SlideShare a Scribd company logo

Control Implementation Summary (CIS) Template

Download as DOCX, PDF
GovCloud Network
GovCloud Network

This template provides a sample format for preparing the Control Implementation Summary (CIS) Report for the CSP information system. The CSP may modify the format as necessary to comply with its internal policies and Federal Risk and Authorization Management Program (FedRAMP) requirements.

Technology
1 of 10
Control Implementation Summary (CIS) Template <Information System Name>, <Date> Control Implementation Summary (CIS) Template <Vendor Name> <Information System Name> <Sensitivity Level> Version 1.0 May 2, 2012 Company Sensitive and Proprietary For Authorized Use Only
FedRAMP Control Implementation Summary (CIS) Template <Information System Name>, <Date>, <Version> Table of Contents ABOUT THIS DOCUMENT................................................................................................................. 4 Who should use this document? ..................................................................................................... 4 Conventions used in this document ................................................................................................ 4 How to contact us............................................................................................................................ 5 1. INTRODUCTION....................................................................................................................... 6 1.1. Purpose............................................................................................................................... 6 1.2. Scope .................................................................................................................................. 6 1.3. System Description ............................................................................................................. 6 2. CONTROL IMPLEMENTATION RESULTS .................................................................................. 7 APPENDIX A. ACRONYMS............................................................................................................... 9 APPENDIX B. REFERENCES ........................................................................................................... 10 Company Sensitive and Proprietary 2
FedRAMP Control Implementation Summary (CIS) Template <Information System Name>, <Date>, <Version> Document Revision History Date Description Version Author 05/02/2012 Document Publication 1.0 FedRAMP Office Company Sensitive and Proprietary3
FedRAMP Control Implementation Summary (CIS) Template <Information System Name>, <Date>, <Version> ABOUTTHIS DOCUMENT This document is released in template format. Once populated with content, this document will include detailed information about service provider information security controls. Who should use this document? This document is intended to be used by Cloud Service Providers (CSPs) who are applying for an Authorization to Operate (ATO) through the U.S. federal government FedRAMP program. This template provides a sample format for preparing the Control Implementation Summary (CIS) Report for the CSP information system. The CSP may modify the format as necessary to comply with its internal policies and Federal Risk and Authorization Management Program (FedRAMP) requirements. Conventions used in this document This document uses the following typographical conventions: Italic Italics are used for email addresses, security control assignments parameters, and formal document names. Italic blue in a box Italic blue text in a blue box indicates instructions to the individual filling out the template. Instruction: This is an instruction to the individual filling out of the template. Bold Bold text indicates a parameter or an additional requirement. Constant width Constant width text is used for text that is representative of characters that would show up on a computer screen. <Brackets> Bold blue text brackets indicate a user defined variable or word that should be replaced with a specific name. Once replaced, the brackets should be removed. Notes Notes are found between parallel lines and include additional information that may be helpful to the users of this template. Company Sensitive and Proprietary 4
FedRAMP Control Implementation Summary (CIS) Template <Information System Name>, <Date>, <Version> Note: This is a note. Sans Serif Sans Serif text is used for tables, table captions, figure captions, and table of contents. Sans Serif Gray Sans Serif gray text is used for examples. How to contact us If you have questions about something in this document, or how to fill it out, please write to: info@fedramp.gov For more information about the FedRAMP project, please see the website at: http://www.fedramp.gov Company Sensitive and Proprietary 5
FedRAMP Control Implementation Summary (CIS) Template <Information System Name>, <Date>, <Version> 1. INTRODUCTION The Control Implementation Summary (CIS) report is a key document in the security authorization package developed for submission to the Federal Risk and Authorization Management Program(FedRAMP) authorizing officials. The CIS report includes control implementation responsibility and implementation status of the FedRAMP security controls. CIS along with the Control Tailoring Workbook (CTW) and FIPS-199 Security Categorization should be submitted and approved by FedRAMP JAB before submitting the System Security Plan (SSP). 1.1. Purpose The purpose of the Control Implementation Summary (CIS) is to delineate the control responsibilities of CSPs and customer agencies. In addition, the CIS provides a summary of all required controls and enhancements across the system. CSPs are requested to coordinate with their assigned FedRAMP ISSO to ensure the CIS is appropriately formatted to reflect status and control origination responsibilities. 1.2. Scope The scope of the CIS template includes a description of all management, operational, and technical FedRAMP security controls that will be documented in the security plan(SP) at the determined impact level (Moderate or Low) by the CSP. 1.3. System Description The <Information System Name>system has been determined to have a security categorization of <Moderate/Low>. Instruction: Insert a brief high-level description of the system, business or purpose and system environment. Ensure this section is continuously updated with the latest description from the System Security Plan (SSP). Company Sensitive and Proprietary 6
FedRAMP Control Implementation Summary (CIS) Template <Information System Name>, <Date>, <Version> 2. CONTROL IMPLEMENTATION RESULTS Columns in the embedded Control Implementation Summary (CIS) spreadsheet are defined according to the definitions found in the table that follows. Control Origination Definition Example Service Provider A control that originates from the CSP DNS from the corporate network Corporate corporate network. provides address resolution services for the information system and the service offering. Service Provider System A control specific to a particular system A unique host based intrusion Specific at the CSP and the control is not part of detection system (HIDs) is available the service provider corporate controls. on the service offering platform but is not available on the corporate network. Service Provider Hybrid A control that makes use of both Scans of the corporate network corporate controls and additional infrastructure; scans of databases controls specific to a particular system and web based application are at the CSP. system specific. Configured by Customer A control where the customer needs to User profiles, policy/audit apply a configuration in order to meet configurations, enabling/disabling the control requirement. key switches (e.g., enable/disable http or https, etc.), entering an IP range specific to their organization are configurable by the customer. Provided by Customer A control where the customer needs to The customer provides a SAML SSO provide additional hardware or solution to implement two-factor software in order to meet the control authentication. requirement. Shared A control that is managed and Security awareness training must be implemented partially by the CSP and conducted by both the CSP and the partially by the customer. customer. Inherited from pre- A control that is inherited from another A PaaS or SaaS provider inherits PE existing Provisional CSP system that has already received a controls from an IaaS provider. Authorization Provisional Authorization. Company Sensitive and Proprietary 7
FedRAMP Control Implementation Summary (CIS) Template <Information System Name>, <Date>, <Version> Instruction: The CSP shouldindicate the control implementation status and control implementation origination of each of the controls identified in the CIS workbook by providing a checkmark in the appropriate cell. For the controls and enhancements identified as being a shared control, the CSP should explain the customer configuration and/or implementation responsibility in the “Customer Responsibility Matrix” which is on the second sheet in the workbook. The CIS should be entirely consistent with the Control Summary Information tables found in the System Security Plan. Embedded CIS Spreadsheet (Click to open): CIS_041612.xlsx Company Sensitive and Proprietary 8
FedRAMP Control Implementation Summary (CIS) Template <Information System Name>, <Date>, <Version> APPENDIX A. ACRONYMS Instruction: Update the acronyms based on the acronyms used in this document. AC Authentication Category AP Assurance Profile API Application Programming Interface ATO Authorization to Operate C&A Certification & Accreditation COTS Commercial Off the Shelf AO Authorizing Official FedRAMP Federal Risk and Authorization Management Program FIPS PUB Federal Information Processing Standard Publication FISMA Federal Information Security Management Act GSS General Support System IaaS Infrastructure as a Service (Model) IATO Interim Authorization to Operate ID Identification IT Information Technology LAN Local Area Network NIST National Institute of Standards and Technology OMB Office of Management and Budget PIA Privacy Impact Assessment POA&M Plan of Action and Milestones POC Point of Contact RA Risk Assessment Rev. Revision SA Security Assessment SAR Security Assessment Report SDLC System Development Life Cycle SP Special Publication SSP System Security Plan VLAN Virtual Local Area Network Company Sensitive and Proprietary 9
FedRAMP Control Implementation Summary (CIS) Template <Information System Name>, <Date>, <Version> APPENDIX B. REFERENCES Laws and Regulations: Federal Information Security Management Act of 2002, Title III – Information Security, P.L. 107-347. Consolidated Appropriations Act of 2005, Section 522. USA PATRIOT Act (P.L. 107-56), October 2001. OMB Circulars: OMB Circular A-130, Management of Federal Information Resources, November 2000. OMB Memorandum M-05-24, Implementation of Homeland Security Presidential Directive (HSPD) 12—Policy for a Common Identification Standard for Federal Employees and Contractors, August 2005. OMB Memorandum M-06-16, Protection of Sensitive Agency Information, June, 2006. FIPS Publications: FIPS PUB 199, Standards for Security Categorization of Federal Information and Information Systems FIPS PUB 200, Minimum Security Requirements for Federal Information and Information Systems FIPS PUB 201, Personal Identity Verification (PIV) of Federal Employees and Contractors NIST Publications: NIST 800-18 Revision 1 Guide for Developing Security Plans for Information Technology Systems NIST 800-30, Risk Management Guide for Information Technology Systems NIST 800-34, Contingency Planning Guide for Information Technology Systems NIST 800-37 Revision 1, Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach NIST 800-47, Security Guide for Interconnecting Information Technology Systems NIST 800-53 Revision 3, Recommended Security Controls for Federal Information Systems and Organizations NIST 800-53A Revision 1, Guide for Assessing the Security Controls in Federal Information System and Organizations NIST 800-60 Revision 1, Guide for Mapping Types of Information and Information Systems to Security NIST 800-63, Electronic Authentication Guideline: Recommendations of the National Institute of Standards and Technology NIST 800-64, Security Considerations in the Information System Development Life Cycle Company Sensitive and Proprietary 10

Recommended

SABSA vs. TOGAF in a RMF NIST 800-30 context
SABSA vs. TOGAF in a RMF NIST 800-30 contextSABSA vs. TOGAF in a RMF NIST 800-30 context
SABSA vs. TOGAF in a RMF NIST 800-30 contextDavid Sweigert
 
A Practical Example to Using SABSA Extended Security-in-Depth Strategy
A Practical Example to Using SABSA Extended Security-in-Depth Strategy A Practical Example to Using SABSA Extended Security-in-Depth Strategy
A Practical Example to Using SABSA Extended Security-in-Depth Strategy Allen Baranov
 
Information Security Governance: Concepts, Security Management & Metrics
Information Security Governance: Concepts, Security Management & MetricsInformation Security Governance: Concepts, Security Management & Metrics
Information Security Governance: Concepts, Security Management & MetricsMarius FAILLOT DEVARRE
 
Cybersecurity Maturity Model Certification
Cybersecurity Maturity Model CertificationCybersecurity Maturity Model Certification
Cybersecurity Maturity Model CertificationMurray Security Services
 
Cloud Security Demystified
Cloud Security DemystifiedCloud Security Demystified
Cloud Security DemystifiedMichael Torres
 
Soc 2 attestation or ISO 27001 certification - Which is better for organization
Soc 2 attestation or ISO 27001 certification - Which is better for organizationSoc 2 attestation or ISO 27001 certification - Which is better for organization
Soc 2 attestation or ISO 27001 certification - Which is better for organizationVISTA InfoSec
 
Information security management system (isms) overview
Information security management system (isms) overviewInformation security management system (isms) overview
Information security management system (isms) overviewJulia Urbina-Pineda
 
Enterprise Security Architecture Design
Enterprise Security Architecture DesignEnterprise Security Architecture Design
Enterprise Security Architecture DesignPriyanka Aash
 

Recommended

SABSA vs. TOGAF in a RMF NIST 800-30 context
SABSA vs. TOGAF in a RMF NIST 800-30 contextSABSA vs. TOGAF in a RMF NIST 800-30 context
SABSA vs. TOGAF in a RMF NIST 800-30 contextDavid Sweigert
 
