SlideShare a Scribd company logo

Control Implementation Summary (CIS) Template

Download as DOCX, PDF
GovCloud Network
GovCloud Network

This template provides a sample format for preparing the Control Implementation Summary (CIS) Report for the CSP information system. The CSP may modify the format as necessary to comply with its internal policies and Federal Risk and Authorization Management Program (FedRAMP) requirements.

Technology
1 of 10
Control Implementation Summary (CIS) Template <Information System Name>, <Date> Control Implementation Summary (CIS) Template <Vendor Name> <Information System Name> <Sensitivity Level> Version 1.0 May 2, 2012 Company Sensitive and Proprietary For Authorized Use Only
FedRAMP Control Implementation Summary (CIS) Template <Information System Name>, <Date>, <Version> Table of Contents ABOUT THIS DOCUMENT................................................................................................................. 4 Who should use this document? ..................................................................................................... 4 Conventions used in this document ................................................................................................ 4 How to contact us............................................................................................................................ 5 1. INTRODUCTION....................................................................................................................... 6 1.1. Purpose............................................................................................................................... 6 1.2. Scope .................................................................................................................................. 6 1.3. System Description ............................................................................................................. 6 2. CONTROL IMPLEMENTATION RESULTS .................................................................................. 7 APPENDIX A. ACRONYMS............................................................................................................... 9 APPENDIX B. REFERENCES ........................................................................................................... 10 Company Sensitive and Proprietary 2
FedRAMP Control Implementation Summary (CIS) Template <Information System Name>, <Date>, <Version> Document Revision History Date Description Version Author 05/02/2012 Document Publication 1.0 FedRAMP Office Company Sensitive and Proprietary3
FedRAMP Control Implementation Summary (CIS) Template <Information System Name>, <Date>, <Version> ABOUTTHIS DOCUMENT This document is released in template format. Once populated with content, this document will include detailed information about service provider information security controls. Who should use this document? This document is intended to be used by Cloud Service Providers (CSPs) who are applying for an Authorization to Operate (ATO) through the U.S. federal government FedRAMP program. This template provides a sample format for preparing the Control Implementation Summary (CIS) Report for the CSP information system. The CSP may modify the format as necessary to comply with its internal policies and Federal Risk and Authorization Management Program (FedRAMP) requirements. Conventions used in this document This document uses the following typographical conventions: Italic Italics are used for email addresses, security control assignments parameters, and formal document names. Italic blue in a box Italic blue text in a blue box indicates instructions to the individual filling out the template. Instruction: This is an instruction to the individual filling out of the template. Bold Bold text indicates a parameter or an additional requirement. Constant width Constant width text is used for text that is representative of characters that would show up on a computer screen. <Brackets> Bold blue text brackets indicate a user defined variable or word that should be replaced with a specific name. Once replaced, the brackets should be removed. Notes Notes are found between parallel lines and include additional information that may be helpful to the users of this template. Company Sensitive and Proprietary 4
FedRAMP Control Implementation Summary (CIS) Template <Information System Name>, <Date>, <Version> Note: This is a note. Sans Serif Sans Serif text is used for tables, table captions, figure captions, and table of contents. Sans Serif Gray Sans Serif gray text is used for examples. How to contact us If you have questions about something in this document, or how to fill it out, please write to: info@fedramp.gov For more information about the FedRAMP project, please see the website at: http://www.fedramp.gov Company Sensitive and Proprietary 5
FedRAMP Control Implementation Summary (CIS) Template <Information System Name>, <Date>, <Version> 1. INTRODUCTION The Control Implementation Summary (CIS) report is a key document in the security authorization package developed for submission to the Federal Risk and Authorization Management Program(FedRAMP) authorizing officials. The CIS report includes control implementation responsibility and implementation status of the FedRAMP security controls. CIS along with the Control Tailoring Workbook (CTW) and FIPS-199 Security Categorization should be submitted and approved by FedRAMP JAB before submitting the System Security Plan (SSP). 1.1. Purpose The purpose of the Control Implementation Summary (CIS) is to delineate the control responsibilities of CSPs and customer agencies. In addition, the CIS provides a summary of all required controls and enhancements across the system. CSPs are requested to coordinate with their assigned FedRAMP ISSO to ensure the CIS is appropriately formatted to reflect status and control origination responsibilities. 1.2. Scope The scope of the CIS template includes a description of all management, operational, and technical FedRAMP security controls that will be documented in the security plan(SP) at the determined impact level (Moderate or Low) by the CSP. 1.3. System Description The <Information System Name>system has been determined to have a security categorization of <Moderate/Low>. Instruction: Insert a brief high-level description of the system, business or purpose and system environment. Ensure this section is continuously updated with the latest description from the System Security Plan (SSP). Company Sensitive and Proprietary 6
FedRAMP Control Implementation Summary (CIS) Template <Information System Name>, <Date>, <Version> 2. CONTROL IMPLEMENTATION RESULTS Columns in the embedded Control Implementation Summary (CIS) spreadsheet are defined according to the definitions found in the table that follows. Control Origination Definition Example Service Provider A control that originates from the CSP DNS from the corporate network Corporate corporate network. provides address resolution services for the information system and the service offering. Service Provider System A control specific to a particular system A unique host based intrusion Specific at the CSP and the control is not part of detection system (HIDs) is available the service provider corporate controls. on the service offering platform but is not available on the corporate network. Service Provider Hybrid A control that makes use of both Scans of the corporate network corporate controls and additional infrastructure; scans of databases controls specific to a particular system and web based application are at the CSP. system specific. Configured by Customer A control where the customer needs to User profiles, policy/audit apply a configuration in order to meet configurations, enabling/disabling the control requirement. key switches (e.g., enable/disable http or https, etc.), entering an IP range specific to their organization are configurable by the customer. Provided by Customer A control where the customer needs to The customer provides a SAML SSO provide additional hardware or solution to implement two-factor software in order to meet the control authentication. requirement. Shared A control that is managed and Security awareness training must be implemented partially by the CSP and conducted by both the CSP and the partially by the customer. customer. Inherited from pre- A control that is inherited from another A PaaS or SaaS provider inherits PE existing Provisional CSP system that has already received a controls from an IaaS provider. Authorization Provisional Authorization. Company Sensitive and Proprietary 7
FedRAMP Control Implementation Summary (CIS) Template <Information System Name>, <Date>, <Version> Instruction: The CSP shouldindicate the control implementation status and control implementation origination of each of the controls identified in the CIS workbook by providing a checkmark in the appropriate cell. For the controls and enhancements identified as being a shared control, the CSP should explain the customer configuration and/or implementation responsibility in the “Customer Responsibility Matrix” which is on the second sheet in the workbook. The CIS should be entirely consistent with the Control Summary Information tables found in the System Security Plan. Embedded CIS Spreadsheet (Click to open): CIS_041612.xlsx Company Sensitive and Proprietary 8
FedRAMP Control Implementation Summary (CIS) Template <Information System Name>, <Date>, <Version> APPENDIX A. ACRONYMS Instruction: Update the acronyms based on the acronyms used in this document. AC Authentication Category AP Assurance Profile API Application Programming Interface ATO Authorization to Operate C&A Certification & Accreditation COTS Commercial Off the Shelf AO Authorizing Official FedRAMP Federal Risk and Authorization Management Program FIPS PUB Federal Information Processing Standard Publication FISMA Federal Information Security Management Act GSS General Support System IaaS Infrastructure as a Service (Model) IATO Interim Authorization to Operate ID Identification IT Information Technology LAN Local Area Network NIST National Institute of Standards and Technology OMB Office of Management and Budget PIA Privacy Impact Assessment POA&M Plan of Action and Milestones POC Point of Contact RA Risk Assessment Rev. Revision SA Security Assessment SAR Security Assessment Report SDLC System Development Life Cycle SP Special Publication SSP System Security Plan VLAN Virtual Local Area Network Company Sensitive and Proprietary 9
FedRAMP Control Implementation Summary (CIS) Template <Information System Name>, <Date>, <Version> APPENDIX B. REFERENCES Laws and Regulations: Federal Information Security Management Act of 2002, Title III – Information Security, P.L. 107-347. Consolidated Appropriations Act of 2005, Section 522. USA PATRIOT Act (P.L. 107-56), October 2001. OMB Circulars: OMB Circular A-130, Management of Federal Information Resources, November 2000. OMB Memorandum M-05-24, Implementation of Homeland Security Presidential Directive (HSPD) 12—Policy for a Common Identification Standard for Federal Employees and Contractors, August 2005. OMB Memorandum M-06-16, Protection of Sensitive Agency Information, June, 2006. FIPS Publications: FIPS PUB 199, Standards for Security Categorization of Federal Information and Information Systems FIPS PUB 200, Minimum Security Requirements for Federal Information and Information Systems FIPS PUB 201, Personal Identity Verification (PIV) of Federal Employees and Contractors NIST Publications: NIST 800-18 Revision 1 Guide for Developing Security Plans for Information Technology Systems NIST 800-30, Risk Management Guide for Information Technology Systems NIST 800-34, Contingency Planning Guide for Information Technology Systems NIST 800-37 Revision 1, Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach NIST 800-47, Security Guide for Interconnecting Information Technology Systems NIST 800-53 Revision 3, Recommended Security Controls for Federal Information Systems and Organizations NIST 800-53A Revision 1, Guide for Assessing the Security Controls in Federal Information System and Organizations NIST 800-60 Revision 1, Guide for Mapping Types of Information and Information Systems to Security NIST 800-63, Electronic Authentication Guideline: Recommendations of the National Institute of Standards and Technology NIST 800-64, Security Considerations in the Information System Development Life Cycle Company Sensitive and Proprietary 10

