The authorization boundary diagram is a living document that is updated and reviewed regularly for accuracy. Authorization boundary diagrams should also show components or services that are controlled by your customer or those leveraged as an external service. Authorization Boundary DiagramĪuthorization boundary diagrams must illustrate how your information system connects with external services and systems. These icons need to be labeled accordingly and/or included in the legend. Company-specific icons can usually be downloaded from their website to use in multiple programs. As always, include a legend that clearly identifies the components of your diagrams and use proper labeling within your diagram when necessary. Use proper alignment, spacing, and imagery to provide diagrams that are easy to digest. Clarity is Keyĭiagrams should be clear and concise. FedRAMP authorized tools can be found and accessed via the FedRAMP Marketplace. Store your diagrams in a secure and encrypted area that aligns with the specific FedRAMP level that you are trying to achieve. When creating your diagrams, choose software that is either host-based or FedRAMP authorized at a level that is compatible with your (projected) FedRAMP level (Low, Moderate, or High). Remember, the government expects you, as a Cloud Service Provider (CSP), to do your due diligence when illustrating the FedRAMP boundary. These diagrams should be created as early as possible in the FedRAMP process because they are necessary for developing the System Security Plan (SSP), agency authorization kick-off, and Security Assessment Report (SAR). These diagrams include the Authorization Boundary, Data Flow, and the Network Diagram. The FedRAMP Project Management Office (PMO), Third-Party Assessment Organizations (3PAO), and agency assessors will be at a minimum looking for three diagrams. Government agencies want to know that federal information is properly secured and stored and that the Confidentiality, Integrity and Availability of federal information is maintained. One of the first critical steps is to develop diagrams to be reviewed illustrating that your network and its boundary are FedRAMP ready. Your organization is looking to sell your service or product and you need to be authorized by the Federal Risk and Authorization Management Program (FedRAMP) .
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |