The table below is sortable by columns. The Category, Document, and Description columns will sort alphabetically, and the Last Updated column will sort by date. Click on the column header to sort, and click again to sort in reverse order. To return the table to its original order, simply refresh the web page.
| Category | Document | Description | Type | Last Updated |
|---|---|---|---|---|
| Readiness Assessment Phase | FedRAMP High Readiness Assessment Report (RAR) Template | The FedRAMP High RAR Template and its underlying assessment are intended to enable FedRAMP to reach a FedRAMP Ready decision for a specific CSP’s system based on organizational processes and the security capabilities of the system. FedRAMP grants a FedRAMP Ready designation when the information in this report template indicates the CSP is likely to achieve a JAB P-ATO or Agency ATO for the system. |
WORD |
7/31/2020 |
| Readiness Assessment Phase | FedRAMP Moderate Readiness Assessment Report (RAR) Template | The FedRAMP Moderate RAR Template and its underlying assessment are intended to enable FedRAMP to reach a FedRAMP Ready decision for a specific CSP’s system based on organizational processes and the security capabilities of the system. FedRAMP grants a FedRAMP Ready designation when the information in this report template indicates the CSP is likely to achieve a JAB P-ATO or Agency ATO for the system. |
WORD |
2/13/2019 |
| Initial Authorization Phase- Initial Authorization Package Checklist | FedRAMP Initial Authorization Package Checklist | This checklist details the documents required for a complete FedRAMP initial authorization package. CSPs must submit this checklist along with their authorization package so that the FedRAMP PMO can verify their package is complete prior to conducting reviews. |
EXCEL |
7/23/2020 |
| Initial Authorization Phase- Document: System Security Plan (SSP) | FedRAMP System Security Plan (SSP) High Baseline Template | The FedRAMP SSP High Baseline Template provides the FedRAMP High baseline security control requirements for High impact cloud systems. The template provides the framework to capture the system environment, system responsibilities, and the current status of the High baseline controls required for the system. |
WORD |
7/31/2020 |
| Initial Authorization Phase- Document: System Security Plan (SSP) | FedRAMP System Security Plan (SSP) Moderate Baseline Template | The FedRAMP SSP Moderate Baseline Template provides the FedRAMP Moderate baseline security control requirements for Moderate impact cloud systems. The template provides the framework to capture the system environment, system responsibilities, and the current status of the Moderate baseline controls required for the system. |
WORD |
8/28/2018 |
| Initial Authorization Phase- Document: System Security Plan (SSP) | FedRAMP System Security Plan (SSP) Low Baseline Template | The FedRAMP SSP Low Baseline Template provides the FedRAMP Low baseline security control requirements for Low impact cloud systems. The template provides the framework to capture the system environment, system responsibilities, and the current status of the Low baseline controls required for the system. |
WORD |
8/28/2018 |
| Initial Authorization Phase- Document: System Security Plan (SSP) | SSP ATTACHMENT 4 - FedRAMP Privacy Impact Assessment (PIA) Template | The FedRAMP PIA Template is used to determine if a system collects and/or stores Personally Identifiable Information (PII) as defined in OMB Memorandum M-07-16. |
WORD |
6/6/2017 |
| Initial Authorization Phase- Document: System Security Plan (SSP) | SSP ATTACHMENT 5 - FedRAMP Rules of Behavior (RoB) Template | The FedRAMP RoB Template describes security controls associated with user responsibilities and specific expectations of behavior for following security policies, standards, and procedures. |
WORD |
6/6/2017 |
| Initial Authorization Phase- Document: System Security Plan (SSP) | SSP ATTACHMENT 6 - FedRAMP Information System Contingency Plan (ISCP) Template | This template supports the ISCP requirements for FedRAMP. An ISCP denotes interim measures to recover information system services following an unprecedented emergency or system disruption. |
WORD |
6/6/2017 |