Recommended

Building active directory lab for red teaming
Building active directory lab for red teamingBuilding active directory lab for red teaming
Building active directory lab for red teamingn|u - The Open Security Community
 
Clustering, Server setup and Hybrid deployment setup using Anypoint Runtime M...
Clustering, Server setup and Hybrid deployment setup using Anypoint Runtime M...Clustering, Server setup and Hybrid deployment setup using Anypoint Runtime M...
Clustering, Server setup and Hybrid deployment setup using Anypoint Runtime M...Manish Kumar Yadav
 
Cyber Security Maturity Assessment
Cyber Security Maturity Assessment Cyber Security Maturity Assessment
Cyber Security Maturity AssessmentDoreen Loeber
 
MITRE ATT&CK Framework
MITRE ATT&CK FrameworkMITRE ATT&CK Framework
MITRE ATT&CK Frameworkn|u - The Open Security Community
 
Deep dive into ssrf
Deep dive into ssrfDeep dive into ssrf
Deep dive into ssrfn|u - The Open Security Community
 
MITRE ATT&CK framework
MITRE ATT&CK frameworkMITRE ATT&CK framework
MITRE ATT&CK frameworkBhushan Gurav
 
Building Active Directory Monitoring with Telegraf, InfluxDB, and Grafana
Building Active Directory Monitoring with Telegraf, InfluxDB, and GrafanaBuilding Active Directory Monitoring with Telegraf, InfluxDB, and Grafana
Building Active Directory Monitoring with Telegraf, InfluxDB, and GrafanaBoni Yeamin
 
Netcat
NetcatNetcat
Netcatpenetration Tester
 

Recommended

Building active directory lab for red teaming
Building active directory lab for red teamingBuilding active directory lab for red teaming
Building active directory lab for red teamingn|u - The Open Security Community
 
Clustering, Server setup and Hybrid deployment setup using Anypoint Runtime M...
Clustering, Server setup and Hybrid deployment setup using Anypoint Runtime M...Clustering, Server setup and Hybrid deployment setup using Anypoint Runtime M...
Clustering, Server setup and Hybrid deployment setup using Anypoint Runtime M...Manish Kumar Yadav
 
Cyber Security Maturity Assessment
Cyber Security Maturity Assessment Cyber Security Maturity Assessment
Cyber Security Maturity AssessmentDoreen Loeber
 
MITRE ATT&CK Framework
MITRE ATT&CK FrameworkMITRE ATT&CK Framework
MITRE ATT&CK Frameworkn|u - The Open Security Community
 
Deep dive into ssrf
Deep dive into ssrfDeep dive into ssrf
Deep dive into ssrfn|u - The Open Security Community
 
MITRE ATT&CK framework
MITRE ATT&CK frameworkMITRE ATT&CK framework
MITRE ATT&CK frameworkBhushan Gurav
 
