From c8f9787b292b777ec529d6b9bf9f9aa5863175d8 Mon Sep 17 00:00:00 2001 From: "A.J. Stein" Date: Tue, 10 Dec 2024 15:25:05 -0500 Subject: [PATCH 1/5] [skip ci] WIP take 1 on attachment constraints --- .../ssp/xml/fedramp-ssp-example.oscal.xml | 1439 +++++++---------- .../fedramp-external-constraints.xml | 17 + 2 files changed, 601 insertions(+), 855 deletions(-) diff --git a/src/content/rev5/examples/ssp/xml/fedramp-ssp-example.oscal.xml b/src/content/rev5/examples/ssp/xml/fedramp-ssp-example.oscal.xml index 3486741d3..7fb0d5d6f 100644 --- a/src/content/rev5/examples/ssp/xml/fedramp-ssp-example.oscal.xml +++ b/src/content/rev5/examples/ssp/xml/fedramp-ssp-example.oscal.xml @@ -1,6 +1,7 @@ - + FedRAMP [Baseline Name] System Security Plan (SSP) 2024-12-31T23:59:59Z @@ -12,7 +13,8 @@ 2023-06-30T00:00:00Z 1.0 1.0.4 - +

Initial publication.

 @@ -21,14 +23,15 @@ 2023-07-06T00:00:00Z 1.1 1.0.4 - +

Minor prop updates.

 - + @@ -193,12 +196,6 @@

This is a sample role.

 - - Leveraged Authorization Users - -

Any internal users of a leveraged authorization.

- - External System Owner @@ -284,8 +281,7 @@

Replace sample CSP information.

CSP information must be present and associated with the "cloud-service-provider" role - via responsible-party. -

+ via responsible-party.

 @@ -293,7 +289,6 @@ FedRAMP PMO - info@fedramp.gov
1800 F St. NW @@ -561,7 +556,8 @@ - +

This example points to the FedRAMP Rev 5 Moderate baseline that is part of the official FedRAMP 3.0.0 release.

@@ -571,7 +567,7 @@ - F00000000 + F00000000 System's Full Name System's Short Name or Acronym @@ -605,10 +601,10 @@ - + - + fips-199-moderate @@ -774,16 +770,16 @@ AwesomeCloud Commercial(IaaS) - - - + +

For now, this is a required field. In the future we intend to pull this information directly from FedRAMP's records based on the "leveraged-system-identifier" property's value.

 - +

For now, this is a required field. In the future we intend to pull this information directly from FedRAMP's records @@ -804,17 +800,9 @@ - - - - - system-poc-technical - Admin - -

admin user

- - administration + + none

The user assembly is being reviewed for continued applicability @@ -825,61 +813,34 @@ - - - - - - system-poc-technical + Add/Remove Admins This can add and remove admins. - - - - - system-poc-technical + - Admin - -

admin user

- - administration + + add/remove non-privliged admins - - - - - system-poc-technical + - Admin - -

admin user

- - administration + + Manage services and components within the virtual cloud environment. - - - - - system-owner + - Admin - -

admin user

- - administration + + Add and remove users from the virtual cloud environment. - - + @@ -899,12 +860,11 @@ - - - - - + + + + Awesome Cloud IaaS (Leveraged Authorized System) @@ -914,16 +874,16 @@ - - + +

If 'yes', describe the authentication method.

If 'no', explain why no authentication is used.

If 'not-applicable', attest explain why authentication is not applicable in the remarks.

 - - + + @@ -936,8 +896,8 @@ - - + +

This is a leveraged system within which this system operates. @@ -973,7 +933,7 @@

Links to the vendor website describing the system are encouraged, but not required.

- +

Services

A service within the scope of the leveraged system's authorization boundary is considered an "authorized service". Any other service offered by the @@ -992,13 +952,12 @@ a "poam-item" link that references a corrisponding entry in this system's POA&M. - +

Both authorized and non-authorized leveraged services include:

  • a "provided-by" link with a URI fragment that points to the "system" component representing the leveraged system. - (Example: "#11111111-2222-4000-8000-009000100001") -
    • + (Example: "#11111111-2222-4000-8000-009000100001")
  • the name of the service in the title (for authorized services this should be exactly as it appears in the FedRAMP Marketplace
  • an "implementation-point" core property with a value of "external"
    • @@ -1010,7 +969,7 @@
  • a status with a state value of "operational"
  • At least one responsible-role (other than "provider") that indicates any authorized users. This must have one or more "privilege-uuid" property/extensions. Each references - a user assembly entry.
    • + a user assembly entry.

Although SSP Table 7.1 also requires data categoriation and hosting @@ -1028,13 +987,15 @@ - - + + + - - + + + 11111111-2222-4000-8000-004000000008

This is a service offered by a leveraged system and used by this system. @@ -1049,8 +1010,7 @@ leveraged-authorization entry

  • an "implementation-point" property with a value of "external"; and
  • a "provided-by" link with a URI fragment that points to the - "system" component representing the leveraged system. (Example: "#11111111-2222-4000-8000-009000100001") -
    • + "system" component representing the leveraged system. (Example: "#11111111-2222-4000-8000-009000100001")

    Where relevant, this component should also have:

    @@ -1077,10 +1037,11 @@     - - - - + + + + + Service B @@ -1088,30 +1049,28 @@

    Describe the service and what it is used for.

     - - - - - + + +

    If 'yes', describe the authentication method.

    If 'no', explain why no authentication is used.

    If 'not-applicable', attest explain why authentication is not applicable in the remarks.

         - - - - - + + + + - - - - - 33333333-2222-4000-8000-004000000001 + + + 11111111-2222-4000-8000-004000000010 + 11111111-2222-4000-8000-004000000011 + 11111111-2222-4000-8000-004000000012 +

    This is a service offered by a leveraged system and used by this system. It is NOT explicitly listed on the FedRAMP marketplace as being included in the scope of the leveraged system's ATO, thus is treated as a @@ -1126,12 +1085,10 @@

  • One or more "information-type" property/extensions, where the allowed values are the 800-63 information type identifiers, and the cited types are included full list of system information types.
  • exactly one "poam-item" link, with an href value that references the - POA&M and a resource-fragment that represents the - POAM&M ID (legacy) in a Excel workbook or poam-item-uuid (preferred) - in an OSCAL-based POA&M.
    • + POA&M and a resource-fragment that represents the POAM&M ID (legacy/Excel POA&M) + or poam-item UUID (OSCAL POA&M)
  • a "provided-by" link with a URI fragment that points to the - "system" component representing the leveraged system. (Example: "#11111111-2222-4000-8000-009000100001") -
    • + "system" component representing the leveraged system. (Example: "#11111111-2222-4000-8000-009000100001")
  • @@ -1140,7 +1097,7 @@ tools are able to distinguish between authorized and non-authorized services from the same leveraged provider.

    - +

    Where relevant, this component should also have:

    • At least one responsible-role that indicates the authorized userswith a role-id of "leveraged-authorization-users" and exactly @@ -1157,7 +1114,7 @@
    • Package ID, Authorization Type, Impact Level

    - +

    - An "inherited-uuid" property if the leveraged system's owner provides a UUID for their system (such as in an OSCAL-based CRM).

    Link(s) to the vendor's web site describing the service are encouraged, but not @@ -1175,34 +1132,22 @@ - - - + + + Other Cloud SaaS

    An external system to which this system shares an interconnection.

    - - - - - - -

    If 'yes', describe the authentication method.

    -

    If 'no', explain why no authentication is used.

    -

    If 'not-applicable', attest explain why authentication is not applicable in the remarks.

    -     -     - + - - + 33333333-2222-4000-8000-004000000001 - +     11111111-2222-4000-8000-004000000008 @@ -1220,6 +1165,7 @@ +

    Each interconnection to one or more remote systems must have:

    • a "system" component (this component)
      • @@ -1234,7 +1180,7 @@ remote listening ports, one or more "protocol" assemblies must be provided.
    - +

    While not required, each "system" component should have:

    • an "inherited-uuid" property if the value was provided by the system owner
      • @@ -1243,7 +1189,7 @@
    • an "system-owner" responsible-role
    • an "system-poc-management" responsible-role
    • an "system-poc-technical" responsible-role
      • -
    +

    Unlike prior FedRAMP OSCAL publications, avoid the use of FedRAMP properties/extensions for these roles, instead favor the core OSCAL responsible-roles constructs, and the NIST-standard roles of @@ -1252,52 +1198,51 @@ - - + + [EXAMPLE]Authorized Connection Information System Name

    Describe the purpose of the external system/service; specifically, provide reasons for connectivity (e.g., system monitoring, system alerting, download updates, etc.)

    - - - - - + + +

    If 'yes', describe the authentication method in the remarks.

    If 'no', explain why no authentication is used in the remarks.

    If 'not-applicable', attest explain why authentication is not applicable in the remarks.

         - - - - - - + + + + + +

    Describe the hosting of the interconnection itself (NOT the hosting of the remote system).

         - - - - - - + + + + - - - + + + + + + - + 44444444-2222-4000-8000-004000000001 @@ -1307,12 +1252,17 @@ 11111111-2222-4000-8000-004000000008 + + + 11111111-2222-4000-8000-004000000010 + 11111111-2222-4000-8000-004000000011 + 11111111-2222-4000-8000-004000000012 + + - - Incoming FTP Service - - + +

    Each interconnection to one or more remote systems must have:

    • one "system" component for each remote system sharing the connection
      • @@ -1332,6 +1282,10 @@
    • at least one "agreement" link with an href vlue that refers to a back-matter resource containing the interconnection security agreemnet (ISA)
    • exactly one "used-by" link with an href value that refers to the "this-system" component.
    • one or more "used-by" links with href values that refer to each "system" component representing a remote system sharing the connection.
      • +
    • exactly one "poam-item" link, with an href value that references the + POA&M and a resource-fragment that represents the POAM&M ID (legacy/Excel POA&M) + or poam-item UUID (OSCAL POA&M)
      • +
    • exactly one "provider" responsible role that references the party information for the organization the provides the connection.

    Authentication methods must address both system-authentication as well as @@ -1345,7 +1299,7 @@

  • a "compliance" property/extension if appropriate
  • an "system-poc-management" responsible-role
  • an "system-poc-technical" responsible-role
    • - +

    Unlike prior FedRAMP OSCAL publications, avoid the use of FedRAMP properties/extensions for these roles, instead favor the core OSCAL responsible-roles constructs, and the NIST-standard roles of @@ -1354,20 +1308,20 @@ - - + + Other Cloud SaaS

    - - + + - + - + 11111111-2222-4000-8000-004000000010 @@ -1389,8 +1343,8 @@ here.

    For an external system, the "implementation-point" property must always be present with a value of "external".

    - - + +

    Each interconnection must be defined with both an "system" component and an "interconnection" component.

    Must include all leveraged services and features from the leveraged authorization @@ -1398,7 +1352,7 @@ - + Service C @@ -1406,18 +1360,18 @@

    Describe the service and what it is used for.

    - - - - + + + +

    If 'yes', describe the authentication method in the remarks.

    If 'no', explain why no authentication is used in the remarks.

    If 'not-applicable', attest explain why authentication is not applicable in the remarks.

         - - + +

    This can only be known if provided by the leveraged system. @@ -1426,55 +1380,61 @@ - + - - + + + 11111111-2222-4000-8000-c0040000000a + + + 11111111-2222-4000-8000-004000000010 11111111-2222-4000-8000-004000000011 11111111-2222-4000-8000-004000000012 - - 33333333-2222-4000-8000-004000000001 - - - + + +

    This is a service provided by an external system other than the leveraged system.

    As a result, the "leveraged-authorization-uuid" property is not applicable and must NOT be used.

    Each external service used from a leveraged authorization must have:

    -

    - a "system" component (CURRENTLY DEFERRED DUE TO A KNOWN ISSUE WITH THE "provided-by" link relationship).

    -

    - a "service" component (this component).

    +
      +
    • a "system" component (CURRENTLY DEFERRED DUE TO A KNOWN ISSUE WITH THE "provided-by" link relationship).
      • +
    • a "service" component (this component).
      • +

    This component must always have:

    -

    - The name of the service in the title - preferably exactly as it appears on the - vendor's web site

    -

    - A "risk" property/extension - using the remarks, either describe any risk or state there is no risk and provide a basis for that assertion.

