L. JacksonGovCloud Network
 
A Framework for Cloud Computing Adoption in South African Government
A Framework for Cloud Computing Adoption in South African GovernmentA Framework for Cloud Computing Adoption in South African Government
A Framework for Cloud Computing Adoption in South African GovernmentGovCloud Network
 
NCOIC GCC OWS-10 presentation 10 7 2013
NCOIC GCC OWS-10 presentation 10 7 2013NCOIC GCC OWS-10 presentation 10 7 2013
NCOIC GCC OWS-10 presentation 10 7 2013GovCloud Network
 
Tech gate kevin l jackson - 09-21-2013
Tech gate kevin l jackson - 09-21-2013Tech gate kevin l jackson - 09-21-2013
Tech gate kevin l jackson - 09-21-2013GovCloud Network
 
Paving the Way to the Cloud: Cloud Services Brokerage for Highly Secure, Dem...
Paving the Way to the Cloud: Cloud Services Brokerage for Highly Secure, Dem...Paving the Way to the Cloud: Cloud Services Brokerage for Highly Secure, Dem...
Paving the Way to the Cloud: Cloud Services Brokerage for Highly Secure, Dem...GovCloud Network
 
Government cloud deployment lessons learned final (4 4 2013)
Government cloud deployment lessons learned final (4 4 2013)Government cloud deployment lessons learned final (4 4 2013)
Government cloud deployment lessons learned final (4 4 2013)GovCloud Network
 

Mais de GovCloud Network (20)

IaaS Price performance-benchmark
IaaS Price performance-benchmarkIaaS Price performance-benchmark
IaaS Price performance-benchmark
 
Cloud computing training what's right for me
Cloud computing training what's right for meCloud computing training what's right for me
Cloud computing training what's right for me
 
ViON Corporation: Surviving IT Change
ViON Corporation: Surviving IT ChangeViON Corporation: Surviving IT Change
ViON Corporation: Surviving IT Change
 
Staying Safe in Cyberspace
Staying Safe in CyberspaceStaying Safe in Cyberspace
Staying Safe in Cyberspace
 
Vets 360 Services - Military Dedication - Corporate Success
Vets 360 Services - Military Dedication - Corporate SuccessVets 360 Services - Military Dedication - Corporate Success
Vets 360 Services - Military Dedication - Corporate Success
 
GovCloud Network LLC Overview - June 25, 2014
GovCloud Network LLC Overview - June 25, 2014GovCloud Network LLC Overview - June 25, 2014
GovCloud Network LLC Overview - June 25, 2014
 
Army PEO EIS Cloud Architecture
Army PEO EIS Cloud Architecture Army PEO EIS Cloud Architecture
Army PEO EIS Cloud Architecture
 
ICH Agile Cloud Session 1-Highlights /Prospective Svc Offerings Kevin Jackson
ICH Agile Cloud Session 1-Highlights /Prospective Svc Offerings Kevin JacksonICH Agile Cloud Session 1-Highlights /Prospective Svc Offerings Kevin Jackson
ICH Agile Cloud Session 1-Highlights /Prospective Svc Offerings Kevin Jackson
 
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSA
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSAImproving Cybersecurity and Resilience Through Acquisition Emile Monette GSA
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSA
 
@AgileCLoud_ICH Presentation - 20140521 US Navy OPNAV - Capt Christopher Page
@AgileCLoud_ICH Presentation - 20140521 US Navy OPNAV - Capt Christopher Page@AgileCLoud_ICH Presentation - 20140521 US Navy OPNAV - Capt Christopher Page
@AgileCLoud_ICH Presentation - 20140521 US Navy OPNAV - Capt Christopher Page
 
Agile Cloud Conference 2 Introduction - John Brennan
Agile Cloud Conference 2 Introduction - John BrennanAgile Cloud Conference 2 Introduction - John Brennan
Agile Cloud Conference 2 Introduction - John Brennan
 
DoD Business Capability Lifecycle (BCL) Guide (Draft)
DoD Business Capability Lifecycle (BCL) Guide (Draft)DoD Business Capability Lifecycle (BCL) Guide (Draft)
DoD Business Capability Lifecycle (BCL) Guide (Draft)
 
GovCloud Network Overview Presentation
GovCloud Network Overview PresentationGovCloud Network Overview Presentation
GovCloud Network Overview Presentation
 
PM ISE Information Interoperability Presentation -agile sourcing brief
PM ISE Information Interoperability Presentation -agile sourcing briefPM ISE Information Interoperability Presentation -agile sourcing brief
PM ISE Information Interoperability Presentation -agile sourcing brief
 
Intrusion Detection on Public IaaS - Kevin L. Jackson
Intrusion Detection on Public IaaS - Kevin L. JacksonIntrusion Detection on Public IaaS - Kevin L. Jackson
Intrusion Detection on Public IaaS - Kevin L. Jackson
 
A Framework for Cloud Computing Adoption in South African Government
A Framework for Cloud Computing Adoption in South African GovernmentA Framework for Cloud Computing Adoption in South African Government
A Framework for Cloud Computing Adoption in South African Government
 
NCOIC GCC OWS-10 presentation 10 7 2013
NCOIC GCC OWS-10 presentation 10 7 2013NCOIC GCC OWS-10 presentation 10 7 2013
NCOIC GCC OWS-10 presentation 10 7 2013
 
Tech gate kevin l jackson - 09-21-2013
Tech gate kevin l jackson - 09-21-2013Tech gate kevin l jackson - 09-21-2013
Tech gate kevin l jackson - 09-21-2013
 
Paving the Way to the Cloud: Cloud Services Brokerage for Highly Secure, Dem...
Paving the Way to the Cloud: Cloud Services Brokerage for Highly Secure, Dem...Paving the Way to the Cloud: Cloud Services Brokerage for Highly Secure, Dem...
Paving the Way to the Cloud: Cloud Services Brokerage for Highly Secure, Dem...
 
Government cloud deployment lessons learned final (4 4 2013)
Government cloud deployment lessons learned final (4 4 2013)Government cloud deployment lessons learned final (4 4 2013)
Government cloud deployment lessons learned final (4 4 2013)
 

Último

Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024The Digital Insurer
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024SynarionITSolutions
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 

Último (20)

Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 

Control Implementation Summary (CIS) Template

  • 1. Control Implementation Summary (CIS) Template <Information System Name>, <Date> Control Implementation Summary (CIS) Template <Vendor Name> <Information System Name> <Sensitivity Level> Version 1.0 May 2, 2012 Company Sensitive and Proprietary For Authorized Use Only
  • 2. FedRAMP Control Implementation Summary (CIS) Template <Information System Name>, <Date>, <Version> Table of Contents ABOUT THIS DOCUMENT................................................................................................................. 4 Who should use this document? ..................................................................................................... 4 Conventions used in this document ................................................................................................ 4 How to contact us............................................................................................................................ 5 1. INTRODUCTION....................................................................................................................... 6 1.1. Purpose............................................................................................................................... 6 1.2. Scope .................................................................................................................................. 6 1.3. System Description ............................................................................................................. 6 2. CONTROL IMPLEMENTATION RESULTS .................................................................................. 7 APPENDIX A. ACRONYMS............................................................................................................... 9 APPENDIX B. REFERENCES ........................................................................................................... 10 Company Sensitive and Proprietary 2
  • 3. FedRAMP Control Implementation Summary (CIS) Template <Information System Name>, <Date>, <Version> Document Revision History Date Description Version Author 05/02/2012 Document Publication 1.0 FedRAMP Office Company Sensitive and Proprietary3
  • 4. FedRAMP Control Implementation Summary (CIS) Template <Information System Name>, <Date>, <Version> ABOUTTHIS DOCUMENT This document is released in template format. Once populated with content, this document will include detailed information about service provider information security controls. Who should use this document? This document is intended to be used by Cloud Service Providers (CSPs) who are applying for an Authorization to Operate (ATO) through the U.S. federal government FedRAMP program. This template provides a sample format for preparing the Control Implementation Summary (CIS) Report for the CSP information system. The CSP may modify the format as necessary to comply with its internal policies and Federal Risk and Authorization Management Program (FedRAMP) requirements. Conventions used in this document This document uses the following typographical conventions: Italic Italics are used for email addresses, security control assignments parameters, and formal document names. Italic blue in a box Italic blue text in a blue box indicates instructions to the individual filling out the template. Instruction: This is an instruction to the individual filling out of the template. Bold Bold text indicates a parameter or an additional requirement. Constant width Constant width text is used for text that is representative of characters that would show up on a computer screen. <Brackets> Bold blue text brackets indicate a user defined variable or word that should be replaced with a specific name. Once replaced, the brackets should be removed. Notes Notes are found between parallel lines and include additional information that may be helpful to the users of this template. Company Sensitive and Proprietary 4
  • 5. FedRAMP Control Implementation Summary (CIS) Template <Information System Name>, <Date>, <Version> Note: This is a note. Sans Serif Sans Serif text is used for tables, table captions, figure captions, and table of contents. Sans Serif Gray Sans Serif gray text is used for examples. How to contact us If you have questions about something in this document, or how to fill it out, please write to: info@fedramp.gov For more information about the FedRAMP project, please see the website at: http://www.fedramp.gov Company Sensitive and Proprietary 5
  • 6. FedRAMP Control Implementation Summary (CIS) Template <Information System Name>, <Date>, <Version> 1. INTRODUCTION The Control Implementation Summary (CIS) report is a key document in the security authorization package developed for submission to the Federal Risk and Authorization Management Program(FedRAMP) authorizing officials. The CIS report includes control implementation responsibility and implementation status of the FedRAMP security controls. CIS along with the Control Tailoring Workbook (CTW) and FIPS-199 Security Categorization should be submitted and approved by FedRAMP JAB before submitting the System Security Plan (SSP). 1.1. Purpose The purpose of the Control Implementation Summary (CIS) is to delineate the control responsibilities of CSPs and customer agencies. In addition, the CIS provides a summary of all required controls and enhancements across the system. CSPs are requested to coordinate with their assigned FedRAMP ISSO to ensure the CIS is appropriately formatted to reflect status and control origination responsibilities. 1.2. Scope The scope of the CIS template includes a description of all management, operational, and technical FedRAMP security controls that will be documented in the security plan(SP) at the determined impact level (Moderate or Low) by the CSP. 1.3. System Description The <Information System Name>system has been determined to have a security categorization of <Moderate/Low>. Instruction: Insert a brief high-level description of the system, business or purpose and system environment. Ensure this section is continuously updated with the latest description from the System Security Plan (SSP). Company Sensitive and Proprietary 6