A Practical Example to Using SABSA Extended Security-in-Depth Strategy
A Practical Example to Using SABSA Extended Security-in-Depth Strategy A Practical Example to Using SABSA Extended Security-in-Depth Strategy
A Practical Example to Using SABSA Extended Security-in-Depth Strategy Allen Baranov
 
Information Security Governance: Concepts, Security Management & Metrics
Information Security Governance: Concepts, Security Management & MetricsInformation Security Governance: Concepts, Security Management & Metrics
Information Security Governance: Concepts, Security Management & MetricsMarius FAILLOT DEVARRE
 
Cybersecurity Maturity Model Certification
Cybersecurity Maturity Model CertificationCybersecurity Maturity Model Certification
Cybersecurity Maturity Model CertificationMurray Security Services
 
Cloud Security Demystified
Cloud Security DemystifiedCloud Security Demystified
Cloud Security DemystifiedMichael Torres
 
Soc 2 attestation or ISO 27001 certification - Which is better for organization
Soc 2 attestation or ISO 27001 certification - Which is better for organizationSoc 2 attestation or ISO 27001 certification - Which is better for organization
Soc 2 attestation or ISO 27001 certification - Which is better for organizationVISTA InfoSec
 
Information security management system (isms) overview
Information security management system (isms) overviewInformation security management system (isms) overview
Information security management system (isms) overviewJulia Urbina-Pineda
 
Enterprise Security Architecture Design
Enterprise Security Architecture DesignEnterprise Security Architecture Design
Enterprise Security Architecture DesignPriyanka Aash
 
SABSA Implementation(Part V)_ver1-0
SABSA Implementation(Part V)_ver1-0SABSA Implementation(Part V)_ver1-0
SABSA Implementation(Part V)_ver1-0Maganathin Veeraragaloo
 
CLOUD NATIVE SECURITY
CLOUD NATIVE SECURITYCLOUD NATIVE SECURITY
CLOUD NATIVE SECURITYMaganathin Veeraragaloo
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmPriyanka Aash
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1Priyanka Aash
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterMichael Nickle
 
SABSA Implementation(Part III)_ver1-0
SABSA Implementation(Part III)_ver1-0SABSA Implementation(Part III)_ver1-0
SABSA Implementation(Part III)_ver1-0Maganathin Veeraragaloo
 
FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...
FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...
FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...James W. De Rienzo
 
WHY SOC Services needed?
WHY SOC Services needed?WHY SOC Services needed?
WHY SOC Services needed?manoharparakh
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecturePriyanka Aash
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)Ahmad Haghighi
 
NIST presentation on RMF 2.0 / SP 800-37 rev. 2
NIST presentation on RMF 2.0 / SP 800-37 rev. 2NIST presentation on RMF 2.0 / SP 800-37 rev. 2
NIST presentation on RMF 2.0 / SP 800-37 rev. 2NetLockSmith
 
NIST cybersecurity framework
NIST cybersecurity frameworkNIST cybersecurity framework
NIST cybersecurity frameworkShriya Rai
 
Building a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS EnvironmentsBuilding a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS EnvironmentsShah Sheikh
 
Conceptual security architecture
Conceptual security architectureConceptual security architecture
Conceptual security architectureMubashirAslam5
 
information security management
information security managementinformation security management
information security managementGurpreetkaur838
 
Information security – risk identification is all
Information security – risk identification is allInformation security – risk identification is all
Information security – risk identification is allPECB
 
Enterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityEnterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityThe Open Group SA
 
Industrial Cyber Security: What is Application Whitelisting?
Industrial Cyber Security: What is Application Whitelisting?Industrial Cyber Security: What is Application Whitelisting?
Industrial Cyber Security: What is Application Whitelisting?honeywellgf
 
Incident Response
Incident Response Incident Response
Incident Response InnoTech
 
Enterprise Security Architecture
Enterprise Security ArchitectureEnterprise Security Architecture
Enterprise Security ArchitecturePriyanka Aash
 
VAL-210-Computer-Validati-Plan-sample.pdf
VAL-210-Computer-Validati-Plan-sample.pdfVAL-210-Computer-Validati-Plan-sample.pdf
VAL-210-Computer-Validati-Plan-sample.pdfSamehMostafa33
 
Jon shende fbcs citp q&a
Jon shende fbcs citp q&aJon shende fbcs citp q&a
Jon shende fbcs citp q&aPublicly traded global multi-billion services company
 

More Related Content

What's hot

From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmPriyanka Aash
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1Priyanka Aash
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterMichael Nickle
 
FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...
FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...
FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...James W. De Rienzo
 
WHY SOC Services needed?
WHY SOC Services needed?WHY SOC Services needed?
WHY SOC Services needed?manoharparakh
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecturePriyanka Aash
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)Ahmad Haghighi
 
NIST presentation on RMF 2.0 / SP 800-37 rev. 2
NIST presentation on RMF 2.0 / SP 800-37 rev. 2NIST presentation on RMF 2.0 / SP 800-37 rev. 2
NIST presentation on RMF 2.0 / SP 800-37 rev. 2NetLockSmith
 
NIST cybersecurity framework
NIST cybersecurity frameworkNIST cybersecurity framework
NIST cybersecurity frameworkShriya Rai
 
Building a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS EnvironmentsBuilding a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS EnvironmentsShah Sheikh
 
Conceptual security architecture
Conceptual security architectureConceptual security architecture
Conceptual security architectureMubashirAslam5
 
information security management
information security managementinformation security management
information security managementGurpreetkaur838
 
Information security – risk identification is all
Information security – risk identification is allInformation security – risk identification is all
Information security – risk identification is allPECB
 
Enterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityEnterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityThe Open Group SA
 
Industrial Cyber Security: What is Application Whitelisting?
Industrial Cyber Security: What is Application Whitelisting?Industrial Cyber Security: What is Application Whitelisting?
Industrial Cyber Security: What is Application Whitelisting?honeywellgf
 
Incident Response
Incident Response Incident Response
Incident Response InnoTech
 
Enterprise Security Architecture
Enterprise Security ArchitectureEnterprise Security Architecture
Enterprise Security ArchitecturePriyanka Aash
 

What's hot (20)

SABSA Implementation(Part V)_ver1-0
SABSA Implementation(Part V)_ver1-0SABSA Implementation(Part V)_ver1-0
SABSA Implementation(Part V)_ver1-0
 
CLOUD NATIVE SECURITY
CLOUD NATIVE SECURITYCLOUD NATIVE SECURITY
CLOUD NATIVE SECURITY
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity Chasm
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations Center
 
SABSA Implementation(Part III)_ver1-0
SABSA Implementation(Part III)_ver1-0SABSA Implementation(Part III)_ver1-0
SABSA Implementation(Part III)_ver1-0
 
FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...
FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...
FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...
 
WHY SOC Services needed?
WHY SOC Services needed?WHY SOC Services needed?
WHY SOC Services needed?
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecture
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)
 
NIST presentation on RMF 2.0 / SP 800-37 rev. 2
NIST presentation on RMF 2.0 / SP 800-37 rev. 2NIST presentation on RMF 2.0 / SP 800-37 rev. 2
NIST presentation on RMF 2.0 / SP 800-37 rev. 2
 
NIST cybersecurity framework
NIST cybersecurity frameworkNIST cybersecurity framework
NIST cybersecurity framework
 
Building a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS EnvironmentsBuilding a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS Environments
 
Conceptual security architecture
Conceptual security architectureConceptual security architecture
Conceptual security architecture
 
information security management
information security managementinformation security management
information security management
 
Information security – risk identification is all
Information security – risk identification is allInformation security – risk identification is all
Information security – risk identification is all
 
Enterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityEnterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber Security
 
Industrial Cyber Security: What is Application Whitelisting?
Industrial Cyber Security: What is Application Whitelisting?Industrial Cyber Security: What is Application Whitelisting?
Industrial Cyber Security: What is Application Whitelisting?
 
Incident Response
Incident Response Incident Response
Incident Response
 
Enterprise Security Architecture
Enterprise Security ArchitectureEnterprise Security Architecture
Enterprise Security Architecture
 

Similar to Control Implementation Summary (CIS) Template

VAL-210-Computer-Validati-Plan-sample.pdf
VAL-210-Computer-Validati-Plan-sample.pdfVAL-210-Computer-Validati-Plan-sample.pdf
VAL-210-Computer-Validati-Plan-sample.pdfSamehMostafa33
 
Plan of Action and Milestones (POA&M)
Plan of Action and Milestones (POA&M)Plan of Action and Milestones (POA&M)
Plan of Action and Milestones (POA&M)GovCloud Network
 
System Center Configuration Manager 2012 Overview
System Center Configuration Manager 2012 OverviewSystem Center Configuration Manager 2012 Overview
System Center Configuration Manager 2012 OverviewAmit Gatenyo
 
Continuous Integration and Continuous Delivery on Azure
Continuous Integration and Continuous Delivery on AzureContinuous Integration and Continuous Delivery on Azure
Continuous Integration and Continuous Delivery on AzureCitiusTech
 
Microsoft Server and Cloud Enrollment - Program Guide
Microsoft Server and Cloud Enrollment - Program GuideMicrosoft Server and Cloud Enrollment - Program Guide
Microsoft Server and Cloud Enrollment - Program GuidePavan Verma
 
Tideway Foundation 7.2 Cmdb Population
Tideway Foundation 7.2 Cmdb PopulationTideway Foundation 7.2 Cmdb Population
Tideway Foundation 7.2 Cmdb PopulationPeter Grant
 
0828 Windows Server 2008 新安全功能探討
0828 Windows Server 2008 新安全功能探討0828 Windows Server 2008 新安全功能探討
0828 Windows Server 2008 新安全功能探討Timothy Chen
 
Software Requirements
Software RequirementsSoftware Requirements
Software RequirementsBala Ganesh
 
Webinar: How to Ace Your SaaS-based EDC System Validation for Sponsors and CROs
Webinar: How to Ace Your SaaS-based EDC System Validation for Sponsors and CROsWebinar: How to Ace Your SaaS-based EDC System Validation for Sponsors and CROs
Webinar: How to Ace Your SaaS-based EDC System Validation for Sponsors and CROsStatistics & Data Corporation
 
Sccm 2012
Sccm 2012Sccm 2012
Sccm 2012ebuc
 
PSI Pharmaway 1.0
PSI Pharmaway 1.0PSI Pharmaway 1.0
PSI Pharmaway 1.0Dash Way
 
DFARS CMMC SPRS NIST 800-171 Explainer.pdf
DFARS CMMC SPRS NIST 800-171 Explainer.pdfDFARS CMMC SPRS NIST 800-171 Explainer.pdf
DFARS CMMC SPRS NIST 800-171 Explainer.pdfControlCase
 
Modern Security and Compliance Through Automation | AWS Public Sector Summit ...
Modern Security and Compliance Through Automation | AWS Public Sector Summit ...Modern Security and Compliance Through Automation | AWS Public Sector Summit ...
Modern Security and Compliance Through Automation | AWS Public Sector Summit ...Amazon Web Services
 
Update CMDB Using Discovery Topology (BMC ADDM)
Update CMDB Using Discovery Topology (BMC ADDM) Update CMDB Using Discovery Topology (BMC ADDM)
Update CMDB Using Discovery Topology (BMC ADDM) Vyom Labs
 
Pivotal Cloud Foundry 2.4: A First Look
Pivotal Cloud Foundry 2.4: A First LookPivotal Cloud Foundry 2.4: A First Look
Pivotal Cloud Foundry 2.4: A First LookVMware Tanzu
 