    -

    - An "implementation-point" property with a value of "external".

    -

    - A "provided-by" link with a URI fragment that points to the UUID of the above - "system" component.

    -

    - Example: "#11111111-2222-4000-8000-009000100001" -

    -

    - IMPORTANT: Due to a known error in core OSCAL (versions <=1.1.2) constraints, - this property is blocked from proper use.

    -

    - a status with a state value of "operational"

    +
      +
    • The name of the service in the title - preferably exactly as it appears on the + vendor's web site
      • +
    • An "implementation-point" property with a value of "external".
      • +
    • A "provided-by" link with a URI fragment that points to the UUID of the above + "system" component.
      • +
    • exactly one "poam-item" link, with an href value that references the + POA&M and a resource-fragment that represents the POAM&M ID (legacy/Excel POA&M) + or poam-item UUID (OSCAL POA&M)
      • +
    • a status with a state value of "operational"
      • +

    Where relevant, this component should also have:

    -

    - One or more "information-type" properties, where the allowed values are the 800-63 - information type identifiers.

    -

    - A responsible-role with a role-id of "leveraged-authorization-users" and exactly - one or more party-uuid entries that indicates which users within this system may - interact with the leveraged systeme.

    -

    - An "inherited-uuid" property if the leveraged system's owner provides a UUID for - their system (such as in an OSCAL-based CRM).

    -

    Link(s) to the vendor's web site describing the service are encouraged, but not - required.

    +
      +
    • One or more "information-type" properties, where the allowed values are the 800-63 + information type identifiers.
      • +
    • A responsible-role with a role-id of "leveraged-authorization-users" and exactly + one or more party-uuid entries that indicates which users within this system may + interact with the leveraged systeme.
      • +
    • An "inherited-uuid" property if the leveraged system's owner provides a UUID for + their system (such as in an OSCAL-based CRM).
      • +
    • Link(s) to the vendor's web site describing the service are encouraged, but not + required.
      • +

    The following fields from the Leveraged Authorization Table are handled in the leveraged-authorization assembly:

    @@ -1484,143 +1444,277 @@ "system" component assembly:

    - Nature of Agreement, CSP Name

    -

    An unauthorized service from an underlying leveraged authorization must NOT have the "leveraged-authorization-uuid" property. The presence or absence of this property is how the authorization status of a service is indicated.

    +

    An unauthorized service from an underlying leveraged authorization + must NOT have the "leveraged-authorization-uuid" property. The presence + or absence of this property is how the authorization status of a service is indicated.

         - - - Service C + + + + Undetermined External API Clients + +

    This component represents any of the public API clients that may + access this systems'API service.

    +     + + + + + + + +

    When an API service is offered to a large community, this one component + bay be used to represent the collection of API clients that may connect + from that community. This must have:

    +
      +
    • a component type set to "external-client"
      • +
    • an "implementation-point" property set to "external"
      • +
    • one or more responsible roles should be defined representing + the community of potential API client users. If the servvice + is open to the public, use the "public" responsible-role ID.
      • +
    +     +     + + API Service -

    A service provided by an external system other than the leveraged system.

    +

    A service offered by this system to external systems, such as an API. + As a result, communication crosses the boundary.

    Describe the service and what it is used for.

     - - - - - + + + + + +

    If 'yes', describe the authentication method in the remarks.

    If 'no', explain why no authentication is used in the remarks.

    If 'not-applicable', attest explain why authentication is not applicable in the remarks.

         - + -

    Either describe a risk associated with this service, or indicate there is no identified risk.

    -

    If there is no risk, please explain your basis for that conclusion.

    +

    Terms of Use

     -     - - -

    If there are one or more identified risks, describe any resulting impact.

    -     -     - + + + -

    If there are one or more identified risks, describe any mitigating factors.

    +

    Explain why authentication scans are not possible for this component. + Provide evidence if available, such as scanner tool or vendor links.

         + - + + + - + - - 11111111-2222-4000-8000-004000000018 - - - 11111111-2222-4000-8000-004000000011 + + + 11111111-2222-4000-8000-004000000010 + 11111111-2222-4000-8000-004000000011 + 11111111-2222-4000-8000-004000000012 - - - Remote API Service + + API Service - -

    This is a service provided by an external system other than the leveraged system.

    - - - -

    - A "risk" property/extension - using the remarks, either describe any risk or state there is no risk and provide a basis for that assertion.

    - - - -

    As a result, the "leveraged-authorization-uuid" property is not applicable and must - NOT be used.

    -

    All services require the "implementation-point" property. In this case, the property - value is set to "external.

    -

    All external services would normally require a "provided-by" link; however, a known - bug in core OSCAL syntax prevents the use of this property at this time.

    -

    If the leveraged system owner provides a UUID for their service (such as in an - OSCAL-based CRM), it should be reflected in the inherited-uuid - property.

    - - - +

    This is a service provided by this system to external systems, such as an + offered API. The following is required:

    +
      +
    • The "title" fields must have the name of the offered API.
      • +
    • The "description" field must include the purpose and use of the API.
      • +
    • The component "type" attribute must have a value of "service".
      • +
    • The "implementation-point" property must have a value of "internal".
      • +
    • The "communicates-externally" prop/extensions must have a value of "yes".
      • +
    • One or more "information-type" prop/extensions must be present with 800-60 information type values.
      • +
    • The "connection-security" prop/extensions must be present with an appropriate value.
      • +
    • The "authentication-method" prop/extensions must be present with an appropriate value.
      • +
    • The "authentication-method" prop/extensions "remarks" must provide additional content.
      • +
    • The "nature-of-agreement" prop/extension must identify any governing terms for the connection.
      • +
    • One or more "used-by" links must provide the component UUID of the other system.
      • +
    • A "poam-item" link, which must have an href value that references the POA&M and a + resource-fragment that represents the POAM&M ID (legacy/Excel POA&M) + or poam-item UUID (OSCAL POA&M)
      • +
    • A "status" field that must have a state of "operational"
      • +
    • One or more "responsible-role" fields with: +
        +
      • one or more roles by "role-id" [rquiried]
        • +
      • one or more "privilege-uuid" prop/extensions [required]
        • +
      • one or more "party-uuid" values to identify who has these privliges. [required]
        • +
      +
      • +
    • One or more "protocol" fields.
      • +
    +

    +

    Because this is softare that exists within the boundary, it is also requires the following + in satisfaction of inventory/CM/ConMon requirements:

    +
      +
    • An "allows-authenticated-scan" property with an appropriate value.
      • +
    • An "scan-type" property/extension set to "infrastructure".
      • +
    • TODO: Revisit this list when working the inventory epic
      • +
    - + Management CLI -

    None

    +

    A CLI tool used from within this system's boundary to manage a + hypervisor, service, or other system outside this system's boundary, + resulting in communication that crosses the boundary.

     - - - - + + + + + +

    If 'yes', describe the authentication method in the remarks.

    If 'no', explain why no authentication is used in the remarks.

    If 'not-applicable', attest explain why authentication is not applicable in the remarks.

     -     - - - + + -

    Either describe a risk associated with this CLI, or indicate there is no identified risk.

    -

    If there is no risk, please explain your basis for that conclusion.

    +

    Terms of Use

     -     - + + + -

    If there are one or more identified risks, describe any resulting impact.

    +

    Explain why authentication scans are not possible for this component. + Provide evidence if available, such as scanner tool or vendor links.

         - + + + + + + + + 11111111-2222-4000-8000-004000000010 + + +

    When an internal CLI tool communicates with a system outside the boundary, + such as for management of the underlying leveraged system or interaction + with an external system, the following is required:

    +
      +
    • The "title" fields must have the name of the CLI tool.
      • +
    • The "description" field must include the purpose and use of the tool within this system.
      • +
    • The component "type" attribute must have a value of "software".
      • +
    • The "asset-type" property must have a value of "cli".
      • +
    • The "implementation-point" property must have a value of "internal".
      • +
    • The "communicates-externally" prop/extensions must have a value of "yes".
      • +
    • One or more "information-type" prop/extensions must be present with 800-60 information type values.
      • +
    • The "connection-security" prop/extensions must be present with an appropriate value.
      • +
    • The "authentication-method" prop/extensions must be present with an appropriate value.
      • +
    • The "authentication-method" prop/extensions "remarks" must provide additional content.
      • +
    • The "nature-of-agreement" prop/extension must identify any governing terms for the connection.
      • +
    • One or more "communicates-with" link must provide the component UUID of the other system.
      • +
    • A "poam-item" link, which must have an href value that references the POA&M and a + resource-fragment that represents the POAM&M ID (legacy/Excel POA&M) + or poam-item UUID (OSCAL POA&M)
      • +
    • A "status" field that must have a state of "operational"
      • +
    • One or more "responsible-role" fields with: +
        +
      • one or more roles by "role-id" [rquiried]
        • +
      • one or more "privilege-uuid" prop/extensions [required]
        • +
      • one or more "party-uuid" values to identify who has these privliges. [required]
        • +
      +
      • +
    +

    +

    Because this is softare that exists within the boundary, it is also requires the following + in satisfaction of inventory/CM/ConMon requirements:

    +
      +
    • An "allows-authenticated-scan" property with an appropriate value.
      • +
    • An "scan-type" property/extension set to "infrastructure".
      • +
    • TODO: Revisit this list when working the inventory epic
      • +
    +     +     + + + + External Management CLI + +

    A CLI tool used by systems outside the authorization boundary to manage + or interact with this system..

    +     + + + + + + -

    If there are one or more identified risks, describe any mitigating factors.

    +

    If 'yes', describe the authentication method in the remarks.

    +

    If 'no', explain why no authentication is used in the remarks.

    +

    If 'not-applicable', attest explain why authentication is not applicable in the remarks.

     -     - + + -

    +

    Terms of Use

     -     - +     + + - - 11111111-2222-4000-8000-004000000018 - - - 11111111-2222-4000-8000-004000000011 + + + +

    When a CLI tool outside the system communicates with this system, + such as for management of the user's hypervisor in this system, the + following is required:

    +
      +
    • The "title" fields must have the name of the CLI tool.
      • +
    • The "description" field that describes how the tool can influence the operation of this system.
      • +
    • The component "type" attribute must have a value of "software".
      • +
    • The "asset-type" property must have a value of "cli".
      • +
    • The "implementation-point" property must have a value of "external".
      • +
    • One or more "information-type" prop/extensions must be present with 800-60 information type values.
      • +
    • The "connection-security" prop/extensions must be present with an appropriate value.
      • +
    • The "authentication-method" prop/extensions must be present with an appropriate value.
      • +
    • The "authentication-method" prop/extensions "remarks" must provide additional content.
      • +
    • The "nature-of-agreement" prop/extension must identify any governing terms for the connection.
      • +
    • One or more "communicates-with" link must provide the component UUID of the component within this system.
      • +
    • A "poam-item" link, which must have an href value that references the POA&M and a + resource-fragment that represents the POAM&M ID (legacy/Excel POA&M) + or poam-item UUID (OSCAL POA&M)
      • +
    • A "status" field that must have a state of "operational"
      • +
    • One or more "responsible-role" fields with: +
        +
      • one or more roles by "role-id" [rquiried]
        • +
      • one or more "privilege-uuid" prop/extensions [required]
        • +
      • one or more "party-uuid" values to identify who has these privliges. [optional]
        • +
      +
      • +
    +

    +

    As this is impelemented external to the system boundary, information such as "scan-type" + and "allows-authenticated-scanning" are not applicable and should not be present.

    +     - - - - Service D @@ -1647,14 +1741,16 @@ compliance (e.g., Module in Process).

    - - - + + + - +     @@ -1666,14 +1762,16 @@ compliance (e.g., Module in Process).

    - - - + + + - +     @@ -1691,7 +1789,7 @@

    FUNCTION: Describe typical component function.

    - + @@ -1706,13 +1804,13 @@     - + [SAMPLE]Product Name

    FUNCTION: Describe typical component function.

     - + @@ -1727,15 +1825,29 @@     - + + Email Service + +

    Email Service

    +     + + + + + + + + +     + [SAMPLE]Product

    FUNCTION: Describe typical component function.

     - - + + @@ -1750,58 +1862,42 @@

    COMMENTS: Provide other comments as needed.

     - + OS Sample

    None

     - +     - + Database Sample

    None

     - - - - - - -

    If 'yes', describe the authentication method.

