Search For Any FedRAMP Policy or Guidance Resource

For Rev. 4 documents and templates, please refer to the Rev. 5 Transition page.

Authorization Phase

October 13, 2023

FedRAMP High, Moderate, Low, LI-SaaS Baseline System Security Plan (SSP)

The FedRAMP High, Moderate, Low, LI-SaaS Baseline SSP Template provides the framework to describe the system, the service offering components and features, and its security posture in the relevant diagrams, tables, and security controls of the High, Moderate, Low, or LI-SaaS impact cloud system.

[File Info: word - 848KB]

Documents & Templates

For Rev. 4 documents and templates, please refer to the Rev. 5 Transition page.

Refine Your Results

FedRAMP High, Moderate, Low, LI-SaaS Baseline System Security Plan (SSP)

SSP Appendix A - Moderate FedRAMP Security Controls

SSP Appendix A - Low FedRAMP Security Controls

SSP Appendix A - LI-SaaS FedRAMP Security Controls

SSP Appendix A - High FedRAMP Security Controls

SAR Appendix A - FedRAMP Risk Exposure Table (RET) Template

FedRAMP Plan of Action and Milestones (POA&M) Template

FedRAMP General Document Acceptance Criteria

FedRAMP Collaborative ConMon Quick Guide

Continuous Monitoring Performance Management Guide

FedRAMP Rev. 4 to Rev. 5 Assessment Controls Selection Template

SSP Appendix J - CIS and CRM Workbook

SSP Appendix Q - Cryptographic Modules Table

SSP Appendix M - Integrated Inventory Workbook Template

SSP Appendix G - Information System Contingency Plan (ISCP) Template

SSP Appendix F - Rules of Behavior (RoB) Template

SAP Appendix A - FedRAMP Moderate Security Test Case Procedures Template

SAP Appendix A - FedRAMP Low Security Test Case Procedures Template

SAP Appendix A - FedRAMP High Security Test Case Procedures Template

FedRAMP Security Assessment Report (SAR) Template

FedRAMP Security Assessment Plan (SAP) Template

FedRAMP Moderate Readiness Assessment Report (RAR) Template

FedRAMP Laws, Regulations, Standards and Guidance Reference

FedRAMP Initial Authorization Package Checklist

FedRAMP High Readiness Assessment Report (RAR) Template

3PAO Readiness Assessment Report Guide

FedRAMP Security Controls Baseline

3PAO Obligations and Performance Guide

Branding Guidance

Reusing Authorizations for Cloud Products Quick Guide

Penetration Test Guidance

Subnets White Paper

FedRAMP Package Access Request Form

Threat-Based Risk Profiling Methodology White Paper

CSP Authorization Playbook: Getting Started with FedRAMP

Plan of Action and Milestones (POA&M) Template Completion Guide

Agency Authorization Playbook

FedRAMP Authorization Boundary Guidance

Incident Communications Procedures

FedRAMP Agency Authorization Review Report Sample Template

Vulnerability Scanning Requirements for Containers

Timeliness and Accuracy of Testing Requirements

JAB Prioritization Criteria and Guidance

FedRAMP ATO Letter Template

FedRAMP Vulnerability Deviation Request Form

FedRAMP Significant Change Form Template

FedRAMP New Cloud Service Offering (CSO) or Feature Onboarding Request Template

Significant Change Policies and Procedures

Joint Authorization Board Charter

Continuous Monitoring Strategy Guide

FedRAMP Accelerated: A Case Study for Change Within Government

Vulnerability Scanning Requirements

Guide for Determining Eligibility and Requirements for the Use of Sampling for Vulnerability Scans

Automated Vulnerability Risk Adjustment Framework Guidance

Annual Assessment Controls Selection Worksheet

Continuous Monitoring Monthly Executive Summary Template

Control Specific Clauses

Annual Assessment Guidance

CSP JAB P-ATO Roles and Responsibilities

FedRAMP Policy Memo