System Center Operations Manager 2012 Overview
System Center Operations Manager 2012 OverviewSystem Center Operations Manager 2012 Overview
System Center Operations Manager 2012 OverviewAmit Gatenyo
 

Similar to Control Implementation Summary (CIS) Template (20)

VAL-210-Computer-Validati-Plan-sample.pdf
VAL-210-Computer-Validati-Plan-sample.pdfVAL-210-Computer-Validati-Plan-sample.pdf
VAL-210-Computer-Validati-Plan-sample.pdf
 
Jon shende fbcs citp q&a
Jon shende fbcs citp q&aJon shende fbcs citp q&a
Jon shende fbcs citp q&a
 
Plan of Action and Milestones (POA&M)
Plan of Action and Milestones (POA&M)Plan of Action and Milestones (POA&M)
Plan of Action and Milestones (POA&M)
 
System Center Configuration Manager 2012 Overview
System Center Configuration Manager 2012 OverviewSystem Center Configuration Manager 2012 Overview
System Center Configuration Manager 2012 Overview
 
Continuous Integration and Continuous Delivery on Azure
Continuous Integration and Continuous Delivery on AzureContinuous Integration and Continuous Delivery on Azure
Continuous Integration and Continuous Delivery on Azure
 
Microsoft Server and Cloud Enrollment - Program Guide
Microsoft Server and Cloud Enrollment - Program GuideMicrosoft Server and Cloud Enrollment - Program Guide
Microsoft Server and Cloud Enrollment - Program Guide
 
Tideway Foundation 7.2 Cmdb Population
Tideway Foundation 7.2 Cmdb PopulationTideway Foundation 7.2 Cmdb Population
Tideway Foundation 7.2 Cmdb Population
 
0828 Windows Server 2008 新安全功能探討
0828 Windows Server 2008 新安全功能探討0828 Windows Server 2008 新安全功能探討
0828 Windows Server 2008 新安全功能探討
 
Saas security
Saas securitySaas security
Saas security
 
Software Requirements
Software RequirementsSoftware Requirements
Software Requirements
 
Webinar: How to Ace Your SaaS-based EDC System Validation for Sponsors and CROs
Webinar: How to Ace Your SaaS-based EDC System Validation for Sponsors and CROsWebinar: How to Ace Your SaaS-based EDC System Validation for Sponsors and CROs
Webinar: How to Ace Your SaaS-based EDC System Validation for Sponsors and CROs
 
Yongsan presentation 3
Yongsan presentation 3Yongsan presentation 3
Yongsan presentation 3
 
Sccm 2012
Sccm 2012Sccm 2012
Sccm 2012
 
PSI Pharmaway 1.0
PSI Pharmaway 1.0PSI Pharmaway 1.0
PSI Pharmaway 1.0
 
DFARS CMMC SPRS NIST 800-171 Explainer.pdf
DFARS CMMC SPRS NIST 800-171 Explainer.pdfDFARS CMMC SPRS NIST 800-171 Explainer.pdf
DFARS CMMC SPRS NIST 800-171 Explainer.pdf
 
Modern Security and Compliance Through Automation | AWS Public Sector Summit ...
Modern Security and Compliance Through Automation | AWS Public Sector Summit ...Modern Security and Compliance Through Automation | AWS Public Sector Summit ...
Modern Security and Compliance Through Automation | AWS Public Sector Summit ...
 
Update CMDB Using Discovery Topology (BMC ADDM)
Update CMDB Using Discovery Topology (BMC ADDM) Update CMDB Using Discovery Topology (BMC ADDM)
Update CMDB Using Discovery Topology (BMC ADDM)
 
Pivotal Cloud Foundry 2.4: A First Look
Pivotal Cloud Foundry 2.4: A First LookPivotal Cloud Foundry 2.4: A First Look
Pivotal Cloud Foundry 2.4: A First Look
 
Shirish Sonawane_CV
Shirish Sonawane_CVShirish Sonawane_CV
Shirish Sonawane_CV
 
System Center Operations Manager 2012 Overview
System Center Operations Manager 2012 OverviewSystem Center Operations Manager 2012 Overview
System Center Operations Manager 2012 Overview
 

More from GovCloud Network

IaaS Price performance-benchmark
IaaS Price performance-benchmarkIaaS Price performance-benchmark
IaaS Price performance-benchmarkGovCloud Network
 
Cloud computing training what's right for me
Cloud computing training what's right for meCloud computing training what's right for me
Cloud computing training what's right for meGovCloud Network
 
ViON Corporation: Surviving IT Change
ViON Corporation: Surviving IT ChangeViON Corporation: Surviving IT Change
ViON Corporation: Surviving IT ChangeGovCloud Network
 
Staying Safe in Cyberspace
Staying Safe in CyberspaceStaying Safe in Cyberspace
Staying Safe in CyberspaceGovCloud Network
 
Vets 360 Services - Military Dedication - Corporate Success
Vets 360 Services - Military Dedication - Corporate SuccessVets 360 Services - Military Dedication - Corporate Success
Vets 360 Services - Military Dedication - Corporate SuccessGovCloud Network
 
GovCloud Network LLC Overview - June 25, 2014
GovCloud Network LLC Overview - June 25, 2014GovCloud Network LLC Overview - June 25, 2014
GovCloud Network LLC Overview - June 25, 2014GovCloud Network
 
Army PEO EIS Cloud Architecture
Army PEO EIS Cloud Architecture Army PEO EIS Cloud Architecture
Army PEO EIS Cloud Architecture GovCloud Network
 
ICH Agile Cloud Session 1-Highlights /Prospective Svc Offerings Kevin Jackson
ICH Agile Cloud Session 1-Highlights /Prospective Svc Offerings Kevin JacksonICH Agile Cloud Session 1-Highlights /Prospective Svc Offerings Kevin Jackson
ICH Agile Cloud Session 1-Highlights /Prospective Svc Offerings Kevin JacksonGovCloud Network
 