    -

    If 'no', explain why no authentication is used.

    -

    If 'not-applicable', attest explain why authentication is not applicable in the remarks.

    -     -     - + - - 11111111-2222-4000-8000-004000000011 - - - 33333333-2222-4000-8000-004000000001 -     - + Appliance Sample

    None

     - - + + @@ -1811,183 +1907,70 @@     - - - AC Policy - -

    The Access Control Policy governs how access is managed and approved.

    -     - - -     - - AT Policy - -

    The Awareness and Training Policy governs how access is managed and approved.

    -     - - -     - - AU Policy - -

    The Audit and Accountability governs how access is managed and approved.

    -     - - -     - - CA Policy - -

    The Assessment, Authorization, and Monitoring Policy governs how access is managed - and approved.

    -     - - -     - - CM Policy - -

    The Configuration Management Policy governs how access is managed and approved.

    -     - - -     - - CP Policy - -

    The Contingency Planning Policy governs how access is managed and approved.

    -     - - -     - - IA Policy - -

    The Identificaiton and Authentication Policy governs how access is managed and - approved.

    -     - - -     - - IR Policy - -

    The Incident Response Policy governs how access is managed and approved.

    -     - - -     - - MA Policy - -

    The Maintenance Policy governs how access is managed and approved.

    -     - - -     - - MP Policy - -

    The Media Protection Policy governs how access is managed and approved.

    -     - - -     - - PE Policy - -

    The Physical and Enviornmental Protection Policy governs how access is managed and - approved.

    -     - - -     - - PL Policy - -

    The Planning Policy governs how access is managed and approved.

    -     - - -     - - PM Policy - -

    The Program Management Policy governs how access is managed and approved.

    -     - - -     - - PS Policy - -

    The Personnel Security Policy governs how access is managed and approved.

    -     - - -     - - PT Policy - -

    The PII Processing and Transparency Policy governs how access is managed and - approved.

    -     - - -     - - RA Policy - -

    The Risk Assessment Policy governs how access is managed and approved.

    -     - - -     - - SA Policy + + + IPv4 Production Subnet -

    The System and Services Acquisition Policy governs how access is managed and - approved.

    +

    IPv4 Production Subnet.

     - + + +     - - S3 Policy + + IPv4 Management Subnet -

    The System and Communication Protection Policy governs how access is managed and - approved.

    +

    IPv4 Management Subnet.

     - + + + +     - - SI Policy + + + + + + Access Control and Identity Management Policy -

    The System and Information Integrity Policy governs how access is managed and - approved.

    +

    The Access Control and Identity Management Policy governs how + user identities and access rights are managed.

     - + + +

    A policy component is required for each policy that governs the system.

    +

    The title, description and status fields are required by core OSCAL. + The title field should reflect the actual title of the policy document.

    +

    A "policy" link field must be present that identifies the back-matter + resource representing the attached policy.

    +

    The document version and date are represented in the linked resource. Not here.

    +

    At this time FedRAMP does not _require_ policy approver or + audience information in the SSP; however, both may be represented here + using the responsible-role field. If electing to include this information, + use the "approver" role ID to represent approvers. Any other role listed + is assumed to be audience.

    +     - - SR Policy + + AT Policy -

    The Supply Chain Risk Management Policy governs how access is managed and - approved.

    +

    The Awareness and Training Policy governs how access is managed and approved.

     - +     - AC Policy + Access Control Procedure

    The Access Control Procedure governs how access is managed and approved.

     - +     @@ -1995,219 +1978,11 @@

    The Awareness and Training Procedure governs how access is managed and approved.

     - - -     - - AU Policy - -

    The Audit and Accountability Procedure governs how access is managed and - approved.

    -     - - -     - - CA Policy - -

    The Assessment, Authorization, and Monitoring Procedure governs how access is managed - and approved.

    -     - - -     - - CM Policy - -

    The Configuration Management Procedure governs how access is managed and - approved.

    -     - - -     - - CP Policy - -

    The Contingency Planning Procedure governs how access is managed and approved.

    -     - - -     - - IA Policy - -

    The Identificaiton and Authentication Procedure governs how access is managed and - approved.

    -     - - -     - - IR Policy - -

    The Incident Response Procedure governs how access is managed and approved.

    -     - - -     - - MA Policy - -

    The Maintenance Procedure governs how access is managed and approved.

    -     - - -     - - MP Policy - -

    The Media Protection Procedure governs how access is managed and approved.

    -     - - -     - - PE Policy - -

    The Physical and Enviornmental Protection Procedure governs how access is managed and - approved.

    -     - - -     - - PL Policy - -

    The Planning Procedure governs how access is managed and approved.

    -     - - -     - - PM Policy - -

    The Program Management Procedure governs how access is managed and approved.

    -     - - -     - - PS Policy - -

    The Personnel Security Procedure governs how access is managed and approved.

    -     - - -     - - PT Policy - -

    The PII Processing and Transparency Procedure governs how access is managed and - approved.

    -     - - -     - - RA Policy - -

    The Risk Assessment Procedure governs how access is managed and approved.

    -     - - -     - - SA Policy - -

    The System and Services Acquisition Procedure governs how access is managed and - approved.

    -     - - -     - - S3 Policy - -

    The System and Communication Protection Procedure governs how access is managed and - approved.

    -     - - -     - - SI Policy - -

    The System and Information Integrity Procedure governs how access is managed and - approved.

    -     - - -     - - SR Policy - -

    The Supply Chain Risk Management Procedure governs how access is managed and - approved.

    -     - +     - - - IPv4 Production Subnet - -

    IPv4 Production Subnet.

    -     - - - - -     - - IPv4 Management Subnet - -

    IPv4 Management Subnet.

    -     - - - - - -     - - Email Service - -

    Email Service

    -     - - - - - - -

    If 'yes', describe the authentication method.

    -

    If 'no', explain why no authentication is used.

    -

    If 'not-applicable', attest explain why authentication is not applicable in the remarks.

    -     -     - - - - - - 11111111-2222-4000-8000-004000000011 - - - 33333333-2222-4000-8000-004000000001 - - - - - -     - @@ -2232,8 +2007,8 @@ - - + +

    If no, explain why. If yes, omit remarks field.

    @@ -2293,7 +2068,7 @@

    If no, explain why. If yes, omit remark.

         - + 11111111-2222-4000-8000-004000000010 @@ -2319,8 +2094,9 @@ - - + +     @@ -2333,8 +2109,9 @@ - - + + @@ -2347,8 +2124,9 @@ - - + + @@ -2365,7 +2143,8 @@

    Asset wasn't running at time of scan.

    - +     @@ -2378,8 +2157,9 @@ - - + + @@ -2396,7 +2176,8 @@

    Asset wasn't running at time of scan.

    - +     @@ -2409,8 +2190,9 @@ - - + + @@ -7191,7 +6973,8 @@ FedRAMP Applicable Laws and Regulations - +

    Must be present in a FedRAMP SSP.

     @@ -7199,22 +6982,26 @@ - Access Control Policy Title + Access Control and Identity Management Policy -

    AC Policy document

    +

    A single policy that addresses both the AC and IA families.

     - - - - - 00000000 + + + 00000000 -

    Table 12-1 Attachments: Policy Attachment

    -

    May use rlink with a relative path, or embedded as - base64. -

    +

    Each policy must be attached as back-matter resources, and must include:

    +
      +
    • a title field with the attached document's published title.
      • +
    • a "type" property with a value of "policy".
      • +
    • a "published" property with the attached document's publication date.
      • +
    • a "version" property with the attached document's published version.
      • +
    • Either base64 embedded attachment or an rlink with a valid href value.
      • +
    • both base64 and rlink require a media-type for policies
      • +
    +

    Each policy must have a corrisponding "policy" component.

         @@ -7231,8 +7018,7 @@

    Table 12-1 Attachments: Policy Attachment

    May use rlink with a relative path, or embedded as - base64. -

    + base64.

         @@ -7249,8 +7035,7 @@

    Table 12-1 Attachments: Policy Attachment

    May use rlink with a relative path, or embedded as - base64. -

    + base64.

         @@ -7267,8 +7052,7 @@

    Table 12-1 Attachments: Policy Attachment

    May use rlink with a relative path, or embedded as - base64. -

    + base64.

         @@ -7285,8 +7069,7 @@

    Table 12-1 Attachments: Policy Attachment

    May use rlink with a relative path, or embedded as - base64. -

    + base64.

         @@ -7304,8 +7087,7 @@

    Table 12-1 Attachments: Policy Attachment

    May use rlink with a relative path, or embedded as - base64. -

    + base64.

         @@ -7322,8 +7104,7 @@

    Table 12-1 Attachments: Policy Attachment

    May use rlink with a relative path, or embedded as - base64. -

    + base64.

         @@ -7340,8 +7121,7 @@

    Table 12-1 Attachments: Policy Attachment

    May use rlink with a relative path, or embedded as - base64. -

    + base64.

         @@ -7352,14 +7132,13 @@ - + 00000000

    Table 12-1 Attachments: Policy Attachment

    May use rlink with a relative path, or embedded as - base64. -

    + base64.

         @@ -7376,8 +7155,7 @@

    Table 12-1 Attachments: Policy Attachment

    May use rlink with a relative path, or embedded as - base64. -

    + base64.

         @@ -7394,8 +7172,7 @@

    Table 12-1 Attachments: Policy Attachment

    May use rlink with a relative path, or embedded as - base64. -

    + base64.

         @@ -7412,8 +7189,7 @@

    Table 12-1 Attachments: Policy Attachment

    May use rlink with a relative path, or embedded as - base64. -

    + base64.

         @@ -7430,8 +7206,7 @@

    Table 12-1 Attachments: Policy Attachment

    May use rlink with a relative path, or embedded as - base64. -

    + base64.

         @@ -7448,8 +7223,7 @@

    Table 12-1 Attachments: Policy Attachment

    May use rlink with a relative path, or embedded as - base64. -

    + base64.

         @@ -7466,8 +7240,7 @@

    Table 12-1 Attachments: Policy Attachment

    May use rlink with a relative path, or embedded as - base64. -

    + base64.

         @@ -7484,8 +7257,7 @@

    Table 12-1 Attachments: Policy Attachment

    May use rlink with a relative path, or embedded as - base64. -

    + base64.

         @@ -7502,8 +7274,7 @@

    Table 12-1 Attachments: Policy Attachment

    May use rlink with a relative path, or embedded as - base64. -

    + base64.

         @@ -7520,8 +7291,7 @@

    Table 12-1 Attachments: Policy Attachment

    May use rlink with a relative path, or embedded as - base64. -

    + base64.

         @@ -7534,13 +7304,18 @@ - + 00000000 -

    Table 12-1 Attachments: Procedure Attachment

    -

    May use rlink with a relative path, or embedded as - base64. -

    +

    Procedures must be attached as back-matter resources, and must include:

    +
      +
    • a title field with the attached document's published title.
      • +
    • a "type" property with a value of "procedure".
      • +
    • a "published" property with the attached document's publication date.
      • +
    • a "version" property with the attached document's published version.
      • +
    • Either base64 embedded attachment or an rlink with a valid href value.
      • +
    • both base64 and rlink require a media-type for policies
      • +
    @@ -7557,8 +7332,7 @@

    Table 12-1 Attachments: Procedure Attachment

    May use rlink with a relative path, or embedded as - base64. -

    + base64.

         @@ -7575,8 +7349,7 @@

    Table 12-1 Attachments: Procedure Attachment

    May use rlink with a relative path, or embedded as - base64. -

    + base64.

         @@ -7593,8 +7366,7 @@

    Table 12-1 Attachments: Procedure Attachment

    May use rlink with a relative path, or embedded as - base64. -

    + base64.

         @@ -7611,8 +7383,7 @@

    Table 12-1 Attachments: Procedure Attachment

    May use rlink with a relative path, or embedded as - base64. -

    + base64.

         @@ -7629,8 +7400,7 @@

    Table 12-1 Attachments: Procedure Attachment

    May use rlink with a relative path, or embedded as - base64. -

    + base64.

         @@ -7647,8 +7417,7 @@

    Table 12-1 Attachments: Procedure Attachment

    May use rlink with a relative path, or embedded as - base64. -

    + base64.

         @@ -7665,8 +7434,7 @@

    Table 12-1 Attachments: Procedure Attachment

    May use rlink with a relative path, or embedded as - base64. -

    + base64.