Building Active Directory Monitoring with Telegraf, InfluxDB, and Grafana
Building Active Directory Monitoring with Telegraf, InfluxDB, and GrafanaBuilding Active Directory Monitoring with Telegraf, InfluxDB, and Grafana
Building Active Directory Monitoring with Telegraf, InfluxDB, and GrafanaBoni Yeamin
 
Netcat
NetcatNetcat
Netcatpenetration Tester
 
Designing and building Mule applications
Designing and building Mule applicationsDesigning and building Mule applications
Designing and building Mule applicationsMuleSoft
 
Adversary Emulation using CALDERA
Adversary Emulation using CALDERAAdversary Emulation using CALDERA
Adversary Emulation using CALDERAErik Van Buggenhout
 
Wazuh Security Platform
Wazuh Security PlatformWazuh Security Platform
Wazuh Security PlatformPituphong Yavirach
 
The Elastic Stack as a SIEM
The Elastic Stack as a SIEMThe Elastic Stack as a SIEM
The Elastic Stack as a SIEMJohn Hubbard
 
Enterprise Digital Forensics and Secuiryt with Open Source tools: Automate Au...
Enterprise Digital Forensics and Secuiryt with Open Source tools: Automate Au...Enterprise Digital Forensics and Secuiryt with Open Source tools: Automate Au...
Enterprise Digital Forensics and Secuiryt with Open Source tools: Automate Au...Studio Fiorenzi Security & Forensics
 
Effective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceEffective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceDhruv Majumdar
 
ING Data Services hosted on ICHP DoK Amsterdam 2023
ING Data Services hosted on ICHP DoK Amsterdam 2023ING Data Services hosted on ICHP DoK Amsterdam 2023
ING Data Services hosted on ICHP DoK Amsterdam 2023DoKC
 
Siem ppt
Siem pptSiem ppt
Siem pptkmehul
 
MuleSoft Runtime Fabric (RTF): Foundations : MuleSoft Virtual Muleys Meetups
MuleSoft Runtime Fabric (RTF): Foundations : MuleSoft Virtual Muleys MeetupsMuleSoft Runtime Fabric (RTF): Foundations : MuleSoft Virtual Muleys Meetups
MuleSoft Runtime Fabric (RTF): Foundations : MuleSoft Virtual Muleys MeetupsAngel Alberici
 
Open source SOC Tools for Home-Lab
Open source SOC Tools for Home-LabOpen source SOC Tools for Home-Lab
Open source SOC Tools for Home-LabBoni Yeamin
 
Cyber Security Threat Modeling
Cyber Security Threat ModelingCyber Security Threat Modeling
Cyber Security Threat ModelingDr. Anish Cheriyan (PhD)
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)Ahmed Ayman
 
Soc
SocSoc
SocMukesh Chaudhari
 
Best Practices for Configuring Your OSSIM Installation
Best Practices for Configuring Your OSSIM InstallationBest Practices for Configuring Your OSSIM Installation
Best Practices for Configuring Your OSSIM InstallationAlienVault
 
Netcat - A Swiss Army Tool
Netcat - A Swiss Army ToolNetcat - A Swiss Army Tool
Netcat - A Swiss Army ToolChandrapal Badshah
 
Security Information Event Management - nullhyd
Security Information Event Management - nullhydSecurity Information Event Management - nullhyd
Security Information Event Management - nullhydn|u - The Open Security Community
 
OWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewOWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewMichael Furman
 
Mitre Attack - Credential Dumping - updated.pptx
Mitre Attack - Credential Dumping - updated.pptxMitre Attack - Credential Dumping - updated.pptx
Mitre Attack - Credential Dumping - updated.pptxwaizuq
 
How to Test for The OWASP Top Ten
How to Test for The OWASP Top Ten How to Test for The OWASP Top Ten
How to Test for The OWASP Top TenSecurity Innovation
 
Présentation et démo ELK/SIEM/Wazuh
Présentation et démo ELK/SIEM/Wazuh Présentation et démo ELK/SIEM/Wazuh
Présentation et démo ELK/SIEM/Wazuh clevernetsystemsgeneva
 
VAL-210-Computer-Validati-Plan-sample.pdf
VAL-210-Computer-Validati-Plan-sample.pdfVAL-210-Computer-Validati-Plan-sample.pdf
VAL-210-Computer-Validati-Plan-sample.pdfSamehMostafa33
 
Jon shende fbcs citp q&a
Jon shende fbcs citp q&aJon shende fbcs citp q&a
Jon shende fbcs citp q&aPublicly traded global multi-billion services company
 

More Related Content

What's hot

Designing and building Mule applications
Designing and building Mule applicationsDesigning and building Mule applications
Designing and building Mule applicationsMuleSoft
 
Adversary Emulation using CALDERA
Adversary Emulation using CALDERAAdversary Emulation using CALDERA
Adversary Emulation using CALDERAErik Van Buggenhout
 
The Elastic Stack as a SIEM
The Elastic Stack as a SIEMThe Elastic Stack as a SIEM
The Elastic Stack as a SIEMJohn Hubbard
 
Enterprise Digital Forensics and Secuiryt with Open Source tools: Automate Au...
Enterprise Digital Forensics and Secuiryt with Open Source tools: Automate Au...Enterprise Digital Forensics and Secuiryt with Open Source tools: Automate Au...
Enterprise Digital Forensics and Secuiryt with Open Source tools: Automate Au...Studio Fiorenzi Security & Forensics
 
Effective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceEffective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceDhruv Majumdar
 
ING Data Services hosted on ICHP DoK Amsterdam 2023
ING Data Services hosted on ICHP DoK Amsterdam 2023ING Data Services hosted on ICHP DoK Amsterdam 2023
ING Data Services hosted on ICHP DoK Amsterdam 2023DoKC
 
Siem ppt
Siem pptSiem ppt
Siem pptkmehul
 
MuleSoft Runtime Fabric (RTF): Foundations : MuleSoft Virtual Muleys Meetups
MuleSoft Runtime Fabric (RTF): Foundations : MuleSoft Virtual Muleys MeetupsMuleSoft Runtime Fabric (RTF): Foundations : MuleSoft Virtual Muleys Meetups
MuleSoft Runtime Fabric (RTF): Foundations : MuleSoft Virtual Muleys MeetupsAngel Alberici
 
Open source SOC Tools for Home-Lab
Open source SOC Tools for Home-LabOpen source SOC Tools for Home-Lab
Open source SOC Tools for Home-LabBoni Yeamin
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)Ahmed Ayman
 
Best Practices for Configuring Your OSSIM Installation
Best Practices for Configuring Your OSSIM InstallationBest Practices for Configuring Your OSSIM Installation
Best Practices for Configuring Your OSSIM InstallationAlienVault
 
OWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewOWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewMichael Furman
 
Mitre Attack - Credential Dumping - updated.pptx
Mitre Attack - Credential Dumping - updated.pptxMitre Attack - Credential Dumping - updated.pptx
Mitre Attack - Credential Dumping - updated.pptxwaizuq
 
How to Test for The OWASP Top Ten
How to Test for The OWASP Top Ten How to Test for The OWASP Top Ten
How to Test for The OWASP Top TenSecurity Innovation
 
Présentation et démo ELK/SIEM/Wazuh
Présentation et démo ELK/SIEM/Wazuh Présentation et démo ELK/SIEM/Wazuh
Présentation et démo ELK/SIEM/Wazuh clevernetsystemsgeneva
 

What's hot (20)

Designing and building Mule applications
Designing and building Mule applicationsDesigning and building Mule applications
Designing and building Mule applications
 
Adversary Emulation using CALDERA
Adversary Emulation using CALDERAAdversary Emulation using CALDERA
Adversary Emulation using CALDERA
 
Wazuh Security Platform
Wazuh Security PlatformWazuh Security Platform
Wazuh Security Platform
 
The Elastic Stack as a SIEM
The Elastic Stack as a SIEMThe Elastic Stack as a SIEM
The Elastic Stack as a SIEM
 
Enterprise Digital Forensics and Secuiryt with Open Source tools: Automate Au...
Enterprise Digital Forensics and Secuiryt with Open Source tools: Automate Au...Enterprise Digital Forensics and Secuiryt with Open Source tools: Automate Au...
Enterprise Digital Forensics and Secuiryt with Open Source tools: Automate Au...
 
Effective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceEffective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat Intelligence
 
ING Data Services hosted on ICHP DoK Amsterdam 2023
ING Data Services hosted on ICHP DoK Amsterdam 2023ING Data Services hosted on ICHP DoK Amsterdam 2023
ING Data Services hosted on ICHP DoK Amsterdam 2023
 
Siem ppt
Siem pptSiem ppt
Siem ppt
 
MuleSoft Runtime Fabric (RTF): Foundations : MuleSoft Virtual Muleys Meetups
MuleSoft Runtime Fabric (RTF): Foundations : MuleSoft Virtual Muleys MeetupsMuleSoft Runtime Fabric (RTF): Foundations : MuleSoft Virtual Muleys Meetups
MuleSoft Runtime Fabric (RTF): Foundations : MuleSoft Virtual Muleys Meetups
 
Open source SOC Tools for Home-Lab
Open source SOC Tools for Home-LabOpen source SOC Tools for Home-Lab
Open source SOC Tools for Home-Lab
 
Cyber Security Threat Modeling
Cyber Security Threat ModelingCyber Security Threat Modeling
Cyber Security Threat Modeling
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)
 
Soc
SocSoc
Soc
 
Best Practices for Configuring Your OSSIM Installation
Best Practices for Configuring Your OSSIM InstallationBest Practices for Configuring Your OSSIM Installation
Best Practices for Configuring Your OSSIM Installation
 
Netcat - A Swiss Army Tool
Netcat - A Swiss Army ToolNetcat - A Swiss Army Tool
Netcat - A Swiss Army Tool
 
Security Information Event Management - nullhyd
Security Information Event Management - nullhydSecurity Information Event Management - nullhyd
Security Information Event Management - nullhyd
 
OWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewOWASP Top 10 2021 What's New
OWASP Top 10 2021 What's New
 
Mitre Attack - Credential Dumping - updated.pptx
Mitre Attack - Credential Dumping - updated.pptxMitre Attack - Credential Dumping - updated.pptx
Mitre Attack - Credential Dumping - updated.pptx
 
How to Test for The OWASP Top Ten
How to Test for The OWASP Top Ten How to Test for The OWASP Top Ten
How to Test for The OWASP Top Ten
 
Présentation et démo ELK/SIEM/Wazuh
Présentation et démo ELK/SIEM/Wazuh Présentation et démo ELK/SIEM/Wazuh
Présentation et démo ELK/SIEM/Wazuh
 

Similar to Control Implementation Summary (CIS) Template

VAL-210-Computer-Validati-Plan-sample.pdf
VAL-210-Computer-Validati-Plan-sample.pdfVAL-210-Computer-Validati-Plan-sample.pdf
VAL-210-Computer-Validati-Plan-sample.pdfSamehMostafa33
 
Plan of Action and Milestones (POA&M)
Plan of Action and Milestones (POA&M)Plan of Action and Milestones (POA&M)
Plan of Action and Milestones (POA&M)GovCloud Network
 
System Center Configuration Manager 2012 Overview
System Center Configuration Manager 2012 OverviewSystem Center Configuration Manager 2012 Overview
System Center Configuration Manager 2012 OverviewAmit Gatenyo
 
Continuous Integration and Continuous Delivery on Azure
Continuous Integration and Continuous Delivery on AzureContinuous Integration and Continuous Delivery on Azure
Continuous Integration and Continuous Delivery on AzureCitiusTech
 
Microsoft Server and Cloud Enrollment - Program Guide
Microsoft Server and Cloud Enrollment - Program GuideMicrosoft Server and Cloud Enrollment - Program Guide
Microsoft Server and Cloud Enrollment - Program GuidePavan Verma
 
Tideway Foundation 7.2 Cmdb Population
Tideway Foundation 7.2 Cmdb PopulationTideway Foundation 7.2 Cmdb Population
Tideway Foundation 7.2 Cmdb PopulationPeter Grant
 
0828 Windows Server 2008 新安全功能探討
0828 Windows Server 2008 新安全功能探討0828 Windows Server 2008 新安全功能探討
0828 Windows Server 2008 新安全功能探討Timothy Chen
 
Software Requirements
Software RequirementsSoftware Requirements
Software RequirementsBala Ganesh
 
