StateRAMP

Modules include:

• System Security Plan (SSP) High-Moderate-Low
• System Security Plan (SSP)
• Security Assessment Report (SAR)
• Security Assessment Plan (SAP)
• Plan of Action and Milestones (POA&M)
• Customer Responsibility Matrix
• Electronic Authentication (E-Authentication) Plan
• Privacy Impact Assessment (PIA)
• Rules of Behavior (RoB)
• Information System Contingency Plan (ISCP)
• CIS for SSP Low, Moderate, or High Baselines
• Integrated Inventory Workbook
• Information System Security Policies and Procedures
• Configuration Management (CM) Plan
• Control Implementation Summary (CIS)
• CIS Worksheet
• IT Contingency Plan (CP)
• Incident Response Plan (IRP)
• Rules of Behavior (ROB)
• AC Access Control
• AT Awareness and Training
• AU Audit and Accountability
• CA Certification, Accreditation, and Security Assessment
• CM Configuration Management
• CP Contingency Planning
• IA Identification and Authentication
• IR Incident Response
• MA Maintenance
• MP Media Protection
• PE Physical and Environmental Protection
• PL Planning
• PS Personnel Security
• RA Risk Assessment
• SA System and Services Acquisition
• SC System and Communications Protection
• SI System and Information Integrity
• PM Project Management

ConMon

• Continuous Monitoring Activities & Deliverables: Continuous
• Continuous Monitoring Activities & Deliverables: Weekly
• Continuous Monitoring Activities & Deliverables: 10 days
• Continuous Monitoring Activities & Deliverables: Monthly
• Continuous Monitoring Activities & Deliverables: 60 days
• Continuous Monitoring Activities & Deliverables: Quarterly (90 days)
• Continuous Monitoring Activities & Deliverables: Annual
• Continuous Monitoring Activities & Deliverables: Every 2 years
• Continuous Monitoring Activities & Deliverables: Every 3 years
• Continuous Monitoring Activities & Deliverables: Every 5 years
• StateRAMP Significant Change Request Form
• StateRAMP Significant Change Request Form: Attachment A

Policies and Procedures

• AC – Access Control Policy
• AC – Access Control Procedure
• AT – Awareness & Training Policy
• AT – Awareness & Training Procedure
• AU – Audit & Accountability Policy
• AU – Audit & Accountability Procedure
• CA – Security Assessment and Authorization Policy
• CA – Security Assessment and Authorization Procedure
• CM – Configuration Management Policy
• CM – Configuration Management Procedure
• CP – Contingency Planning Policy
• CP – Contingency Planning Procedure
• IA – Identification & Authentication Policy
• IA – Identification & Authentication Procedure
• IR – Incident Response Policy
• IR – Incident Response Procedure
• MA – Maintenance Policy
• MA – Maintenance Procedure
• MP – Media Protection Policy
• MP – Media Protection Procedure
• PE – Physical & Environmental Policy
• PE – Physical & Environmental Procedure
• PL – Planning Policy
• PL – Planning Procedure
• PS – Personnel Policy
• PS – Personnel Procedure
• RA – Risk Assessment Policy
• RA – Risk Assessment Procedure
• SA – System & Services Acquisition Policy
• SA – System & Services Acquisition Procedure
• SC – System & Communications Protection Policy
• SC – System & Communications Protection Procedure
• SI – System & Information Integrity Policy
• SI – System & Information Integrity Procedure