| Initial Authorization Phase- Document: System Security Plan (SSP) | SSP ATTACHMENT 9 - FedRAMP High Control Implementation Summary (CIS) Workbook Template | The FedRAMP High CIS Workbook Template delineates the control responsibilities of CSPs and Federal Agencies and provides a summary of all required controls and enhancements across the system. |
EXCEL |
8/6/2020 |
| Initial Authorization Phase- Document: System Security Plan (SSP) | SSP ATTACHMENT 9 - FedRAMP Low or Moderate Control Implementation Summary (CIS) Workbook Template | The FedRAMP Low or Moderate CIS Workbook Template delineates the control responsibilities of CSPs and Federal Agencies and provides a summary of all required controls and enhancements across the system. |
EXCEL |
8/6/2020 |
| Initial Authorization Phase- Document: System Security Plan (SSP) | SSP ATTACHMENT 12 - FedRAMP Laws and Regulations Template | The FedRAMP Laws and Regulations Template provides a single source for applicable FedRAMP laws, regulations, standards, and guidance. |
EXCEL |
7/23/2020 |
| Initial Authorization Phase- Document: System Security Plan (SSP) | SSP ATTACHMENT 13 - FedRAMP Integrated Inventory Workbook Template | The FedRAMP Integrated Inventory Workbook Template consolidates all of the inventory information previously required in five FedRAMP templates that included the SSP, ISCP, SAP, SAR, and POA&M. |
EXCEL |
6/6/2017 |
| Initial Authorization Phase- Assess: Security Assessment Plan (SAP) | FedRAMP Security Assessment Plan (SAP) Template | The FedRAMP SAP Template is intended for 3PAOs to plan CSP security assessment testing. Once completed, this template constitutes as a plan for testing security controls. |
WORD |
6/6/2017 |
| Initial Authorization Phase- Assess: Security Assessment Plan (SAP) | SAP APPENDIX A - FedRAMP High Security Test Case Procedures Template | The FedRAMP High Security Test Case Procedures Template provides a standard risk and controls template for assessing baseline controls and helps to drive consistency in 3PAO annual assessment testing. 3PAOs use this workbook to test selected baseline controls per required test procedures and document any control deficiencies and findings. |
EXCEL | 3/10/2017 |
| Initial Authorization Phase- Assess: Security Assessment Plan (SAP) | SAP APPENDIX A - FedRAMP Moderate Security Test Case Procedures Template | The FedRAMP Moderate Security Test Case Procedures Template provides a standard risk and controls template for assessing baseline controls and helps to drive consistency in 3PAO annual assessment testing. 3PAOs use this workbook to test selected baseline controls per required test procedures and document any control deficiencies and findings. |
EXCEL |
3/10/2017 |
| Initial Authorization Phase- Assess: Security Assessment Plan (SAP) | SAP APPENDIX A - FedRAMP Low Security Test Case Procedures Template | The FedRAMP Low Security Test Case Procedures Template provides a standard risk and controls template for assessing baseline controls and helps to drive consistency in 3PAO annual assessment testing. 3PAOs use this workbook to test selected baseline controls per required test procedures and document any control deficiencies and findings. |
EXCEL |
3/10/2017 |
| Initial Authorization Phase- Authorize: Security Assessment Report (SAR) | FedRAMP Security Assessment Report (SAR) Template | The FedRAMP SAR Template provides a framework for 3PAOs to evaluate a cloud system’s implementation of and compliance with system-specific, baseline security controls required by FedRAMP. |
WORD |
6/6/2017 |
| Initial Authorization Phase- Authorize: Security Assessment Report (SAR) | SAR APPENDIX A - FedRAMP Risk Exposure Table Template | The FedRAMP Risk Exposure Table Template is designed to capture all security weaknesses and deficiencies identified during security assessment testing. |
EXCEL |
3/9/2017 |
| Initial Authorization Phase- Authorize: Plan of Action and Milestones (POA&M) | FedRAMP Plan of Action and Milestones (POA&M) Template | The FedRAMP POA&M Template provides a structured framework for aggregating system vulnerabilities and deficiencies through security assessment and continuous monitoring efforts. This template is intended to be used as a tracking tool for risk mitigation in accordance with CSP priorities. |