Webinar: How to Ace Your SaaS-based EDC System Validation for Sponsors and CROs
Webinar: How to Ace Your SaaS-based EDC System Validation for Sponsors and CROsWebinar: How to Ace Your SaaS-based EDC System Validation for Sponsors and CROs
Webinar: How to Ace Your SaaS-based EDC System Validation for Sponsors and CROsStatistics & Data Corporation
 
Sccm 2012
Sccm 2012Sccm 2012
Sccm 2012ebuc
 
PSI Pharmaway 1.0
PSI Pharmaway 1.0PSI Pharmaway 1.0
PSI Pharmaway 1.0Dash Way
 
DFARS CMMC SPRS NIST 800-171 Explainer.pdf
DFARS CMMC SPRS NIST 800-171 Explainer.pdfDFARS CMMC SPRS NIST 800-171 Explainer.pdf
DFARS CMMC SPRS NIST 800-171 Explainer.pdfControlCase
 
Modern Security and Compliance Through Automation | AWS Public Sector Summit ...
Modern Security and Compliance Through Automation | AWS Public Sector Summit ...Modern Security and Compliance Through Automation | AWS Public Sector Summit ...
Modern Security and Compliance Through Automation | AWS Public Sector Summit ...Amazon Web Services
 
Update CMDB Using Discovery Topology (BMC ADDM)
Update CMDB Using Discovery Topology (BMC ADDM) Update CMDB Using Discovery Topology (BMC ADDM)
Update CMDB Using Discovery Topology (BMC ADDM) Vyom Labs
 
Pivotal Cloud Foundry 2.4: A First Look
Pivotal Cloud Foundry 2.4: A First LookPivotal Cloud Foundry 2.4: A First Look
Pivotal Cloud Foundry 2.4: A First LookVMware Tanzu
 
System Center Operations Manager 2012 Overview
System Center Operations Manager 2012 OverviewSystem Center Operations Manager 2012 Overview
System Center Operations Manager 2012 OverviewAmit Gatenyo
 

Similar to Control Implementation Summary (CIS) Template (20)

VAL-210-Computer-Validati-Plan-sample.pdf
VAL-210-Computer-Validati-Plan-sample.pdfVAL-210-Computer-Validati-Plan-sample.pdf
VAL-210-Computer-Validati-Plan-sample.pdf
 
Jon shende fbcs citp q&a
Jon shende fbcs citp q&aJon shende fbcs citp q&a
Jon shende fbcs citp q&a
 
Plan of Action and Milestones (POA&M)
Plan of Action and Milestones (POA&M)Plan of Action and Milestones (POA&M)
Plan of Action and Milestones (POA&M)
 
System Center Configuration Manager 2012 Overview
System Center Configuration Manager 2012 OverviewSystem Center Configuration Manager 2012 Overview
System Center Configuration Manager 2012 Overview
 
Continuous Integration and Continuous Delivery on Azure
Continuous Integration and Continuous Delivery on AzureContinuous Integration and Continuous Delivery on Azure
Continuous Integration and Continuous Delivery on Azure
 
Microsoft Server and Cloud Enrollment - Program Guide
Microsoft Server and Cloud Enrollment - Program GuideMicrosoft Server and Cloud Enrollment - Program Guide
Microsoft Server and Cloud Enrollment - Program Guide
 
Tideway Foundation 7.2 Cmdb Population
Tideway Foundation 7.2 Cmdb PopulationTideway Foundation 7.2 Cmdb Population
Tideway Foundation 7.2 Cmdb Population
 
0828 Windows Server 2008 新安全功能探討
0828 Windows Server 2008 新安全功能探討0828 Windows Server 2008 新安全功能探討
0828 Windows Server 2008 新安全功能探討
 
Saas security
Saas securitySaas security
Saas security
 
Software Requirements
Software RequirementsSoftware Requirements
Software Requirements
 
Webinar: How to Ace Your SaaS-based EDC System Validation for Sponsors and CROs
Webinar: How to Ace Your SaaS-based EDC System Validation for Sponsors and CROsWebinar: How to Ace Your SaaS-based EDC System Validation for Sponsors and CROs
Webinar: How to Ace Your SaaS-based EDC System Validation for Sponsors and CROs
 
Yongsan presentation 3
Yongsan presentation 3Yongsan presentation 3
Yongsan presentation 3
 
Sccm 2012
Sccm 2012Sccm 2012
Sccm 2012
 
PSI Pharmaway 1.0
PSI Pharmaway 1.0PSI Pharmaway 1.0
PSI Pharmaway 1.0
 
DFARS CMMC SPRS NIST 800-171 Explainer.pdf
DFARS CMMC SPRS NIST 800-171 Explainer.pdfDFARS CMMC SPRS NIST 800-171 Explainer.pdf
DFARS CMMC SPRS NIST 800-171 Explainer.pdf
 
Modern Security and Compliance Through Automation | AWS Public Sector Summit ...
Modern Security and Compliance Through Automation | AWS Public Sector Summit ...Modern Security and Compliance Through Automation | AWS Public Sector Summit ...
Modern Security and Compliance Through Automation | AWS Public Sector Summit ...
 
Update CMDB Using Discovery Topology (BMC ADDM)
Update CMDB Using Discovery Topology (BMC ADDM) Update CMDB Using Discovery Topology (BMC ADDM)
Update CMDB Using Discovery Topology (BMC ADDM)
 
Pivotal Cloud Foundry 2.4: A First Look
Pivotal Cloud Foundry 2.4: A First LookPivotal Cloud Foundry 2.4: A First Look
Pivotal Cloud Foundry 2.4: A First Look
 
Shirish Sonawane_CV
Shirish Sonawane_CVShirish Sonawane_CV
Shirish Sonawane_CV
 
System Center Operations Manager 2012 Overview
System Center Operations Manager 2012 OverviewSystem Center Operations Manager 2012 Overview
System Center Operations Manager 2012 Overview
 

More from GovCloud Network

IaaS Price performance-benchmark
IaaS Price performance-benchmarkIaaS Price performance-benchmark
IaaS Price performance-benchmarkGovCloud Network
 
Cloud computing training what's right for me
Cloud computing training what's right for meCloud computing training what's right for me
Cloud computing training what's right for meGovCloud Network
 
ViON Corporation: Surviving IT Change
ViON Corporation: Surviving IT ChangeViON Corporation: Surviving IT Change
ViON Corporation: Surviving IT ChangeGovCloud Network
 