  • 7. FedRAMP Control Implementation Summary (CIS) Template <Information System Name>, <Date>, <Version> 2. CONTROL IMPLEMENTATION RESULTS Columns in the embedded Control Implementation Summary (CIS) spreadsheet are defined according to the definitions found in the table that follows. Control Origination Definition Example Service Provider A control that originates from the CSP DNS from the corporate network Corporate corporate network. provides address resolution services for the information system and the service offering. Service Provider System A control specific to a particular system A unique host based intrusion Specific at the CSP and the control is not part of detection system (HIDs) is available the service provider corporate controls. on the service offering platform but is not available on the corporate network. Service Provider Hybrid A control that makes use of both Scans of the corporate network corporate controls and additional infrastructure; scans of databases controls specific to a particular system and web based application are at the CSP. system specific. Configured by Customer A control where the customer needs to User profiles, policy/audit apply a configuration in order to meet configurations, enabling/disabling the control requirement. key switches (e.g., enable/disable http or https, etc.), entering an IP range specific to their organization are configurable by the customer. Provided by Customer A control where the customer needs to The customer provides a SAML SSO provide additional hardware or solution to implement two-factor software in order to meet the control authentication. requirement. Shared A control that is managed and Security awareness training must be implemented partially by the CSP and conducted by both the CSP and the partially by the customer. customer. Inherited from pre- A control that is inherited from another A PaaS or SaaS provider inherits PE existing Provisional CSP system that has already received a controls from an IaaS provider. Authorization Provisional Authorization. Company Sensitive and Proprietary 7
  • 8. FedRAMP Control Implementation Summary (CIS) Template <Information System Name>, <Date>, <Version> Instruction: The CSP shouldindicate the control implementation status and control implementation origination of each of the controls identified in the CIS workbook by providing a checkmark in the appropriate cell. For the controls and enhancements identified as being a shared control, the CSP should explain the customer configuration and/or implementation responsibility in the “Customer Responsibility Matrix” which is on the second sheet in the workbook. The CIS should be entirely consistent with the Control Summary Information tables found in the System Security Plan. Embedded CIS Spreadsheet (Click to open): CIS_041612.xlsx Company Sensitive and Proprietary 8
  • 9. FedRAMP Control Implementation Summary (CIS) Template <Information System Name>, <Date>, <Version> APPENDIX A. ACRONYMS Instruction: Update the acronyms based on the acronyms used in this document. AC Authentication Category AP Assurance Profile API Application Programming Interface ATO Authorization to Operate C&A Certification & Accreditation COTS Commercial Off the Shelf AO Authorizing Official FedRAMP Federal Risk and Authorization Management Program FIPS PUB Federal Information Processing Standard Publication FISMA Federal Information Security Management Act GSS General Support System IaaS Infrastructure as a Service (Model) IATO Interim Authorization to Operate ID Identification IT Information Technology LAN Local Area Network NIST National Institute of Standards and Technology OMB Office of Management and Budget PIA Privacy Impact Assessment POA&M Plan of Action and Milestones POC Point of Contact RA Risk Assessment Rev. Revision SA Security Assessment SAR Security Assessment Report SDLC System Development Life Cycle SP Special Publication SSP System Security Plan VLAN Virtual Local Area Network Company Sensitive and Proprietary 9
  • 10. FedRAMP Control Implementation Summary (CIS) Template <Information System Name>, <Date>, <Version> APPENDIX B. REFERENCES Laws and Regulations: Federal Information Security Management Act of 2002, Title III – Information Security, P.L. 107-347. Consolidated Appropriations Act of 2005, Section 522. USA PATRIOT Act (P.L. 107-56), October 2001. OMB Circulars: OMB Circular A-130, Management of Federal Information Resources, November 2000. OMB Memorandum M-05-24, Implementation of Homeland Security Presidential Directive (HSPD) 12—Policy for a Common Identification Standard for Federal Employees and Contractors, August 2005. OMB Memorandum M-06-16, Protection of Sensitive Agency Information, June, 2006. FIPS Publications: FIPS PUB 199, Standards for Security Categorization of Federal Information and Information Systems FIPS PUB 200, Minimum Security Requirements for Federal Information and Information Systems FIPS PUB 201, Personal Identity Verification (PIV) of Federal Employees and Contractors NIST Publications: NIST 800-18 Revision 1 Guide for Developing Security Plans for Information Technology Systems NIST 800-30, Risk Management Guide for Information Technology Systems NIST 800-34, Contingency Planning Guide for Information Technology Systems NIST 800-37 Revision 1, Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach NIST 800-47, Security Guide for Interconnecting Information Technology Systems NIST 800-53 Revision 3, Recommended Security Controls for Federal Information Systems and Organizations NIST 800-53A Revision 1, Guide for Assessing the Security Controls in Federal Information System and Organizations NIST 800-60 Revision 1, Guide for Mapping Types of Information and Information Systems to Security NIST 800-63, Electronic Authentication Guideline: Recommendations of the National Institute of Standards and Technology NIST 800-64, Security Considerations in the Information System Development Life Cycle Company Sensitive and Proprietary 10