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSA
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSAImproving Cybersecurity and Resilience Through Acquisition Emile Monette GSA
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSAGovCloud Network
 
@AgileCLoud_ICH Presentation - 20140521 US Navy OPNAV - Capt Christopher Page
@AgileCLoud_ICH Presentation - 20140521 US Navy OPNAV - Capt Christopher Page@AgileCLoud_ICH Presentation - 20140521 US Navy OPNAV - Capt Christopher Page
@AgileCLoud_ICH Presentation - 20140521 US Navy OPNAV - Capt Christopher PageGovCloud Network
 
Agile Cloud Conference 2 Introduction - John Brennan
Agile Cloud Conference 2 Introduction - John BrennanAgile Cloud Conference 2 Introduction - John Brennan
Agile Cloud Conference 2 Introduction - John BrennanGovCloud Network
 
DoD Business Capability Lifecycle (BCL) Guide (Draft)
DoD Business Capability Lifecycle (BCL) Guide (Draft)DoD Business Capability Lifecycle (BCL) Guide (Draft)
DoD Business Capability Lifecycle (BCL) Guide (Draft)GovCloud Network
 
GovCloud Network Overview Presentation
GovCloud Network Overview PresentationGovCloud Network Overview Presentation
GovCloud Network Overview PresentationGovCloud Network
 
PM ISE Information Interoperability Presentation -agile sourcing brief
PM ISE Information Interoperability Presentation -agile sourcing briefPM ISE Information Interoperability Presentation -agile sourcing brief
PM ISE Information Interoperability Presentation -agile sourcing briefGovCloud Network
 
Intrusion Detection on Public IaaS - Kevin L. Jackson
Intrusion Detection on Public IaaS - Kevin L. JacksonIntrusion Detection on Public IaaS - Kevin L. Jackson
Intrusion Detection on Public IaaS - Kevin L. JacksonGovCloud Network
 
A Framework for Cloud Computing Adoption in South African Government
A Framework for Cloud Computing Adoption in South African GovernmentA Framework for Cloud Computing Adoption in South African Government
A Framework for Cloud Computing Adoption in South African GovernmentGovCloud Network
 
NCOIC GCC OWS-10 presentation 10 7 2013
NCOIC GCC OWS-10 presentation 10 7 2013NCOIC GCC OWS-10 presentation 10 7 2013
NCOIC GCC OWS-10 presentation 10 7 2013GovCloud Network
 
Tech gate kevin l jackson - 09-21-2013
Tech gate kevin l jackson - 09-21-2013Tech gate kevin l jackson - 09-21-2013
Tech gate kevin l jackson - 09-21-2013GovCloud Network
 
Paving the Way to the Cloud: Cloud Services Brokerage for Highly Secure, Dem...
Paving the Way to the Cloud: Cloud Services Brokerage for Highly Secure, Dem...Paving the Way to the Cloud: Cloud Services Brokerage for Highly Secure, Dem...
Paving the Way to the Cloud: Cloud Services Brokerage for Highly Secure, Dem...GovCloud Network
 
Government cloud deployment lessons learned final (4 4 2013)
Government cloud deployment lessons learned final (4 4 2013)Government cloud deployment lessons learned final (4 4 2013)
Government cloud deployment lessons learned final (4 4 2013)GovCloud Network
 

More from GovCloud Network (20)

IaaS Price performance-benchmark
IaaS Price performance-benchmarkIaaS Price performance-benchmark
IaaS Price performance-benchmark
 
Cloud computing training what's right for me
Cloud computing training what's right for meCloud computing training what's right for me
Cloud computing training what's right for me
 
ViON Corporation: Surviving IT Change
ViON Corporation: Surviving IT ChangeViON Corporation: Surviving IT Change
ViON Corporation: Surviving IT Change
 
Staying Safe in Cyberspace
Staying Safe in CyberspaceStaying Safe in Cyberspace
Staying Safe in Cyberspace
 
Vets 360 Services - Military Dedication - Corporate Success
Vets 360 Services - Military Dedication - Corporate SuccessVets 360 Services - Military Dedication - Corporate Success
Vets 360 Services - Military Dedication - Corporate Success
 
GovCloud Network LLC Overview - June 25, 2014
GovCloud Network LLC Overview - June 25, 2014GovCloud Network LLC Overview - June 25, 2014
GovCloud Network LLC Overview - June 25, 2014
 
Army PEO EIS Cloud Architecture
Army PEO EIS Cloud Architecture Army PEO EIS Cloud Architecture
Army PEO EIS Cloud Architecture
 
ICH Agile Cloud Session 1-Highlights /Prospective Svc Offerings Kevin Jackson
ICH Agile Cloud Session 1-Highlights /Prospective Svc Offerings Kevin JacksonICH Agile Cloud Session 1-Highlights /Prospective Svc Offerings Kevin Jackson
ICH Agile Cloud Session 1-Highlights /Prospective Svc Offerings Kevin Jackson
 
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSA
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSAImproving Cybersecurity and Resilience Through Acquisition Emile Monette GSA
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSA
 
@AgileCLoud_ICH Presentation - 20140521 US Navy OPNAV - Capt Christopher Page
@AgileCLoud_ICH Presentation - 20140521 US Navy OPNAV - Capt Christopher Page@AgileCLoud_ICH Presentation - 20140521 US Navy OPNAV - Capt Christopher Page
@AgileCLoud_ICH Presentation - 20140521 US Navy OPNAV - Capt Christopher Page
 
Agile Cloud Conference 2 Introduction - John Brennan
Agile Cloud Conference 2 Introduction - John BrennanAgile Cloud Conference 2 Introduction - John Brennan
Agile Cloud Conference 2 Introduction - John Brennan
 