Staying Safe in Cyberspace
Staying Safe in CyberspaceStaying Safe in Cyberspace
Staying Safe in CyberspaceGovCloud Network
 
Vets 360 Services - Military Dedication - Corporate Success
Vets 360 Services - Military Dedication - Corporate SuccessVets 360 Services - Military Dedication - Corporate Success
Vets 360 Services - Military Dedication - Corporate SuccessGovCloud Network
 
GovCloud Network LLC Overview - June 25, 2014
GovCloud Network LLC Overview - June 25, 2014GovCloud Network LLC Overview - June 25, 2014
GovCloud Network LLC Overview - June 25, 2014GovCloud Network
 
Army PEO EIS Cloud Architecture
Army PEO EIS Cloud Architecture Army PEO EIS Cloud Architecture
Army PEO EIS Cloud Architecture GovCloud Network
 
ICH Agile Cloud Session 1-Highlights /Prospective Svc Offerings Kevin Jackson
ICH Agile Cloud Session 1-Highlights /Prospective Svc Offerings Kevin JacksonICH Agile Cloud Session 1-Highlights /Prospective Svc Offerings Kevin Jackson
ICH Agile Cloud Session 1-Highlights /Prospective Svc Offerings Kevin JacksonGovCloud Network
 
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSA
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSAImproving Cybersecurity and Resilience Through Acquisition Emile Monette GSA
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSAGovCloud Network
 
@AgileCLoud_ICH Presentation - 20140521 US Navy OPNAV - Capt Christopher Page
@AgileCLoud_ICH Presentation - 20140521 US Navy OPNAV - Capt Christopher Page@AgileCLoud_ICH Presentation - 20140521 US Navy OPNAV - Capt Christopher Page
@AgileCLoud_ICH Presentation - 20140521 US Navy OPNAV - Capt Christopher PageGovCloud Network
 
Agile Cloud Conference 2 Introduction - John Brennan
Agile Cloud Conference 2 Introduction - John BrennanAgile Cloud Conference 2 Introduction - John Brennan
Agile Cloud Conference 2 Introduction - John BrennanGovCloud Network
 
DoD Business Capability Lifecycle (BCL) Guide (Draft)
DoD Business Capability Lifecycle (BCL) Guide (Draft)DoD Business Capability Lifecycle (BCL) Guide (Draft)
DoD Business Capability Lifecycle (BCL) Guide (Draft)GovCloud Network
 
GovCloud Network Overview Presentation
GovCloud Network Overview PresentationGovCloud Network Overview Presentation
GovCloud Network Overview PresentationGovCloud Network
 
PM ISE Information Interoperability Presentation -agile sourcing brief
PM ISE Information Interoperability Presentation -agile sourcing briefPM ISE Information Interoperability Presentation -agile sourcing brief
PM ISE Information Interoperability Presentation -agile sourcing briefGovCloud Network
 
Intrusion Detection on Public IaaS - Kevin L. Jackson
Intrusion Detection on Public IaaS - Kevin L. JacksonIntrusion Detection on Public IaaS - Kevin L. Jackson
Intrusion Detection on Public IaaS - Kevin L. JacksonGovCloud Network
 
A Framework for Cloud Computing Adoption in South African Government
A Framework for Cloud Computing Adoption in South African GovernmentA Framework for Cloud Computing Adoption in South African Government
A Framework for Cloud Computing Adoption in South African GovernmentGovCloud Network
 
NCOIC GCC OWS-10 presentation 10 7 2013
NCOIC GCC OWS-10 presentation 10 7 2013NCOIC GCC OWS-10 presentation 10 7 2013
NCOIC GCC OWS-10 presentation 10 7 2013GovCloud Network
 
Tech gate kevin l jackson - 09-21-2013
Tech gate kevin l jackson - 09-21-2013Tech gate kevin l jackson - 09-21-2013
Tech gate kevin l jackson - 09-21-2013GovCloud Network
 
Paving the Way to the Cloud: Cloud Services Brokerage for Highly Secure, Dem...
Paving the Way to the Cloud: Cloud Services Brokerage for Highly Secure, Dem...Paving the Way to the Cloud: Cloud Services Brokerage for Highly Secure, Dem...
Paving the Way to the Cloud: Cloud Services Brokerage for Highly Secure, Dem...GovCloud Network
 
Government cloud deployment lessons learned final (4 4 2013)
Government cloud deployment lessons learned final (4 4 2013)Government cloud deployment lessons learned final (4 4 2013)
Government cloud deployment lessons learned final (4 4 2013)GovCloud Network
 

More from GovCloud Network (20)

IaaS Price performance-benchmark
IaaS Price performance-benchmarkIaaS Price performance-benchmark
IaaS Price performance-benchmark
 
Cloud computing training what's right for me
Cloud computing training what's right for meCloud computing training what's right for me
Cloud computing training what's right for me
 
ViON Corporation: Surviving IT Change
ViON Corporation: Surviving IT ChangeViON Corporation: Surviving IT Change
ViON Corporation: Surviving IT Change
 
Staying Safe in Cyberspace
Staying Safe in CyberspaceStaying Safe in Cyberspace
Staying Safe in Cyberspace
 
Vets 360 Services - Military Dedication - Corporate Success
Vets 360 Services - Military Dedication - Corporate SuccessVets 360 Services - Military Dedication - Corporate Success
Vets 360 Services - Military Dedication - Corporate Success
 
GovCloud Network LLC Overview - June 25, 2014
GovCloud Network LLC Overview - June 25, 2014GovCloud Network LLC Overview - June 25, 2014
GovCloud Network LLC Overview - June 25, 2014
 
Army PEO EIS Cloud Architecture
Army PEO EIS Cloud Architecture Army PEO EIS Cloud Architecture
Army PEO EIS Cloud Architecture
 
ICH Agile Cloud Session 1-Highlights /Prospective Svc Offerings Kevin Jackson
ICH Agile Cloud Session 1-Highlights /Prospective Svc Offerings Kevin JacksonICH Agile Cloud Session 1-Highlights /Prospective Svc Offerings Kevin Jackson
ICH Agile Cloud Session 1-Highlights /Prospective Svc Offerings Kevin Jackson
 
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSA
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSAImproving Cybersecurity and Resilience Through Acquisition Emile Monette GSA
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSA
 