         @@ -7683,8 +7451,7 @@

    Table 12-1 Attachments: Procedure Attachment

    May use rlink with a relative path, or embedded as - base64. -

    + base64.

         @@ -7701,8 +7468,7 @@

    Table 12-1 Attachments: Procedure Attachment

    May use rlink with a relative path, or embedded as - base64. -

    + base64.

         @@ -7719,8 +7485,7 @@

    Table 12-1 Attachments: Procedure Attachment

    May use rlink with a relative path, or embedded as - base64. -

    + base64.

         @@ -7737,8 +7502,7 @@

    Table 12-1 Attachments: Procedure Attachment

    May use rlink with a relative path, or embedded as - base64. -

    + base64.

         @@ -7755,8 +7519,7 @@

    Table 12-1 Attachments: Procedure Attachment

    May use rlink with a relative path, or embedded as - base64. -

    + base64.

         @@ -7773,8 +7536,7 @@

    Table 12-1 Attachments: Procedure Attachment

    May use rlink with a relative path, or embedded as - base64. -

    + base64.

         @@ -7791,8 +7553,7 @@

    Table 12-1 Attachments: Procedure Attachment

    May use rlink with a relative path, or embedded as - base64. -

    + base64.

         @@ -7809,8 +7570,7 @@

    Table 12-1 Attachments: Procedure Attachment

    May use rlink with a relative path, or embedded as - base64. -

    + base64.

         @@ -7827,8 +7587,7 @@

    Table 12-1 Attachments: Procedure Attachment

    May use rlink with a relative path, or embedded as - base64. -

    + base64.

         @@ -7845,8 +7604,7 @@

    Table 12-1 Attachments: Procedure Attachment

    May use rlink with a relative path, or embedded as - base64. -

    + base64.

         @@ -7863,8 +7621,7 @@

    Table 12-1 Attachments: User's Guide Attachment

    May use rlink with a relative path, or embedded as - base64. -

    + base64.

     @@ -7884,8 +7641,7 @@

    Table 12-1 Attachments: Rules of Behavior (ROB)

    May use rlink with a relative path, or embedded as - base64. -

    + base64.

     @@ -7903,8 +7659,7 @@

    Table 12-1 Attachments: Contingency Plan (CP) Attachment

    May use rlink with a relative path, or embedded as - base64. -

    + base64.

     @@ -7922,8 +7677,7 @@

    Table 12-1 Attachments: Configuration Management (CM) Plan Attachment

    May use rlink with a relative path, or embedded as - base64. -

    + base64.

     @@ -7941,8 +7695,7 @@

    Table 12-1 Attachments: Incident Response (IR) Plan Attachment

    May use rlink with a relative path, or embedded as - base64. -

    + base64.

     @@ -7981,21 +7734,31 @@

    Table 12-1 Attachments: Continuous Monitoring Plan Attachment

    May use rlink with a relative path, or embedded as - base64. -

    + base64.

     Plan of Actions and Milestones (POAM) - - 00000000 - + +

    The POA&M attachment may either be a legacy Excel workbook or OSCAL file. + The resource must have:

    +
      +
    • a title field with the the value, "Plan of Actions and Milestones (POAM)"
      • +
    • a "published" property with the effective date of the attached POA&M.
      • +
    • a "type" property with a value of "plan" and a class of "poam".
      • +
    • Either base64 embedded attachment or an rlink with a valid href value.
      • +
    • Both base64 and rlink require a media-type for policies
      • +
    +

    A "version" property is optional.

    +

    The appropriate media types for OSCAL content + are, "application/xml", "application/json" or "application/yaml".

    +     @@ -8012,15 +7775,14 @@

    Table 12-1 Attachments: Procedure Attachment

    May use rlink with a relative path, or embedded as - base64. -

    + base64.

         - [SAMPLE]Interconnection Security Agreement Title + Interconnection Security Agreement @@ -8034,7 +7796,7 @@

    FedRAMP Logo

     - + 00000000 @@ -8051,8 +7813,7 @@ 00000000

    May use rlink with a relative path, or embedded as - base64. -

    + base64.

    FedRAMP prefers base64 for images and diagrams.

    Images must be in sufficient resolution to read all detail when rendered in a browser via HTML5.

    @@ -8067,8 +7828,7 @@ 00000000

    May use rlink with a relative path, or embedded as - base64. -

    + base64.

    FedRAMP prefers base64 for images and diagrams.

    Images must be in sufficient resolution to read all detail when rendered in a browser via HTML5.

    @@ -8089,8 +7849,7 @@ system-characteristics/authorization-boundary/diagram/link/@href flag using a value of "#11111111-2222-4000-8000-001000000054"

    May use rlink with a relative path, or embedded as - base64. -

    + base64.

    FedRAMP prefers base64 for images and diagrams.

    Images must be in sufficient resolution to read all detail when rendered in a browser via HTML5.

    @@ -8111,8 +7870,7 @@ system-characteristics/network-architecture/diagram/link/@href flag using a value of "#11111111-2222-4000-8000-001000000055"

    May use rlink with a relative path, or embedded as - base64. -

    + base64.

    FedRAMP prefers base64 for images and diagrams.

    Images must be in sufficient resolution to read all detail when rendered in a browser via HTML5.

    @@ -8131,8 +7889,7 @@

    This should be referenced in the system-characteristics/data-flow/diagram/link/@href flag using a value of "#11111111-2222-4000-8000-001000000056"

    May use rlink with a relative path, or embedded as - base64. -

    + base64.

    FedRAMP prefers base64 for images and diagrams.

    Images must be in sufficient resolution to read all detail when rendered in a browser via HTML5.

    @@ -8149,8 +7906,7 @@ 41 CFR 201 - - Federal Acquisition Supply Chain Security Act; Rule, 85 Federal Register 54263 (September 1, 2020), pp 54263-54271. + Federal Acquisition Supply Chain Security Act; Rule, 85 Federal Register 54263 (September 1, 2020), pp 54263-54271. @@ -8167,32 +7923,5 @@ and the value is "citation".

         - - CSP Reference - - - -

    CSP-specific reference. Note the "type" property's class is "reference" - and the value is "citation".

    -     -     - - Separation of Duties Matrix - -

    Separation of Duties Matrix

    -     - - - - - 00000000 - -

    May use rlink with a relative path, or embedded as base64. -

    -     -     - - - - \ No newline at end of file + diff --git a/src/validations/constraints/fedramp-external-constraints.xml b/src/validations/constraints/fedramp-external-constraints.xml index 9432986fc..d9e944efa 100644 --- a/src/validations/constraints/fedramp-external-constraints.xml +++ b/src/validations/constraints/fedramp-external-constraints.xml @@ -194,6 +194,23 @@ + + + + + + + + + Required Attachment is Present + + A FedRAMP SSP MUST define attachments that document control implementation in a policy component. Control statement {../@statement-id} is missing such a policy component. + + + + From 820141e22628ddd657bfb8af1bfd6c279e150210 Mon Sep 17 00:00:00 2001 From: "A.J. Stein" Date: Tue, 10 Dec 2024 18:19:23 -0500 Subject: [PATCH 2/5] [skip ci] More spacing and formatting for #798 --- .../constraints/fedramp-external-constraints.xml | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/src/validations/constraints/fedramp-external-constraints.xml b/src/validations/constraints/fedramp-external-constraints.xml index d9e944efa..419880d99 100644 --- a/src/validations/constraints/fedramp-external-constraints.xml +++ b/src/validations/constraints/fedramp-external-constraints.xml @@ -200,14 +200,18 @@ - + + Required Attachment is Present + + A FedRAMP SSP MUST define attachments that document control implementation in a policy component. Control statement {../@statement-id} is missing such a policy component. + + test="../../../../system-implementation/component[@uuid = $component-uuid and @type='process-procedure']"> Required Attachment is Present A FedRAMP SSP MUST define attachments that document control implementation in a policy component. Control statement {../@statement-id} is missing such a policy component. - + From 88209e73f568c400e797c582eb29477a70a6d1b4 Mon Sep 17 00:00:00 2001 From: "A.J. Stein" Date: Fri, 13 Dec 2024 01:51:02 -0500 Subject: [PATCH 3/5] [skip ci] Touch up example SSP from Brian for #798 --- .../ssp/xml/fedramp-ssp-example.oscal.xml | 13008 ++++++++++------ 1 file changed, 8259 insertions(+), 4749 deletions(-) diff --git a/src/content/rev5/examples/ssp/xml/fedramp-ssp-example.oscal.xml b/src/content/rev5/examples/ssp/xml/fedramp-ssp-example.oscal.xml index 7fb0d5d6f..43617d720 100644 --- a/src/content/rev5/examples/ssp/xml/fedramp-ssp-example.oscal.xml +++ b/src/content/rev5/examples/ssp/xml/fedramp-ssp-example.oscal.xml @@ -2195,4756 +2195,8266 @@ > - - - - -

    Appendix A - FedRAMP SSP Rev5 Template

    -

    This description field is required by OSCAL.

    -

    FedRAMP does not require any specific information here.

    -     - - - - - - organization-defined personnel or roles - - - at least every 3 years - - - at least annually - - - - -

    Describe how Part a is satisfied within the system.

    -

    Legacy approach. If no policy component is defined, describe here how the policy satisfies part a.

    -

    In this case, a link must be provided to the policy.

    -

    FedRAMP prefers all policies and procedures be attached as a resource in the back-matter. The link points to a resource.

    -     - - - - -

    The specified component is the system itself.

    -

    Any control implementation response that can not be associated with another component is associated with the component representing the system.

    -     -     - - -

    Describe how this policy component satisfies part a.

    -

    Component approach. This links to a component representing the Identity Management and Access Control Policy.

    -

    That component contains a link to the policy, so it does not have to be linked here too.

    -     - -     -     - - - -

    There

    -     - - - -

    Describe the plan to complete the implementation.

    -     -     -     - - -

    Describe how this policy currently satisfies part a.

    -     - - -

    Describe the plan for addressing the missing policy elements.

    -     -     - - -

    Identify what is currently missing from this policy.

    -     -     -     -     - - - -

    Describe how Part b-1 is satisfied.

    -     - -     -     - - - -

    Describe how Part b-2 is satisfied.

    -     - -     -     -     - - - - -

    Describe the plan to complete the implementation.

    -     -     - - - -

    Describe any customer-configured requirements for satisfying this control.

    -     -     - - 11111111-2222-4000-8000-004000000010 - - - 11111111-2222-4000-8000-004000000011 - - - - -

    Describe how the control is satisfied within the system.

    -     - - [SAMPLE]privileged, non-privileged - - - [SAMPLE]all - - - [SAMPLE]The Access Control Procedure - - - at least annually - -     -     - - - -

    Describe how AC-2, part a is satisfied within this system.

    -

    This points to the This System component, and is used any time a more specific component reference is not available.

    -     - - - -

    Leveraged system's statement of capabilities which may be inherited by a leveraging systems to satisfy AC-2, part a.

    -     -     - - -

    Leveraged system's statement of a leveraging system's responsibilities in satisfaction of AC-2, part a.

    -

    Not associated with inheritance, thus associated this with the by-component for this system. -

    -     - - 11111111-2222-4000-8000-004000000001 - -     -     -     - - -

    For the portion of the control satisfied by the application component of this system, describe how the control is met.

    -     - - - -

    Consumer-appropriate description of what may be inherited from this application component by a leveraging system.

    -

    In the context of the application component in satisfaction of AC-2, part a.

    -     - - 11111111-2222-4000-8000-004000000005 - -     - - -

    Leveraging system's responsibilities with respect to inheriting this capability from this application.

    -

    In the context of the application component in satisfaction of AC-2, part a.

    -     - - 11111111-2222-4000-8000-004000000005 - -     -     - -

    The component-uuid above points to the this system component.

    -

    Any control response content that does not cleanly fit another system component is placed here. This includes customer responsibility content.

    -

    This can also be used to provide a summary, such as a holistic overview of how multiple components work together.

    -

    While the this system component is not explicitly required within every statement, it will typically be present.

    -     -     - - -

    For the portion inherited from an underlying FedRAMP-authorized provider, describe what is inherited.

    -     - - -

    Optional description.

    -

    Consumer-appropriate description of what may be inherited as provided by the leveraged system.

    -

    In the context of this component in satisfaction of AC-2, part a.