DoD Business Capability Lifecycle (BCL) Guide (Draft)
DoD Business Capability Lifecycle (BCL) Guide (Draft)DoD Business Capability Lifecycle (BCL) Guide (Draft)
DoD Business Capability Lifecycle (BCL) Guide (Draft)
 
GovCloud Network Overview Presentation
GovCloud Network Overview PresentationGovCloud Network Overview Presentation
GovCloud Network Overview Presentation
 
PM ISE Information Interoperability Presentation -agile sourcing brief
PM ISE Information Interoperability Presentation -agile sourcing briefPM ISE Information Interoperability Presentation -agile sourcing brief
PM ISE Information Interoperability Presentation -agile sourcing brief
 
Intrusion Detection on Public IaaS - Kevin L. Jackson
Intrusion Detection on Public IaaS - Kevin L. JacksonIntrusion Detection on Public IaaS - Kevin L. Jackson
Intrusion Detection on Public IaaS - Kevin L. Jackson
 
A Framework for Cloud Computing Adoption in South African Government
A Framework for Cloud Computing Adoption in South African GovernmentA Framework for Cloud Computing Adoption in South African Government
A Framework for Cloud Computing Adoption in South African Government
 
NCOIC GCC OWS-10 presentation 10 7 2013
NCOIC GCC OWS-10 presentation 10 7 2013NCOIC GCC OWS-10 presentation 10 7 2013
NCOIC GCC OWS-10 presentation 10 7 2013
 
Tech gate kevin l jackson - 09-21-2013
Tech gate kevin l jackson - 09-21-2013Tech gate kevin l jackson - 09-21-2013
Tech gate kevin l jackson - 09-21-2013
 
Paving the Way to the Cloud: Cloud Services Brokerage for Highly Secure, Dem...
Paving the Way to the Cloud: Cloud Services Brokerage for Highly Secure, Dem...Paving the Way to the Cloud: Cloud Services Brokerage for Highly Secure, Dem...
Paving the Way to the Cloud: Cloud Services Brokerage for Highly Secure, Dem...
 
Government cloud deployment lessons learned final (4 4 2013)
Government cloud deployment lessons learned final (4 4 2013)Government cloud deployment lessons learned final (4 4 2013)
Government cloud deployment lessons learned final (4 4 2013)
 

Recently uploaded

Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 

Recently uploaded (20)

Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 

Control Implementation Summary (CIS) Template

  • 1. Control Implementation Summary (CIS) Template <Information System Name>, <Date> Control Implementation Summary (CIS) Template <Vendor Name> <Information System Name> <Sensitivity Level> Version 1.0 May 2, 2012 Company Sensitive and Proprietary For Authorized Use Only
  • 2. FedRAMP Control Implementation Summary (CIS) Template <Information System Name>, <Date>, <Version> Table of Contents ABOUT THIS DOCUMENT................................................................................................................. 4 Who should use this document? ..................................................................................................... 4 Conventions used in this document ................................................................................................ 4 How to contact us............................................................................................................................ 5 1. INTRODUCTION....................................................................................................................... 6 1.1. Purpose............................................................................................................................... 6 1.2. Scope .................................................................................................................................. 6 1.3. System Description ............................................................................................................. 6 2. CONTROL IMPLEMENTATION RESULTS .................................................................................. 7 APPENDIX A. ACRONYMS............................................................................................................... 9 APPENDIX B. REFERENCES ........................................................................................................... 10 Company Sensitive and Proprietary 2
  • 3. FedRAMP Control Implementation Summary (CIS) Template <Information System Name>, <Date>, <Version> Document Revision History Date Description Version Author 05/02/2012 Document Publication 1.0 FedRAMP Office Company Sensitive and Proprietary3
  • 4. FedRAMP Control Implementation Summary (CIS) Template <Information System Name>, <Date>, <Version> ABOUTTHIS DOCUMENT This document is released in template format. Once populated with content, this document will include detailed information about service provider information security controls. Who should use this document? This document is intended to be used by Cloud Service Providers (CSPs) who are applying for an Authorization to Operate (ATO) through the U.S. federal government FedRAMP program. This template provides a sample format for preparing the Control Implementation Summary (CIS) Report for the CSP information system. The CSP may modify the format as necessary to comply with its internal policies and Federal Risk and Authorization Management Program (FedRAMP) requirements. Conventions used in this document This document uses the following typographical conventions: Italic Italics are used for email addresses, security control assignments parameters, and formal document names. Italic blue in a box Italic blue text in a blue box indicates instructions to the individual filling out the template. Instruction: This is an instruction to the individual filling out of the template. Bold Bold text indicates a parameter or an additional requirement. Constant width Constant width text is used for text that is representative of characters that would show up on a computer screen. <Brackets> Bold blue text brackets indicate a user defined variable or word that should be replaced with a specific name. Once replaced, the brackets should be removed. Notes Notes are found between parallel lines and include additional information that may be helpful to the users of this template. Company Sensitive and Proprietary 4
  • 5. FedRAMP Control Implementation Summary (CIS) Template <Information System Name>, <Date>, <Version> Note: This is a note. Sans Serif Sans Serif text is used for tables, table captions, figure captions, and table of contents. Sans Serif Gray Sans Serif gray text is used for examples. How to contact us If you have questions about something in this document, or how to fill it out, please write to: info@fedramp.gov For more information about the FedRAMP project, please see the website at: http://www.fedramp.gov Company Sensitive and Proprietary 5
  • 6. FedRAMP Control Implementation Summary (CIS) Template <Information System Name>, <Date>, <Version> 1. INTRODUCTION The Control Implementation Summary (CIS) report is a key document in the security authorization package developed for submission to the Federal Risk and Authorization Management Program(FedRAMP) authorizing officials. The CIS report includes control implementation responsibility and implementation status of the FedRAMP security controls. CIS along with the Control Tailoring Workbook (CTW) and FIPS-199 Security Categorization should be submitted and approved by FedRAMP JAB before submitting the System Security Plan (SSP). 1.1. Purpose The purpose of the Control Implementation Summary (CIS) is to delineate the control responsibilities of CSPs and customer agencies. In addition, the CIS provides a summary of all required controls and enhancements across the system. CSPs are requested to coordinate with their assigned FedRAMP ISSO to ensure the CIS is appropriately formatted to reflect status and control origination responsibilities. 1.2. Scope The scope of the CIS template includes a description of all management, operational, and technical FedRAMP security controls that will be documented in the security plan(SP) at the determined impact level (Moderate or Low) by the CSP. 1.3. System Description The <Information System Name>system has been determined to have a security categorization of <Moderate/Low>. Instruction: Insert a brief high-level description of the system, business or purpose and system environment. Ensure this section is continuously updated with the latest description from the System Security Plan (SSP). Company Sensitive and Proprietary 6
  • 7. FedRAMP Control Implementation Summary (CIS) Template <Information System Name>, <Date>, <Version> 2. CONTROL IMPLEMENTATION RESULTS Columns in the embedded Control Implementation Summary (CIS) spreadsheet are defined according to the definitions found in the table that follows. Control Origination Definition Example Service Provider A control that originates from the CSP DNS from the corporate network Corporate corporate network. provides address resolution services for the information system and the service offering. Service Provider System A control specific to a particular system A unique host based intrusion Specific at the CSP and the control is not part of detection system (HIDs) is available the service provider corporate controls. on the service offering platform but is not available on the corporate network. Service Provider Hybrid A control that makes use of both Scans of the corporate network corporate controls and additional infrastructure; scans of databases controls specific to a particular system and web based application are at the CSP. system specific. Configured by Customer A control where the customer needs to User profiles, policy/audit apply a configuration in order to meet configurations, enabling/disabling the control requirement. key switches (e.g., enable/disable http or https, etc.), entering an IP range specific to their organization are configurable by the customer. Provided by Customer A control where the customer needs to The customer provides a SAML SSO provide additional hardware or solution to implement two-factor software in order to meet the control authentication. requirement. Shared A control that is managed and Security awareness training must be implemented partially by the CSP and conducted by both the CSP and the partially by the customer. customer. Inherited from pre- A control that is inherited from another A PaaS or SaaS provider inherits PE existing Provisional CSP system that has already received a controls from an IaaS provider. Authorization Provisional Authorization. Company Sensitive and Proprietary 7
  • 8. FedRAMP Control Implementation Summary (CIS) Template <Information System Name>, <Date>, <Version> Instruction: The CSP shouldindicate the control implementation status and control implementation origination of each of the controls identified in the CIS workbook by providing a checkmark in the appropriate cell. For the controls and enhancements identified as being a shared control, the CSP should explain the customer configuration and/or implementation responsibility in the “Customer Responsibility Matrix” which is on the second sheet in the workbook. The CIS should be entirely consistent with the Control Summary Information tables found in the System Security Plan. Embedded CIS Spreadsheet (Click to open): CIS_041612.xlsx Company Sensitive and Proprietary 8
  • 9. FedRAMP Control Implementation Summary (CIS) Template <Information System Name>, <Date>, <Version> APPENDIX A. ACRONYMS Instruction: Update the acronyms based on the acronyms used in this document. AC Authentication Category AP Assurance Profile API Application Programming Interface ATO Authorization to Operate C&A Certification & Accreditation COTS Commercial Off the Shelf AO Authorizing Official FedRAMP Federal Risk and Authorization Management Program FIPS PUB Federal Information Processing Standard Publication FISMA Federal Information Security Management Act GSS General Support System IaaS Infrastructure as a Service (Model) IATO Interim Authorization to Operate ID Identification IT Information Technology LAN Local Area Network NIST National Institute of Standards and Technology OMB Office of Management and Budget PIA Privacy Impact Assessment POA&M Plan of Action and Milestones POC Point of Contact RA Risk Assessment Rev. Revision SA Security Assessment SAR Security Assessment Report SDLC System Development Life Cycle SP Special Publication SSP System Security Plan VLAN Virtual Local Area Network Company Sensitive and Proprietary 9
  • 10. FedRAMP Control Implementation Summary (CIS) Template <Information System Name>, <Date>, <Version> APPENDIX B. REFERENCES Laws and Regulations: Federal Information Security Management Act of 2002, Title III – Information Security, P.L. 107-347. Consolidated Appropriations Act of 2005, Section 522. USA PATRIOT Act (P.L. 107-56), October 2001. OMB Circulars: OMB Circular A-130, Management of Federal Information Resources, November 2000. OMB Memorandum M-05-24, Implementation of Homeland Security Presidential Directive (HSPD) 12—Policy for a Common Identification Standard for Federal Employees and Contractors, August 2005. OMB Memorandum M-06-16, Protection of Sensitive Agency Information, June, 2006. FIPS Publications: FIPS PUB 199, Standards for Security Categorization of Federal Information and Information Systems FIPS PUB 200, Minimum Security Requirements for Federal Information and Information Systems FIPS PUB 201, Personal Identity Verification (PIV) of Federal Employees and Contractors NIST Publications: NIST 800-18 Revision 1 Guide for Developing Security Plans for Information Technology Systems NIST 800-30, Risk Management Guide for Information Technology Systems NIST 800-34, Contingency Planning Guide for Information Technology Systems NIST 800-37 Revision 1, Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach NIST 800-47, Security Guide for Interconnecting Information Technology Systems NIST 800-53 Revision 3, Recommended Security Controls for Federal Information Systems and Organizations NIST 800-53A Revision 1, Guide for Assessing the Security Controls in Federal Information System and Organizations NIST 800-60 Revision 1, Guide for Mapping Types of Information and Information Systems to Security NIST 800-63, Electronic Authentication Guideline: Recommendations of the National Institute of Standards and Technology NIST 800-64, Security Considerations in the Information System Development Life Cycle Company Sensitive and Proprietary 10