Closed pburkholder closed 8 years ago
brittag
commented
8 years ago I'm not sure if this is what you have in mind, but I've found this page helpful: https://www.fedramp.gov/resources/templates-2016/ - it has detailed SSP template files in .docx format.
pburkholder
commented
8 years ago Thanks, @brittag, I've looked at the templates, and I was curious how the parameters etc came together in a finished product. But if there's nothing handy then I can get by without. Thanks, Peter
afeld
commented
8 years ago I don't know of a single completed system security plan out in the wild... @mogul @dlapiduz could we post our manually-filled-in Word version somewhere as a reference?
mogul
commented
8 years ago I'm determined to keep aggressively pursuing the work on the fedramp-templater and currying all of our changes back upstream to the YAML. But if that ends up stretching out, and the "this info shouldn't be public!" rhetoric dies down, then we'll put the Word doc up directly.
mogul
commented
7 years ago @mogul @dlapiduz could we post our manually-filled-in Word version somewhere as a reference?
Here's a subset for example purposes. https://github.com/opencontrol/fedramp-templater/pull/43
pburkholder
commented
7 years ago @mogul That AU example @brittag put up is really helpful. Thanks! Getting the front matter would be nice, but that suffices to close this as far as I'm concerned.
I understand that use of opencontrol/masonry has not kept pace with the real-world demands for Word document output that can be consumed by assessors and auditors. In the case of cloud.gov compliance, would you be able to share an example Word document that is acceptable to assessors and auditors so I can see where gaps are?
Ref: https://github.com/opencontrol/compliance-masonry/issues/153