    -

    The provided-uuid links this to the same statement in the leveraged system's SSP.

    -

    It may be linked directly, but is more commonly provided via an OSCAL-based CRM (Inheritance and Responsibility Model).

    -     -     - - -

    Description of how the responsibility was satisfied.

    -

    The responsibility-uuid links this to the same statement in the leveraged system's SSP.

    -

    It may be linked directly, but is more commonly provided via an OSCAL-based CRM (Inheritance and Responsibility Model).

    -

    Tools should use this to ensure all identified customer responsibility statements have a corresponding satisfied statement in the leveraging system's SSP.

    -

    Tool developers should be mindful that

    -     -     -     -     -     - - - - -

    Describe the plan to complete the implementation.

    -     -     - - - - - 11111111-2222-4000-8000-004000000011 - - - - -

    Describe how the control is satisfied within the system.

    -     - - organization-defined personnel or roles - - - at least every 3 years - - - at least annually - -     -     - - - -

    Describe how Part a is satisfied.

    -     -     - - -

    Describe how this policy component satisfies part a.

    -

    Component approach. This links to a component representing the Policy.

    -

    That component contains a link to the policy, so it does not have to be linked here too.

    -     -     - - -

    Describe how this procedure component satisfies part a.

    -

    Component approach. This links to a component representing the procedure.

    -

    That component contains a link to the procedure, so it does not have to be linked here too.

    -     -     -     - - - -

    Describe how Part b-1 is satisfied.

    -     -     -     - - - -

    Describe how Part b-2 is satisfied.

    -     -     -     -     - - - - -

    Describe the plan to complete the implementation.

    -     -     - - - - - 11111111-2222-4000-8000-004000000011 - - - - -

    Describe how the control is satisfied within the system.

    -     - - organization-defined personnel or roles - - - at least every 3 years - - - at least annually - -     -     - - - -

    For the portion of the control satisfied by the service provider, describe how the control is met.

    -     - -     - - -

    Describe how this policy component satisfies part a.

    -

    Component approach. This links to a component representing the Policy.

    -

    That component contains a link to the policy, so it does not have to be linked here too.

    -     -     - - -

    Describe how this procedure component satisfies part a.

    -

    Component approach. This links to a component representing the procedure.

    -

    That component contains a link to the procedure, so it does not have to be linked here too.

    -     -     -     - - - -

    For the portion of the control satisfied by the service provider, describe how the control is met.

    -     - -     -     - - - -

    For the portion of the control satisfied by the service provider, describe how the control is met.

    -     - -     -     -     - - - - -

    Describe the plan to complete the implementation.

    -     -     - - - - - 11111111-2222-4000-8000-004000000011 - - - - -

    Describe how the control is satisfied within the system.

    -     - - organization-defined personnel or roles - - - at least every 3 years - - - at least annually - -     -     - - - -

    For the portion of the control satisfied by the service provider, describe how the control is met.

    -     -     - - -

    Describe how this policy component satisfies part a.

    -

    Component approach. This links to a component representing the Policy.

    -

    That component contains a link to the policy, so it does not have to be linked here too.

    -     -     - - -

    Describe how this procedure component satisfies part a.

    -

    Component approach. This links to a component representing the procedure.

    -

    That component contains a link to the procedure, so it does not have to be linked here too.

    -     -     -     - - - -

    For the portion of the control satisfied by the service provider, describe how the control is met.

    -     -     -     - - - -

    For the portion of the control satisfied by the service provider, describe how the control is met.

    -     -     -     -     - - - - -

    Describe the plan to complete the implementation.

    -     -     - - - - - 11111111-2222-4000-8000-004000000011 - - - - -

    Describe how the control is satisfied within the system.

    -     - - organization-defined personnel or roles - - - at least every 3 years - - - at least annually - -     -     - - - -

    For the portion of the control satisfied by the service provider, describe how the control is met.

    -     -     - - -

    Describe how this policy component satisfies part a.

    -

    Component approach. This links to a component representing the Policy.

    -

    That component contains a link to the policy, so it does not have to be linked here too.

    -     -     - - -

    Describe how this procedure component satisfies part a.

    -

    Component approach. This links to a component representing the procedure.

    -

    That component contains a link to the procedure, so it does not have to be linked here too.

    -     -     -     - - - -

    For the portion of the control satisfied by the service provider, describe how the control is met.

    -     -     -     - - - -

    For the portion of the control satisfied by the service provider, describe how the control is met.

    -     -     -     -     - - - - -

    Describe the plan to complete the implementation.

    -     -     - - - 11111111-2222-4000-8000-004000000011 - - - - -

    Describe how the control is satisfied within the system.

    -     - - organization-defined personnel or roles - - - at least every 3 years - - - at least annually - -     -     - - - -

    For the portion of the control satisfied by the service provider, describe how the control is met.

    -     -     - - -

    Describe how this policy component satisfies part a.

    -

    Component approach. This links to a component representing the Policy.

    -

    That component contains a link to the policy, so it does not have to be linked here too.

    -     -     - - -

    Describe how this procedure component satisfies part a.

    -

    Component approach. This links to a component representing the procedure.

    -

    That component contains a link to the procedure, so it does not have to be linked here too.

    -     -     -     - - - -

    For the portion of the control satisfied by the service provider, describe how the control is met.

    -     -     -     - - - -

    For the portion of the control satisfied by the service provider, describe how the control is met.

    -     -     -     -     - - - - - - - -

    The organization coordinates contingency plan development with organizational elements responsible for related plans.

    -     - -     -     -     - - - - - - - -

    The organization plans for the resumption of essential missions and business functions within organization-defined time period of contingency plan activation.

    -     - - within 24 hours - - -     -     -     - - - - - - - -

    The organization identifies critical system assets supporting essential missions and business functions.

    -     - -     -     -     - - - - - - - -

    The organization coordinates contingency plan testing with organizational elements responsible for related plans.

    -     - -     -     -     - - - - - - - -

    The organization conducts an assessment of the alternate storage site at least annually to determine its availability and readiness for operation.

    -     - -     -     -     - - - - - - - -

    The organization identifies potential accessibility problems to the alternate storage site in the event of an area-wide disruption or disaster and outlines explicit mitigation actions.

    -     - -     -     -     - - - - - - - -

    The organization conducts an assessment of the alternate processing site at least annually to determine its availability and readiness for operation.

    -     - -     -     -     - - - - - - - -

    The organization identifies potential accessibility problems to the alternate processing site in the event of an area-wide disruption or disaster and outlines explicit mitigation actions.

    -     - -     -     -     - - - - - - - -

    The organization develops alternate processing site agreements that contain priority-of-service provisions in accordance with organizational availability requirements (including recovery time objectives).

    -     - -     -     -     - - - - - - - -

    The organization identifies primary and alternate telecommunications services supporting the system and documents provider contingency plans and recovery time objectives to ensure the availability of telecommunication services.

    -     - -     -     -     - - - - - - - -

    The organization obtains alternate telecommunications services to reduce the likelihood of sharing a single point of failure with primary telecommunications services.

    -     - -     -     -     - - - - - - - -

    The organization conducts backups of user-level information contained in the system at least weekly.

    -     - -     -     -     - - - - - - - -

    The organization provides a means to restore system functions without loading backups (e.g., through system reinstallation).

    -     - -     -     -     - - - - - - - -

    The organization implements transaction recovery for systems that are transaction-based.

    -     - -     -     -     - - - - -

    Describe the plan to complete the implementation.

    -     -     - - - - - 11111111-2222-4000-8000-004000000011 - - - - -

    Describe how the control is satisfied within the system.

    -     - - organization-defined personnel or roles - - - at least every 3 years - - - at least annually - -     -     - - - -

    For the portion of the control satisfied by the service provider, describe how the control is met.

    -     -     - - -

    Describe how this policy component satisfies part a.

    -

    Component approach. This links to a component representing the Policy.

    -

    That component contains a link to the policy, so it does not have to be linked here too.

    -     -     - - -

    Describe how this procedure component satisfies part a.

    -

    Component approach. This links to a component representing the procedure.

    -

    That component contains a link to the procedure, so it does not have to be linked here too.

    -     -     -     - - - -

    For the portion of the control satisfied by the service provider, describe how the control is met.

    -     -     -     - - - -

    For the portion of the control satisfied by the service provider, describe how the control is met.

    -     -     -     -     - - - - -

    Describe the plan to complete the implementation.

    -     -     - - - - - 11111111-2222-4000-8000-004000000011 - - - - -

    Describe how the control is satisfied within the system.

    -     - - organization-defined personnel or roles - - - at least every 3 years - - - at least annually - -     -     - - - -

    For the portion of the control satisfied by the service provider, describe how the control is met.

    -     -     - - -

    Describe how this policy component satisfies part a.

    -

    Component approach. This links to a component representing the Policy.

    -

    That component contains a link to the policy, so it does not have to be linked here too.

    -     -     - - -

    Describe how this procedure component satisfies part a.

    -

    Component approach. This links to a component representing the procedure.

    -

    That component contains a link to the procedure, so it does not have to be linked here too.

    -     -     -     - - - -

    For the portion of the control satisfied by the service provider, describe how the control is met.

    -     -     -     - - - -

    For the portion of the control satisfied by the service provider, describe how the control is met.

    -     -     -     -     - - - - -

    Describe the plan to complete the implementation.

    -     -     - - - - - 11111111-2222-4000-8000-004000000011 - - - - -

    Describe how the control is satisfied within the system.

    -     - - organization-defined personnel or roles - - - at least every 3 years - - - at least annually - -     -     - - - -

    For the portion of the control satisfied by the service provider, describe how the control is met.

    -     -     - - -

    Describe how this policy component satisfies part a.

    -

    Component approach. This links to a component representing the Policy.

    -

    That component contains a link to the policy, so it does not have to be linked here too.

    -     -     - - -

    Describe how this procedure component satisfies part a.

    -

    Component approach. This links to a component representing the procedure.

    -

    That component contains a link to the procedure, so it does not have to be linked here too.

    -     -     -     - - - -

    For the portion of the control satisfied by the service provider, describe how the control is met.

    -     -     -     - - - -

    For the portion of the control satisfied by the service provider, describe how the control is met.

    -     -     -     -     - - - - - - - -

    The organization:

    -     - - System Administrators, Security Administrators - - - at least annually - - -     -     -     - - - - - - - -

    The organization:

    -

    a. Approves and monitors the use of system maintenance tools; and

    -

    b. Controls maintenance tools through one or more of the following: removal, disabling, preventing unauthorized removal.

    -     - -     -     -     - - - - - - - -

    The organization inspects the maintenance tools used by maintenance personnel for improper or unauthorized modifications.

    -     - -     -     -     - - - - - - - -

    The organization checks media containing diagnostic and test programs for malicious code before the media are used in the system.

    -     - -     -     -     - - - - - - - -

    The organization prevents the unauthorized removal of maintenance equipment containing organizational information by:

    -

    (a) Verifying that there is no organizational information contained on the equipment;

    -

    (b) Sanitizing or destroying the equipment;

    -

    (c) Retaining the equipment within the facility; or

    -

    (d) Obtaining an exemption from the authorizing official explicitly authorizing removal of the equipment from the facility.

    -     - -     -     -     - - - - - - - -

    The organization:

    -

    a. Approves and monitors nonlocal maintenance and diagnostic activities;

    -

    b. Documents and monitors maintenance and diagnostic activities;

    -

    c. Requires that nonlocal maintenance and diagnostic activities be performed from an information system that implements a security capability comparable to the capability implemented on the system being serviced; or

    -

    d. Removes the component to be serviced from the system prior to nonlocal maintenance or diagnostic services.

    -     - - System Administrators, Security Administrators - - -     -     -     - - - - - - - -

    The organization:

    -

    a. Establishes a process for maintenance personnel authorization and maintains a list of authorized maintenance organizations or personnel;

    -

    b. Ensures that non-escorted personnel performing maintenance on the system possess the required access authorizations; and

    -

    c. Designates organizational personnel with required access authorizations and technical competence to supervise the maintenance activities of personnel who do not possess the required access authorizations.

