In order to comply with National Institutes of Standards and Technology (NIST) Special Publication (SP) 800-53 (SP 800-53), Security and Privacy Controls for Federal Information Systems and Organizations, Revision 5 FedRAMP's has mandated a CSP Rev4 to Rev 5 Baseline Transition Plan that Signed May 30, 2023 and due September 1, 2023 and October 1, 2023. Cloud.gov lacked the resources to comply with a 90 day mandate and agreed to deliver the documentation no later than (NLT) March 17, 2024 which includes:
Identify the delta between their current Rev.4 implementation and the Rev.5 requirements
Develop plans (including implementation and testing schedule(s)) to address the delta. (current issue being addressed)
Document those plans in the SSP and POA&M(and post them to the CSP’s package repository)
Update plans based on leveraged CSP information (e.g.shared controls).
Chiakao
commented
6 months ago
In order to comply with National Institutes of Standards and Technology (NIST) Special Publication (SP) 800-53 (SP 800-53), Security and Privacy Controls for Federal Information Systems and Organizations, Revision 5 FedRAMP's has mandated a CSP Rev4 to Rev 5 Baseline Transition Plan that Signed May 30, 2023 and due September 1, 2023 and October 1, 2023. Cloud.gov lacked the resources to comply with a 90 day mandate and agreed to deliver the documentation no later than (NLT) March 17, 2024 which includes:
Identify the delta between their current Rev.4 implementation and the Rev.5 requirements
Update plans based on leveraged CSP information (e.g.shared controls).
1. Control Implementation Summary (CIS)
2. Customer Responsibility Matrix (CRM)
[x] Add Rev 4 Controls to Rev 5 CIS / CRM FedRAMP Template
[ ] Peer Review of updated Rev 5 CIS / CRM FedRAMP Template
Next steps:
Divide the Delta Controls needed to be added to template among Assurance group to do initial evaluation and add them to CIS/CRM
Meet as group to adjudicate all delta controls in template