@AgileCLoud_ICH Presentation - 20140521 US Navy OPNAV - Capt Christopher Page
@AgileCLoud_ICH Presentation - 20140521 US Navy OPNAV - Capt Christopher Page@AgileCLoud_ICH Presentation - 20140521 US Navy OPNAV - Capt Christopher Page
@AgileCLoud_ICH Presentation - 20140521 US Navy OPNAV - Capt Christopher Page
 
Agile Cloud Conference 2 Introduction - John Brennan
Agile Cloud Conference 2 Introduction - John BrennanAgile Cloud Conference 2 Introduction - John Brennan
Agile Cloud Conference 2 Introduction - John Brennan
 
DoD Business Capability Lifecycle (BCL) Guide (Draft)
DoD Business Capability Lifecycle (BCL) Guide (Draft)DoD Business Capability Lifecycle (BCL) Guide (Draft)
DoD Business Capability Lifecycle (BCL) Guide (Draft)
 
GovCloud Network Overview Presentation
GovCloud Network Overview PresentationGovCloud Network Overview Presentation
GovCloud Network Overview Presentation
 
PM ISE Information Interoperability Presentation -agile sourcing brief
PM ISE Information Interoperability Presentation -agile sourcing briefPM ISE Information Interoperability Presentation -agile sourcing brief
PM ISE Information Interoperability Presentation -agile sourcing brief
 
Intrusion Detection on Public IaaS - Kevin L. Jackson
Intrusion Detection on Public IaaS - Kevin L. JacksonIntrusion Detection on Public IaaS - Kevin L. Jackson
Intrusion Detection on Public IaaS - Kevin L. Jackson
 
A Framework for Cloud Computing Adoption in South African Government
A Framework for Cloud Computing Adoption in South African GovernmentA Framework for Cloud Computing Adoption in South African Government
A Framework for Cloud Computing Adoption in South African Government
 
NCOIC GCC OWS-10 presentation 10 7 2013
NCOIC GCC OWS-10 presentation 10 7 2013NCOIC GCC OWS-10 presentation 10 7 2013
NCOIC GCC OWS-10 presentation 10 7 2013
 
Tech gate kevin l jackson - 09-21-2013
Tech gate kevin l jackson - 09-21-2013Tech gate kevin l jackson - 09-21-2013
Tech gate kevin l jackson - 09-21-2013
 
Paving the Way to the Cloud: Cloud Services Brokerage for Highly Secure, Dem...
Paving the Way to the Cloud: Cloud Services Brokerage for Highly Secure, Dem...Paving the Way to the Cloud: Cloud Services Brokerage for Highly Secure, Dem...
Paving the Way to the Cloud: Cloud Services Brokerage for Highly Secure, Dem...
 
Government cloud deployment lessons learned final (4 4 2013)
Government cloud deployment lessons learned final (4 4 2013)Government cloud deployment lessons learned final (4 4 2013)
Government cloud deployment lessons learned final (4 4 2013)
 

Recently uploaded

Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesZilliz
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfSeasiaInfotech2
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 

Recently uploaded (20)

Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector Databases
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 