    -     - -     -     -     - - - - - - - -

    The organization:

    -

    a. Implements procedures for the use of maintenance personnel that lack appropriate security clearances or are not U.S. citizens, that include the following requirements:

    -
      -
    1. Maintenance personnel who do not have needed access authorizations, clearances, or formal access approvals are escorted and supervised during the performance of maintenance and diagnostic activities on the system by approved organizational personnel who are fully cleared, have appropriate access authorizations, and are technically qualified;
      2. -
    2. Prior to initiating maintenance or diagnostic activities by personnel who do not have needed access authorizations, clearances or formal access approvals, all volatile information storage components within the system are sanitized and all nonvolatile storage media are removed or physically disconnected from the system and secured; and
      3. -
    -

    b. Develops and implements alternate security safeguards in the event a system component cannot be sanitized, removed, or disconnected from the system.

    -     - -     -     -     - - - - - - - -

    The organization performs maintenance on organization-defined system components within organization-defined time periods of failure.

    -     - - all system components - - - within 24 hours of failure - - -     -     -     - - - - -

    Describe the plan to complete the implementation.

    -     -     - - - - - 11111111-2222-4000-8000-004000000011 - - - - -

    Describe how the control is satisfied within the system.

    -     - - organization-defined personnel or roles - - - at least every 3 years - - - at least annually - -     -     - - - -

    For the portion of the control satisfied by the service provider, describe how the control is met.

    -     -     - - -

    Describe how this policy component satisfies part a.

    -

    Component approach. This links to a component representing the Policy.

    -

    That component contains a link to the policy, so it does not have to be linked here too.

    -     -     - - -

    Describe how this procedure component satisfies part a.

    -

    Component approach. This links to a component representing the procedure.

    -

    That component contains a link to the procedure, so it does not have to be linked here too.

    -     -     -     - - - -

    For the portion of the control satisfied by the service provider, describe how the control is met.

    -     -     -     - - - -

    For the portion of the control satisfied by the service provider, describe how the control is met.

    -     -     -     -     - - - - -

    Describe the plan to complete the implementation.

    -     -     - - - - - 11111111-2222-4000-8000-004000000011 - - - - -

    Describe how the control is satisfied within the system.

    -     - - organization-defined personnel or roles - - - at least every 3 years - - - at least annually - -     -     - - - -

    For the portion of the control satisfied by the service provider, describe how the control is met.

    -     -     - - -

    Describe how this policy component satisfies part a.

    -

    Component approach. This links to a component representing the Policy.

    -

    That component contains a link to the policy, so it does not have to be linked here too.

    -     -     - - -

    Describe how this procedure component satisfies part a.

    -

    Component approach. This links to a component representing the procedure.

    -

    That component contains a link to the procedure, so it does not have to be linked here too.

    -     -     -     - - - -

    For the portion of the control satisfied by the service provider, describe how the control is met.

    -     -     -     - - - -

    For the portion of the control satisfied by the service provider, describe how the control is met.

    -     -     -     -     - - - - -

    Describe the plan to complete the implementation.

    -     -     - - - - - 11111111-2222-4000-8000-004000000011 - - - - -

    Describe how the control is satisfied within the system.

    -     - - organization-defined personnel or roles - - - at least every 3 years - - - at least annually - -     -     - - - -

    For the portion of the control satisfied by the service provider, describe how the control is met.

    -     -     - - -

    Describe how this policy component satisfies part a.

    -

    Component approach. This links to a component representing the Policy.

    -

    That component contains a link to the policy, so it does not have to be linked here too.

    -     -     - - -

    Describe how this procedure component satisfies part a.

    -

    Component approach. This links to a component representing the procedure.

    -

    That component contains a link to the procedure, so it does not have to be linked here too.

    -     -     -     - - - -

    For the portion of the control satisfied by the service provider, describe how the control is met.

    -     -     -     - - - -

    For the portion of the control satisfied by the service provider, describe how the control is met.

    -     -     -     -     - - - - -

    Describe the plan to complete the implementation.

    -     -     - - - - - 11111111-2222-4000-8000-004000000011 - - - - -

    Describe how the control is satisfied within the system.

    -     - - organization-defined personnel or roles - - - at least every 3 years - - - at least annually - -     -     - - - -

    For the portion of the control satisfied by the service provider, describe how the control is met.

    -     -     - - -

    Describe how this policy component satisfies part a.

    -

    Component approach. This links to a component representing the Policy.

    -

    That component contains a link to the policy, so it does not have to be linked here too.

    -     -     - - -

    Describe how this procedure component satisfies part a.

    -

    Component approach. This links to a component representing the procedure.

    -

    That component contains a link to the procedure, so it does not have to be linked here too.

    -     -     -     - - - -

    For the portion of the control satisfied by the service provider, describe how the control is met.

    -     -     -     - - - -

    For the portion of the control satisfied by the service provider, describe how the control is met.

    -     -     -     -     - - - - -

    Describe the plan to complete the implementation.

    -     -     - - - - - 11111111-2222-4000-8000-004000000011 - - - - -

    Describe how the control is satisfied within the system.

    -     - - organization-defined personnel or roles - - - at least every 3 years - - - at least annually - -     -     - - - -

    For the portion of the control satisfied by the service provider, describe how the control is met.

    -     -     - - -

    Describe how this policy component satisfies part a.

    -

    Component approach. This links to a component representing the Policy.

    -

    That component contains a link to the policy, so it does not have to be linked here too.

    -     -     - - -

    Describe how this procedure component satisfies part a.

    -

    Component approach. This links to a component representing the procedure.

    -

    That component contains a link to the procedure, so it does not have to be linked here too.

    -     -     -     - - - -

    For the portion of the control satisfied by the service provider, describe how the control is met.

    -     -     -     - - - -

    For the portion of the control satisfied by the service provider, describe how the control is met.

    -     -     -     -     - - - - -

    Describe the plan to complete the implementation.

    -     -     - - - - - 11111111-2222-4000-8000-004000000011 - - - - -

    Describe how the control is satisfied within the system.

    -     - - organization-defined personnel or roles - - - at least every 3 years - - - at least annually - -     -     - - - -

    For the portion of the control satisfied by the service provider, describe how the control is met.

    -     -     - - -

    Describe how this policy component satisfies part a.

    -

    Component approach. This links to a component representing the Policy.

    -

    That component contains a link to the policy, so it does not have to be linked here too.

    -     -     - - -

    Describe how this procedure component satisfies part a.

    -

    Component approach. This links to a component representing the procedure.

    -

    That component contains a link to the procedure, so it does not have to be linked here too.

    -     -     -     - - - -

    For the portion of the control satisfied by the service provider, describe how the control is met.

    -     -     -     - - - -

    For the portion of the control satisfied by the service provider, describe how the control is met.

    -     -     -     -     - - - - -

    Describe the plan to complete the implementation.

    -     -     - - - - - 11111111-2222-4000-8000-004000000011 - - - - -

    Describe how the control is satisfied within the system.

    -     - - organization-defined personnel or roles - - - at least every 3 years - - - at least annually - -     -     - - - -

    For the portion of the control satisfied by the service provider, describe how the control is met.

    -     -     - - -

    Describe how this policy component satisfies part a.

    -

    Component approach. This links to a component representing the Policy.

    -

    That component contains a link to the policy, so it does not have to be linked here too.

    -     -     - - -

    Describe how this procedure component satisfies part a.

    -

    Component approach. This links to a component representing the procedure.

    -

    That component contains a link to the procedure, so it does not have to be linked here too.

    -     -     -     - - - -

    For the portion of the control satisfied by the service provider, describe how the control is met.

    -     -     -     - - - -

    For the portion of the control satisfied by the service provider, describe how the control is met.

    -     -     -     -     - - - - -

    Describe the plan to complete the implementation.

    -     -     - - - - - 11111111-2222-4000-8000-004000000011 - - - - -

    Describe how the control is satisfied within the system.

    -     - - organization-defined personnel or roles - - - at least every 3 years - - - at least annually - -     -     - - - -

    For the portion of the control satisfied by the service provider, describe how the control is met.

    -     -     - - -

    Describe how this policy component satisfies part a.

    -

    Component approach. This links to a component representing the Policy.

    -

    That component contains a link to the policy, so it does not have to be linked here too.

    -     -     - - -

    Describe how this procedure component satisfies part a.

    -

    Component approach. This links to a component representing the procedure.

    -

    That component contains a link to the procedure, so it does not have to be linked here too.

    -     -     -     - - - -

    For the portion of the control satisfied by the service provider, describe how the control is met.

    -     -     -     - - - -

    For the portion of the control satisfied by the service provider, describe how the control is met.

    -     -     -     -     - - - - - 11111111-2222-4000-8000-004000000018 - - - - -

    Describe how the control is satisfied within the system.

    -

    DMARC is employed.

    -

    SPF is employed.

    -

    DKIM is employed.

    -     - - organization-defined personnel or roles - - - [specify frequency] - - - [specify frequency] - -     -     -     - - - - -

    Describe the plan to complete the implementation.

    -     -     - - - - - 11111111-2222-4000-8000-004000000011 - - - - -

    Describe how the control is satisfied within the system.

    -     - - to include chief privacy and ISSO and/or similar role or designees - - - at least every 3 years - - - at least annually - -     -     - - - -

    For the portion of the control satisfied by the service provider, describe how the control is met.

    -     -     - - -

    Describe how this policy component satisfies part a.

    -

    Component approach. This links to a component representing the Policy.

    -

    That component contains a link to the policy, so it does not have to be linked here too.

    -     -     - - -

    Describe how this procedure component satisfies part a.

    -

    Component approach. This links to a component representing the procedure.

    -

    That component contains a link to the procedure, so it does not have to be linked here too.

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     - - - - - - -

    Implementation description needed

    -     -     -     -     -     - + + +

    This description field is required by OSCAL.

    +

    FedRAMP does not require any specific information here.

    +

    +

    +     + + + all managers, administrators and users of the system + +

    [Assignment: organization-defined personnel or roles]

    +

    This focuses on roles the POLICY is disseminated to.

    +     +     + + all managers and administrators of the system + +

    [Assignment: organization-defined personnel or roles]

    +

    This focuses on roles PROCEDURES are disseminated to.

    +     +     + + System-level + +

    [Selection (one or more): Organization-level; Mission/business process-level; Systemlevel]

    +

    This is a SELECT parameter. Use one "value" field for each selection.

    +     +     + + System Architect + +

    [Assignment: organization-defined official]

    +     +     + + at least every 3 years + +

    [Assignment: organization-defined frequency]

    +     +     + + change in organizational legal status or ownership + +

    [Assignment:organization-defined events]

    +     +     + + at least annually + +

    [Assignment: organization-defined frequency]

    +     +     + + change in policy or a security incident involving a failure of access control mechanisms + +

    [Assignment:organization-defined events]

    +     +     + + + + +

    Describe how Part a is satisfied within the system as a whole.

    +

    FedRAMP prefers all policies and procedures be attached as a resource in the + back-matter. The link points to a resource.

    +     + + +

    This is the "this-system" component, which represents the system as a whole.

    +

    There are two reasons to provide a response here:

    +
      +
    • When first converting a legacy/Word-based SSP to OSCAL, the entire control + response may be placed here until it can be parsed out into appropriate component + responses.
      • +
    • When it is necessary to explain how two or more components work together to + satisfy this requirement.
      • +
    +     +     + + +

    Describe how this policy satisfies part a.

    +     + + +

    This is the "policy" component, which represents the Access Control and + Identity Management Policy.

    +     +     + + +

    Describe how this procedure satisfies part a.

    +     + + +

    This is the "process-procedure" component, which represents the Access Control Process.

    +     +     +     + + + +

    Describe how Part b is satisfied within the system as a whole.

    +     + + + +

    Describe the plan to complete the implementation.

    +     +     + +

    This is the "this-system" component, which represents the system as a whole.

    +

    There are two reasons to provide a response here:

    +
      +
    • When first converting a legacy/Word-based SSP to OSCAL, the entire control + response may be placed here until it can be parsed out into appropriate component + responses.
      • +
    • When it is necessary to explain how two or more components work together to + satisfy this requirement.
      • +
    +     +     + + + +

    Describe how this policy currently satisfies part a.

    +     + + +

    Describe the plan for addressing the missing policy elements.

    +     +     + + +

    Identify what is currently missing from this policy.

    +     +     +     +     + + + +

    Describe how Part b-1 is satisfied.

    +     + +     +     +     + + + + +

    Describe the plan to complete the implementation.

    +     +     + + + + +

    Describe any customer-configured requirements for satisfying this control.