EXCEL |
3/9/2017 |
| Initial Authorization Phase- Authorize: Agency Authorization Review Report Sample Template | FedRAMP Agency Authorization Review Report Sample Template | The PMO uses this template to review Agency ATO packages. |
|
6/20/2019 |
| Initial Authorization Phase- Authorize: FedRAMP ATO Letter Template | FedRAMP ATO Letter Template | The FedRAMP ATO Template is optional for Agencies to use when granting authorizations for CSOs that meet the FedRAMP requirements. |
WORD |
6/20/2019 |
| Continuous Monitoring Phase | FedRAMP Annual Security Assessment Plan (SAP) Template | The FedRAMP Annual SAP Template is intended for 3PAOs to plan a cloud system’s annual assessment and constitutes as a plan for testing once completed. |
WORD |
6/6/2017 |
| Continuous Monitoring Phase | FedRAMP Annual Security Assessment Report (SAR) Template | The FedRAMP Annual SAR Template provides a framework for 3PAOs to evaluate a cloud system’s implementation of and compliance with system-specific, baseline security controls required by FedRAMP. The template is intended for 3PAOs to report annual security assessment findings for CSPs. |
WORD |
6/16/2017 |
| Continuous Monitoring Phase | FedRAMP New Cloud Service Offering (CSO) or Feature Onboarding Request Template | The FedRAMP CSO or Feature Onboarding Request Template is used to capture an accredited 3PAO's assessment and attestation for onboarding a service or feature to an existing CSP’s system. |
WORD |
8/28/2018 |
| Continuous Monitoring Phase | FedRAMP Vulnerability Deviation Request Form | This form provides a standardized method to document deviation requests and is used to document Risk Adjustments, False Positives, and Operational Requirements. |
EXCEL |
8/28/2018 |
| Continuous Monitoring Phase | FedRAMP Significant Change Form Template | This document was developed to capture the type(s) of system changes requested and the supporting details surrounding requested system changes, including FIPS 199. It can be used to request a significant change within an existing ATO. |
|
8/28/2018 |
| Continuous Monitoring Phase | Continuous Monitoring Monthly Executive Summary Template | This form provides the JAB reviewers and PMO with an executive summary of the monthly continuous monitoring submission from a CSP. It should detail all files that should be reviewed with that submission. It should be filled out and submitted with every monthly continuous monitoring submission by the CSP or their 3PAO. |
EXCEL |
1/31/2018 |
| FedRAMP Tailored | FedRAMP Tailored LI-SaaS Requirements | FedRAMP Tailored Security Requirements for Low Impact Software as a Service (LI-SaaS) provides the minimum security control requirements for authorizing a LI-SaaS. |
WORD |
9/28/2017 |
| FedRAMP Tailored | APPENDIX A - FedRAMP Tailored Security Controls Baseline | Appendix A: FedRAMP Tailored Security Controls Baseline provides the LI-SaaS Baseline controls that CSPs must address. This template is also contained within the FedRAMP Security Controls Baseline, located on the Documents page. |
EXCEL |
11/14/2017 |
| FedRAMP Tailored | APPENDIX B - FedRAMP Tailored LI-SaaS Template | Appendix B: FedRAMP Tailored LI-SaaS Framework Template shows CSPs how to describe the security risk posture of their cloud-based SaaS application, based on the FedRAMP Tailored LI-SaaS security control baseline. |
WORD |
8/28/2018 |
| FedRAMP Tailored | APPENDIX C - FedRAMP Tailored LI-SaaS ATO Letter Template | Appendix C: FedRAMP Tailored LI-SaaS ATO Letter Template is a resource for Agencies to use when granting authorizations for CSOs that meet the FedRAMP LI-SaaS requirements. |
WORD |
9/28/2017 |
| FedRAMP Tailored | APPENDIX D - FedRAMP Tailored LI - SaaS Continuous Monitoring Guide | Appendix D: FedRAMP Tailored LI-SaaS Continuous Monitoring Guide provides guidance on continuous monitoring and ongoing authorization to maintain a security authorization that meets the FedRAMP Tailored LI-SaaS requirements. |
WORD |
9/28/2017 |
| FedRAMP Tailored | APPENDIX E - FedRAMP Tailored LI - SaaS Self-Attestation Requirements | Appendix E: FedRAMP Tailored LI-SaaS Self-Attestation Requirements provides the system requirements that the CSP must attest to for their CSO. |
WORD |
9/28/2017 |