Control Implementation Summary (CIS) Template

  • 1. Control Implementation Summary (CIS) Template <Information System Name>, <Date> Control Implementation Summary (CIS) Template <Vendor Name> <Information System Name> <Sensitivity Level> Version 1.0 May 2, 2012 Company Sensitive and Proprietary For Authorized Use Only
  • 2. FedRAMP Control Implementation Summary (CIS) Template <Information System Name>, <Date>, <Version> Table of Contents ABOUT THIS DOCUMENT................................................................................................................. 4 Who should use this document? ..................................................................................................... 4 Conventions used in this document ................................................................................................ 4 How to contact us............................................................................................................................ 5 1. INTRODUCTION....................................................................................................................... 6 1.1. Purpose............................................................................................................................... 6 1.2. Scope .................................................................................................................................. 6 1.3. System Description ............................................................................................................. 6 2. CONTROL IMPLEMENTATION RESULTS .................................................................................. 7 APPENDIX A. ACRONYMS............................................................................................................... 9 APPENDIX B. REFERENCES ........................................................................................................... 10 Company Sensitive and Proprietary 2
  • 3. FedRAMP Control Implementation Summary (CIS) Template <Information System Name>, <Date>, <Version> Document Revision History Date Description Version Author 05/02/2012 Document Publication 1.0 FedRAMP Office Company Sensitive and Proprietary3
  • 4. FedRAMP Control Implementation Summary (CIS) Template <Information System Name>, <Date>, <Version> ABOUTTHIS DOCUMENT This document is released in template format. Once populated with content, this document will include detailed information about service provider information security controls. Who should use this document? This document is intended to be used by Cloud Service Providers (CSPs) who are applying for an Authorization to Operate (ATO) through the U.S. federal government FedRAMP program. This template provides a sample format for preparing the Control Implementation Summary (CIS) Report for the CSP information system. The CSP may modify the format as necessary to comply with its internal policies and Federal Risk and Authorization Management Program (FedRAMP) requirements. Conventions used in this document This document uses the following typographical conventions: Italic Italics are used for email addresses, security control assignments parameters, and formal document names. Italic blue in a box Italic blue text in a blue box indicates instructions to the individual filling out the template. Instruction: This is an instruction to the individual filling out of the template. Bold Bold text indicates a parameter or an additional requirement. Constant width Constant width text is used for text that is representative of characters that would show up on a computer screen. <Brackets> Bold blue text brackets indicate a user defined variable or word that should be replaced with a specific name. Once replaced, the brackets should be removed. Notes Notes are found between parallel lines and include additional information that may be helpful to the users of this template. Company Sensitive and Proprietary 4
  • 5. FedRAMP Control Implementation Summary (CIS) Template <Information System Name>, <Date>, <Version> Note: This is a note. Sans Serif Sans Serif text is used for tables, table captions, figure captions, and table of contents. Sans Serif Gray Sans Serif gray text is used for examples. How to contact us If you have questions about something in this document, or how to fill it out, please write to: info@fedramp.gov For more information about the FedRAMP project, please see the website at: http://www.fedramp.gov Company Sensitive and Proprietary 5
  • 6. FedRAMP Control Implementation Summary (CIS) Template <Information System Name>, <Date>, <Version> 1. INTRODUCTION The Control Implementation Summary (CIS) report is a key document in the security authorization package developed for submission to the Federal Risk and Authorization Management Program(FedRAMP) authorizing officials. The CIS report includes control implementation responsibility and implementation status of the FedRAMP security controls. CIS along with the Control Tailoring Workbook (CTW) and FIPS-199 Security Categorization should be submitted and approved by FedRAMP JAB before submitting the System Security Plan (SSP). 1.1. Purpose The purpose of the Control Implementation Summary (CIS) is to delineate the control responsibilities of CSPs and customer agencies. In addition, the CIS provides a summary of all required controls and enhancements across the system. CSPs are requested to coordinate with their assigned FedRAMP ISSO to ensure the CIS is appropriately formatted to reflect status and control origination responsibilities. 1.2. Scope The scope of the CIS template includes a description of all management, operational, and technical FedRAMP security controls that will be documented in the security plan(SP) at the determined impact level (Moderate or Low) by the CSP. 1.3. System Description The <Information System Name>system has been determined to have a security categorization of <Moderate/Low>. Instruction: Insert a brief high-level description of the system, business or purpose and system environment. Ensure this section is continuously updated with the latest description from the System Security Plan (SSP). Company Sensitive and Proprietary 6
  • 7. FedRAMP Control Implementation Summary (CIS) Template <Information System Name>, <Date>, <Version> 2. CONTROL IMPLEMENTATION RESULTS Columns in the embedded Control Implementation Summary (CIS) spreadsheet are defined according to the definitions found in the table that follows. Control Origination Definition Example Service Provider A control that originates from the CSP DNS from the corporate network Corporate corporate network. provides address resolution services for the information system and the service offering. Service Provider System A control specific to a particular system A unique host based intrusion Specific at the CSP and the control is not part of detection system (HIDs) is available the service provider corporate controls. on the service offering platform but is not available on the corporate network. Service Provider Hybrid A control that makes use of both Scans of the corporate network corporate controls and additional infrastructure; scans of databases controls specific to a particular system and web based application are at the CSP. system specific. Configured by Customer A control where the customer needs to User profiles, policy/audit apply a configuration in order to meet configurations, enabling/disabling the control requirement. key switches (e.g., enable/disable http or https, etc.), entering an IP range specific to their organization are configurable by the customer. Provided by Customer A control where the customer needs to The customer provides a SAML SSO provide additional hardware or solution to implement two-factor software in order to meet the control authentication. requirement. Shared A control that is managed and Security awareness training must be implemented partially by the CSP and conducted by both the CSP and the partially by the customer. customer. Inherited from pre- A control that is inherited from another A PaaS or SaaS provider inherits PE existing Provisional CSP system that has already received a controls from an IaaS provider. Authorization Provisional Authorization. Company Sensitive and Proprietary 7
  • 8. FedRAMP Control Implementation Summary (CIS) Template <Information System Name>, <Date>, <Version> Instruction: The CSP shouldindicate the control implementation status and control implementation origination of each of the controls identified in the CIS workbook by providing a checkmark in the appropriate cell. For the controls and enhancements identified as being a shared control, the CSP should explain the customer configuration and/or implementation responsibility in the “Customer Responsibility Matrix” which is on the second sheet in the workbook. The CIS should be entirely consistent with the Control Summary Information tables found in the System Security Plan. Embedded CIS Spreadsheet (Click to open): CIS_041612.xlsx Company Sensitive and Proprietary 8
  • 9. FedRAMP Control Implementation Summary (CIS) Template <Information System Name>, <Date>, <Version> APPENDIX A. ACRONYMS Instruction: Update the acronyms based on the acronyms used in this document. AC Authentication Category AP Assurance Profile API Application Programming Interface ATO Authorization to Operate C&A Certification & Accreditation COTS Commercial Off the Shelf AO Authorizing Official FedRAMP Federal Risk and Authorization Management Program FIPS PUB Federal Information Processing Standard Publication FISMA Federal Information Security Management Act GSS General Support System IaaS Infrastructure as a Service (Model) IATO Interim Authorization to Operate ID Identification IT Information Technology LAN Local Area Network NIST National Institute of Standards and Technology OMB Office of Management and Budget PIA Privacy Impact Assessment POA&M Plan of Action and Milestones POC Point of Contact RA Risk Assessment Rev. Revision SA Security Assessment SAR Security Assessment Report SDLC System Development Life Cycle SP Special Publication SSP System Security Plan VLAN Virtual Local Area Network Company Sensitive and Proprietary 9
  • 10. FedRAMP Control Implementation Summary (CIS) Template <Information System Name>, <Date>, <Version> APPENDIX B. REFERENCES Laws and Regulations: Federal Information Security Management Act of 2002, Title III – Information Security, P.L. 107-347. Consolidated Appropriations Act of 2005, Section 522. USA PATRIOT Act (P.L. 107-56), October 2001. OMB Circulars: OMB Circular A-130, Management of Federal Information Resources, November 2000. OMB Memorandum M-05-24, Implementation of Homeland Security Presidential Directive (HSPD) 12—Policy for a Common Identification Standard for Federal Employees and Contractors, August 2005. OMB Memorandum M-06-16, Protection of Sensitive Agency Information, June, 2006. FIPS Publications: FIPS PUB 199, Standards for Security Categorization of Federal Information and Information Systems FIPS PUB 200, Minimum Security Requirements for Federal Information and Information Systems FIPS PUB 201, Personal Identity Verification (PIV) of Federal Employees and Contractors NIST Publications: NIST 800-18 Revision 1 Guide for Developing Security Plans for Information Technology Systems NIST 800-30, Risk Management Guide for Information Technology Systems NIST 800-34, Contingency Planning Guide for Information Technology Systems NIST 800-37 Revision 1, Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach NIST 800-47, Security Guide for Interconnecting Information Technology Systems NIST 800-53 Revision 3, Recommended Security Controls for Federal Information Systems and Organizations NIST 800-53A Revision 1, Guide for Assessing the Security Controls in Federal Information System and Organizations NIST 800-60 Revision 1, Guide for Mapping Types of Information and Information Systems to Security NIST 800-63, Electronic Authentication Guideline: Recommendations of the National Institute of Standards and Technology NIST 800-64, Security Considerations in the Information System Development Life Cycle Company Sensitive and Proprietary 10