    +     +     + + [SAMPLE]privileged, non-privileged + + + [SAMPLE]all + + + [SAMPLE]The Access Control Procedure + + + at least annually + + + 11111111-2222-4000-8000-004000000010 + + + 11111111-2222-4000-8000-004000000011 + + + + + +

    Describe how AC-2, part a is satisfied within this system.

    +

    This points to the "This System" component, and is used any time a more + specific component reference is not available.

    +     + + + +

    Leveraged system's statement of capabilities which may be inherited by a + leveraging systems to satisfy AC-2, part a.

    +     +     + + +

    Leveraged system's statement of a leveraging system's responsibilities in + satisfaction of AC-2, part a.

    +

    Not associated with inheritance, thus associated this with the + by-component for "this system".

    +     + + 11111111-2222-4000-8000-004000000001 + +     +     +     + + +

    For the portion of the control satisfied by the application component of this + system, describe how the control is met.

    +     + + + +

    Consumer-appropriate description of what may be inherited from this + application component by a leveraging system.

    +

    In the context of the application component in satisfaction of AC-2, part + a.

    +     + + 11111111-2222-4000-8000-004000000005 + +     + + +

    Leveraging system's responsibilities with respect to inheriting this + capability from this application.

    +

    In the context of the application component in satisfaction of AC-2, part + a.

    +     + + 11111111-2222-4000-8000-004000000005 + +     +     + +

    The component-uuid above points to the "this system" component.

    +

    Any control response content that does not cleanly fit another system component + is placed here. This includes customer responsibility content.

    +

    This can also be used to provide a summary, such as a holistic overview of how + multiple components work together.

    +

    While the "this system" component is not explicitly required within every + statement, it will typically be present.

    +     +     + + +

    For the portion inherited from an underlying FedRAMP-authorized provider, + describe what is inherited.

    +     + + +

    Optional description.

    +

    Consumer-appropriate description of what may be inherited as provided by the + leveraged system.

    +

    In the context of this component in satisfaction of AC-2, part a.

    +

    The provided-uuid links this to the same statement in the + leveraged system's SSP.

    +

    It may be linked directly, but is more commonly provided via an OSCAL-based + CRM (Inheritance and Responsibility Model).

    +     +     + + +

    Description of how the responsibility was satisfied.

    +

    The responsibility-uuid links this to the same statement in the + leveraged system's SSP.

    +

    It may be linked directly, but is more commonly provided via an OSCAL-based + CRM (Inheritance and Responsibility Model).

    +

    Tools should use this to ensure all identified customer + responsibility statements have a corresponding + satisfied statement in the leveraging system's SSP.

    +

    Tool developers should be mindful that

    +     +     +     +     + + + +

    Describe how AC-2, part a is satisfied within this system.

    +

    This points to the "This System" component, and is used any time a more + specific component reference is not available.

    +     +     +     +     + + + + organization-defined personnel or roles + + + at least every 3 years + + + at least annually + + + + + +

    Describe how Part a is satisfied within the system.

    +

    Legacy approach. If no policy component is defined, describe here how the + policy satisfies part a.

    +

    In this case, a link must be provided to the policy.

    +

    FedRAMP prefers all policies and procedures be attached as a resource in the + back-matter. The link points to a resource.

    +     + +

    The specified component is the system itself.

    +

    Any control implementation response that can not be associated with another + component is associated with the component representing the system.

    +     +     + + +

    Describe how this policy satisfies part a.

    +

    Component approach. This links to a component representing the Identity + Management and Access Control Policy.

    +

    That component contains a link to the policy, so it does not have to be linked + here too.

    +     + +     + + +

    Describe how this procedure satisfies part a.

    +

    Component approach. This links to a component representing the Identity + Management and Access Control Policy.

    +

    That component contains a link to the policy, so it does not have to be linked + here too.

    +     + +     +     + + + +

    There

    +     + + + +

    Describe the plan to complete the implementation.

    +     +     +     + + +

    Describe how this policy currently satisfies part a.

    +     + + +

    Describe the plan for addressing the missing policy elements.

    +     +     + + +

    Identify what is currently missing from this policy.

    +     +     +     +     + + + +

    Describe how Part b-1 is satisfied.

    +     + +     +     +     + + + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     +     + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + + placeholder + + + placeholder + + + +

    This is the 'this-system' component.

     + +     +     +     + + +     + From 6dcf46e24e60881e7fa83e6b407e4e259dda0658 Mon Sep 17 00:00:00 2001 From: "A.J. Stein" Date: Fri, 13 Dec 2024 12:08:24 -0500 Subject: [PATCH 4/5] [skip ci] Update to current example SSP from dev Also use regex to replace ac-1_smt.a.1 control errors to be like ac-1_smt.a, per discussion with Brian yesterday on those being incorrect and/or obsolete. --- .../ssp/xml/fedramp-ssp-example.oscal.xml | 14469 ++++++---------- 1 file changed, 5625 insertions(+), 8844 deletions(-) diff --git a/src/content/rev5/examples/ssp/xml/fedramp-ssp-example.oscal.xml b/src/content/rev5/examples/ssp/xml/fedramp-ssp-example.oscal.xml index 43617d720..fc1db14c8 100644 --- a/src/content/rev5/examples/ssp/xml/fedramp-ssp-example.oscal.xml +++ b/src/content/rev5/examples/ssp/xml/fedramp-ssp-example.oscal.xml @@ -1,7 +1,6 @@ - - + + FedRAMP [Baseline Name] System Security Plan (SSP) 2024-12-31T23:59:59Z @@ -13,8 +12,7 @@ 2023-06-30T00:00:00Z 1.0 1.0.4 - +

    Initial publication.

     @@ -23,15 +21,14 @@ 2023-07-06T00:00:00Z 1.1 1.0.4 - +

    Minor prop updates.

     - + @@ -196,6 +193,12 @@

    This is a sample role.

     + + Leveraged Authorization Users + +

    Any internal users of a leveraged authorization.

    +     +     External System Owner @@ -281,7 +284,8 @@

    Replace sample CSP information.

    CSP information must be present and associated with the "cloud-service-provider" role - via responsible-party.

    + via responsible-party. +

    @@ -289,6 +293,7 @@ FedRAMP PMO + info@fedramp.gov
    1800 F St. NW @@ -556,8 +561,7 @@ - +

    This example points to the FedRAMP Rev 5 Moderate baseline that is part of the official FedRAMP 3.0.0 release.

    @@ -567,7 +571,7 @@ - F00000000 + F00000000 System's Full Name System's Short Name or Acronym @@ -601,10 +605,10 @@ - + - + fips-199-moderate @@ -770,16 +774,16 @@ AwesomeCloud Commercial(IaaS) - - + + +

    For now, this is a required field. In the future we intend to pull this information directly from FedRAMP's records based on the "leveraged-system-identifier" property's value.

         - +

    For now, this is a required field. In the future we intend to pull this information directly from FedRAMP's records @@ -800,9 +804,17 @@ + + + + + system-poc-technical - - none + Admin + +

    admin user

    + + administration

    The user assembly is being reviewed for continued applicability @@ -813,34 +825,61 @@ - + + + + + + system-poc-technical Add/Remove Admins This can add and remove admins. - + + + + + system-poc-technical - - add/remove non-privliged admins + Admin + +

    admin user

    + + administration - + + + + + system-poc-technical - - Manage services and components within the virtual cloud environment. + Admin + +

    admin user

    +     + administration     - + + + + + system-owner - - Add and remove users from the virtual cloud environment. + Admin + +

    admin user

    +     + administration     - + + @@ -859,12 +898,13 @@     + + - - - - + + + Awesome Cloud IaaS (Leveraged Authorized System) @@ -874,16 +914,16 @@ - - + +

    If 'yes', describe the authentication method.

    If 'no', explain why no authentication is used.

    If 'not-applicable', attest explain why authentication is not applicable in the remarks.

         - - + + @@ -896,8 +936,8 @@     - - + +

    This is a leveraged system within which this system operates. @@ -933,7 +973,7 @@

    Links to the vendor website describing the system are encouraged, but not required.

    - +

    Services

    A service within the scope of the leveraged system's authorization boundary is considered an "authorized service". Any other service offered by the @@ -952,12 +992,13 @@ a "poam-item" link that references a corrisponding entry in this system's POA&M. - +

    Both authorized and non-authorized leveraged services include:

    • a "provided-by" link with a URI fragment that points to the "system" component representing the leveraged system. - (Example: "#11111111-2222-4000-8000-009000100001")
      • + (Example: "#11111111-2222-4000-8000-009000100001") +
    • the name of the service in the title (for authorized services this should be exactly as it appears in the FedRAMP Marketplace
    • an "implementation-point" core property with a value of "external"
      • @@ -969,7 +1010,7 @@
    • a status with a state value of "operational"
    • At least one responsible-role (other than "provider") that indicates any authorized users. This must have one or more "privilege-uuid" property/extensions. Each references - a user assembly entry.
      • + a user assembly entry.

    Although SSP Table 7.1 also requires data categoriation and hosting @@ -987,15 +1028,13 @@ - - - + + - - - 11111111-2222-4000-8000-004000000008 + +

    This is a service offered by a leveraged system and used by this system. @@ -1010,7 +1049,8 @@ leveraged-authorization entry

  • an "implementation-point" property with a value of "external"; and
  • a "provided-by" link with a URI fragment that points to the - "system" component representing the leveraged system. (Example: "#11111111-2222-4000-8000-009000100001")
    • + "system" component representing the leveraged system. (Example: "#11111111-2222-4000-8000-009000100001") +

    Where relevant, this component should also have:

    @@ -1037,11 +1077,10 @@     - - - - - + + + + Service B @@ -1049,28 +1088,30 @@

    Describe the service and what it is used for.

     - - - + + + + +

    If 'yes', describe the authentication method.

    If 'no', explain why no authentication is used.

    If 'not-applicable', attest explain why authentication is not applicable in the remarks.

         - - - - + + + + + - - - 11111111-2222-4000-8000-004000000010 - 11111111-2222-4000-8000-004000000011 - 11111111-2222-4000-8000-004000000012 + + + + + 33333333-2222-4000-8000-004000000001 -

    This is a service offered by a leveraged system and used by this system. It is NOT explicitly listed on the FedRAMP marketplace as being included in the scope of the leveraged system's ATO, thus is treated as a @@ -1085,10 +1126,12 @@

  • One or more "information-type" property/extensions, where the allowed values are the 800-63 information type identifiers, and the cited types are included full list of system information types.
  • exactly one "poam-item" link, with an href value that references the - POA&M and a resource-fragment that represents the POAM&M ID (legacy/Excel POA&M) - or poam-item UUID (OSCAL POA&M)
    • + POA&M and a resource-fragment that represents the + POAM&M ID (legacy) in a Excel workbook or poam-item-uuid (preferred) + in an OSCAL-based POA&M.
  • a "provided-by" link with a URI fragment that points to the - "system" component representing the leveraged system. (Example: "#11111111-2222-4000-8000-009000100001")
    • + "system" component representing the leveraged system. (Example: "#11111111-2222-4000-8000-009000100001") +
  • @@ -1097,7 +1140,7 @@ tools are able to distinguish between authorized and non-authorized services from the same leveraged provider.

    - +

    Where relevant, this component should also have:

    • At least one responsible-role that indicates the authorized userswith a role-id of "leveraged-authorization-users" and exactly @@ -1114,7 +1157,7 @@
    • Package ID, Authorization Type, Impact Level

    - +

    - An "inherited-uuid" property if the leveraged system's owner provides a UUID for their system (such as in an OSCAL-based CRM).

    Link(s) to the vendor's web site describing the service are encouraged, but not @@ -1132,22 +1175,40 @@ - - - + + + Other Cloud SaaS

    An external system to which this system shares an interconnection.

    + + + + - + + +

    If 'yes', describe the authentication method.

    +

    If 'no', explain why no authentication is used.

    +

    If 'not-applicable', attest explain why authentication is not applicable in the remarks.

