fedramp.gov
FedRAMP Initial Authorization Package Checklist
7
SSP ATTACHMENT 7 - Configuration Management Plan (CMP)
SSP ATTACHMENT 8 - Incident Response Plan (IRP)
SSP ATTACHMENT 9 - Control Implementation Summary (CIS) Workbook
SSP ATTACHMENT 10 - Federal Information Processing Standard (FIPS) 199
SSP ATTACHMENT 11 - Separation of Duties Matrix
SSP ATTACHMENT 12 - Laws and Regulations (if additional system-specific
laws or regulations apply (e.g., HIPAA), include them)
SSP ATTACHMENT 13 - Integrated Inventory Workbook
Plan of Action and Milestones (POA&M)
Continuous Monitoring Strategy (required by CA-7)
Continuous Monitoring Monthly Executive Summary
Cloud Service Providers Documentation Responsibilities
System Security Plan (SSP) - Must be submitted in Word format and a PDF
version
SSP ATTACHMENT 1 - Information Security Policies and Procedures
(covering all control families)
SSP ATTACHMENT 2 - User Guide
SSP ATTACHMENT 3 - Digital Identity Worksheet
SSP ATTACHMENT 4 - Privacy Threshold Analysis (PTA)
SSP ATTACHMENT 4 - Privacy Impact Assessment (PIA) (if the answer to any
of the qualifying questions in the PTA is “Yes”, complete the PIA template
and submit it as an attachment to the SSP)
SSP ATTACHMENT 5 - Rules of Behavior (RoB)
SSP ATTACHMENT 6 - Information System Contingency Plan (ISCP) (be sure
to include the Contingency Plan Test Report in Appendix G of the ISCP)