    +     +     + - + + + + + + + + 33333333-2222-4000-8000-004000000001 - +     11111111-2222-4000-8000-004000000008 @@ -1165,7 +1226,6 @@ -

    Each interconnection to one or more remote systems must have:

    • a "system" component (this component)
      • @@ -1180,7 +1240,7 @@ remote listening ports, one or more "protocol" assemblies must be provided.
    - +

    While not required, each "system" component should have:

    • an "inherited-uuid" property if the value was provided by the system owner
      • @@ -1189,7 +1249,7 @@
    • an "system-owner" responsible-role
    • an "system-poc-management" responsible-role
    • an "system-poc-technical" responsible-role
      • -
    +

    Unlike prior FedRAMP OSCAL publications, avoid the use of FedRAMP properties/extensions for these roles, instead favor the core OSCAL responsible-roles constructs, and the NIST-standard roles of @@ -1198,51 +1258,52 @@ - - + + [EXAMPLE]Authorized Connection Information System Name

    Describe the purpose of the external system/service; specifically, provide reasons for connectivity (e.g., system monitoring, system alerting, download updates, etc.)

    - - - + + + + +

    If 'yes', describe the authentication method in the remarks.

    If 'no', explain why no authentication is used in the remarks.

    If 'not-applicable', attest explain why authentication is not applicable in the remarks.

         - - - - - - + + + + + +

    Describe the hosting of the interconnection itself (NOT the hosting of the remote system).

         - - - - + + + + + + - + + + - - - - - - + 44444444-2222-4000-8000-004000000001 @@ -1252,17 +1313,12 @@ 11111111-2222-4000-8000-004000000008 - - - 11111111-2222-4000-8000-004000000010 - 11111111-2222-4000-8000-004000000011 - 11111111-2222-4000-8000-004000000012 - - + + Incoming FTP Service + + - -

    Each interconnection to one or more remote systems must have:

    • one "system" component for each remote system sharing the connection
      • @@ -1282,10 +1338,6 @@
    • at least one "agreement" link with an href vlue that refers to a back-matter resource containing the interconnection security agreemnet (ISA)
    • exactly one "used-by" link with an href value that refers to the "this-system" component.
    • one or more "used-by" links with href values that refer to each "system" component representing a remote system sharing the connection.
      • -
    • exactly one "poam-item" link, with an href value that references the - POA&M and a resource-fragment that represents the POAM&M ID (legacy/Excel POA&M) - or poam-item UUID (OSCAL POA&M)
      • -
    • exactly one "provider" responsible role that references the party information for the organization the provides the connection.

    Authentication methods must address both system-authentication as well as @@ -1299,7 +1351,7 @@

  • a "compliance" property/extension if appropriate
  • an "system-poc-management" responsible-role
  • an "system-poc-technical" responsible-role
    • - +

    Unlike prior FedRAMP OSCAL publications, avoid the use of FedRAMP properties/extensions for these roles, instead favor the core OSCAL responsible-roles constructs, and the NIST-standard roles of @@ -1308,20 +1360,20 @@ - - + + Other Cloud SaaS

    - - + + - + - + 11111111-2222-4000-8000-004000000010 @@ -1343,8 +1395,8 @@ here.

    For an external system, the "implementation-point" property must always be present with a value of "external".

    - - + +

    Each interconnection must be defined with both an "system" component and an "interconnection" component.

    Must include all leveraged services and features from the leveraged authorization @@ -1352,7 +1404,7 @@ - + Service C @@ -1360,18 +1412,18 @@

    Describe the service and what it is used for.

    - - - - + + + +

    If 'yes', describe the authentication method in the remarks.

    If 'no', explain why no authentication is used in the remarks.

    If 'not-applicable', attest explain why authentication is not applicable in the remarks.

         - - + +

    This can only be known if provided by the leveraged system. @@ -1380,61 +1432,55 @@ - + - - - 11111111-2222-4000-8000-c0040000000a - - - + + 11111111-2222-4000-8000-004000000010 11111111-2222-4000-8000-004000000011 11111111-2222-4000-8000-004000000012 + + 33333333-2222-4000-8000-004000000001 + + - + - -

    This is a service provided by an external system other than the leveraged system.

    As a result, the "leveraged-authorization-uuid" property is not applicable and must NOT be used.

    Each external service used from a leveraged authorization must have:

    -
      -
    • a "system" component (CURRENTLY DEFERRED DUE TO A KNOWN ISSUE WITH THE "provided-by" link relationship).
      • -
    • a "service" component (this component).
      • -
    +

    - a "system" component (CURRENTLY DEFERRED DUE TO A KNOWN ISSUE WITH THE "provided-by" link relationship).

    +

    - a "service" component (this component).

    This component must always have:

    -
      -
    • The name of the service in the title - preferably exactly as it appears on the - vendor's web site
      • -
    • An "implementation-point" property with a value of "external".
      • -
    • A "provided-by" link with a URI fragment that points to the UUID of the above - "system" component.
      • -
    • exactly one "poam-item" link, with an href value that references the - POA&M and a resource-fragment that represents the POAM&M ID (legacy/Excel POA&M) - or poam-item UUID (OSCAL POA&M)
      • -
    • a status with a state value of "operational"
      • -
    +

    - The name of the service in the title - preferably exactly as it appears on the + vendor's web site

    +

    - A "risk" property/extension - using the remarks, either describe any risk or state there is no risk and provide a basis for that assertion.

    +

    - An "implementation-point" property with a value of "external".

    +

    - A "provided-by" link with a URI fragment that points to the UUID of the above + "system" component.

    +

    - Example: "#11111111-2222-4000-8000-009000100001" +

    +

    - IMPORTANT: Due to a known error in core OSCAL (versions <=1.1.2) constraints, + this property is blocked from proper use.

    +

    - a status with a state value of "operational"

    Where relevant, this component should also have:

    -
      -
    • One or more "information-type" properties, where the allowed values are the 800-63 - information type identifiers.
      • -
    • A responsible-role with a role-id of "leveraged-authorization-users" and exactly - one or more party-uuid entries that indicates which users within this system may - interact with the leveraged systeme.
      • -
    • An "inherited-uuid" property if the leveraged system's owner provides a UUID for - their system (such as in an OSCAL-based CRM).
      • -
    • Link(s) to the vendor's web site describing the service are encouraged, but not - required.
      • -
    +

    - One or more "information-type" properties, where the allowed values are the 800-63 + information type identifiers.

    +

    - A responsible-role with a role-id of "leveraged-authorization-users" and exactly + one or more party-uuid entries that indicates which users within this system may + interact with the leveraged systeme.

    +

    - An "inherited-uuid" property if the leveraged system's owner provides a UUID for + their system (such as in an OSCAL-based CRM).

    +

    Link(s) to the vendor's web site describing the service are encouraged, but not + required.

    The following fields from the Leveraged Authorization Table are handled in the leveraged-authorization assembly:

    @@ -1444,277 +1490,143 @@ "system" component assembly:

    - Nature of Agreement, CSP Name

    -

    An unauthorized service from an underlying leveraged authorization - must NOT have the "leveraged-authorization-uuid" property. The presence - or absence of this property is how the authorization status of a service is indicated.

    -     -     - - - - - Undetermined External API Clients - -

    This component represents any of the public API clients that may - access this systems'API service.

    -     - - - - - - - -

    When an API service is offered to a large community, this one component - bay be used to represent the collection of API clients that may connect - from that community. This must have:

    -
      -
    • a component type set to "external-client"
      • -
    • an "implementation-point" property set to "external"
      • -
    • one or more responsible roles should be defined representing - the community of potential API client users. If the servvice - is open to the public, use the "public" responsible-role ID.
      • -
    +

    An unauthorized service from an underlying leveraged authorization must NOT have the "leveraged-authorization-uuid" property. The presence or absence of this property is how the authorization status of a service is indicated.

         + - API Service + Service C + -

    A service offered by this system to external systems, such as an API. - As a result, communication crosses the boundary.

    +

    A service provided by an external system other than the leveraged system.

    Describe the service and what it is used for.

     + - - - - - - + + + +

    If 'yes', describe the authentication method in the remarks.

    If 'no', explain why no authentication is used in the remarks.

    If 'not-applicable', attest explain why authentication is not applicable in the remarks.

         - + -

    Terms of Use

    +

    Either describe a risk associated with this service, or indicate there is no identified risk.

    +

    If there is no risk, please explain your basis for that conclusion.

     -     - - + + + +

    If there are one or more identified risks, describe any resulting impact.

    +     +     + -

    Explain why authentication scans are not possible for this component. - Provide evidence if available, such as scanner tool or vendor links.

    +

    If there are one or more identified risks, describe any mitigating factors.

         - - - - + - + - - - 11111111-2222-4000-8000-004000000010 - 11111111-2222-4000-8000-004000000011 - 11111111-2222-4000-8000-004000000012 + + 11111111-2222-4000-8000-004000000018 + + + 11111111-2222-4000-8000-004000000011 - - API Service + + + Remote API Service + -

    This is a service provided by this system to external systems, such as an - offered API. The following is required:

    -
      -
    • The "title" fields must have the name of the offered API.
      • -
    • The "description" field must include the purpose and use of the API.
      • -
    • The component "type" attribute must have a value of "service".
      • -
    • The "implementation-point" property must have a value of "internal".
      • -
    • The "communicates-externally" prop/extensions must have a value of "yes".
      • -
    • One or more "information-type" prop/extensions must be present with 800-60 information type values.
      • -
    • The "connection-security" prop/extensions must be present with an appropriate value.
      • -
    • The "authentication-method" prop/extensions must be present with an appropriate value.
      • -
    • The "authentication-method" prop/extensions "remarks" must provide additional content.
      • -
    • The "nature-of-agreement" prop/extension must identify any governing terms for the connection.
      • -
    • One or more "used-by" links must provide the component UUID of the other system.
      • -
    • A "poam-item" link, which must have an href value that references the POA&M and a - resource-fragment that represents the POAM&M ID (legacy/Excel POA&M) - or poam-item UUID (OSCAL POA&M)
      • -
    • A "status" field that must have a state of "operational"
      • -
    • One or more "responsible-role" fields with: -
        -
      • one or more roles by "role-id" [rquiried]
        • -
      • one or more "privilege-uuid" prop/extensions [required]
        • -
      • one or more "party-uuid" values to identify who has these privliges. [required]
        • -
      -
      • -
    • One or more "protocol" fields.
      • -
    -

    -

    Because this is softare that exists within the boundary, it is also requires the following - in satisfaction of inventory/CM/ConMon requirements:

    -
      -
    • An "allows-authenticated-scan" property with an appropriate value.
      • -
    • An "scan-type" property/extension set to "infrastructure".
      • -
    • TODO: Revisit this list when working the inventory epic
      • -
    +

    This is a service provided by an external system other than the leveraged system.

    + + + +

    - A "risk" property/extension - using the remarks, either describe any risk or state there is no risk and provide a basis for that assertion.

    + + + +

    As a result, the "leveraged-authorization-uuid" property is not applicable and must + NOT be used.

    +

    All services require the "implementation-point" property. In this case, the property + value is set to "external.

    +

    All external services would normally require a "provided-by" link; however, a known + bug in core OSCAL syntax prevents the use of this property at this time.

    +

    If the leveraged system owner provides a UUID for their service (such as in an + OSCAL-based CRM), it should be reflected in the inherited-uuid + property.

    + + +     - + Management CLI -

    A CLI tool used from within this system's boundary to manage a - hypervisor, service, or other system outside this system's boundary, - resulting in communication that crosses the boundary.

    +

    None

     - - - - - - + + + +

    If 'yes', describe the authentication method in the remarks.

    If 'no', explain why no authentication is used in the remarks.

    If 'not-applicable', attest explain why authentication is not applicable in the remarks.

     -     - + + + + -

    Terms of Use

    +

    Either describe a risk associated with this CLI, or indicate there is no identified risk.

    +

    If there is no risk, please explain your basis for that conclusion.

     -     - - + + -

    Explain why authentication scans are not possible for this component. - Provide evidence if available, such as scanner tool or vendor links.

    +

    If there are one or more identified risks, describe any resulting impact.

         - - - - - - - - 11111111-2222-4000-8000-004000000010 - - -

    When an internal CLI tool communicates with a system outside the boundary, - such as for management of the underlying leveraged system or interaction - with an external system, the following is required:

    -
      -
    • The "title" fields must have the name of the CLI tool.
      • -
    • The "description" field must include the purpose and use of the tool within this system.
      • -
    • The component "type" attribute must have a value of "software".
      • -
    • The "asset-type" property must have a value of "cli".
      • -
    • The "implementation-point" property must have a value of "internal".
      • -
    • The "communicates-externally" prop/extensions must have a value of "yes".
      • -
    • One or more "information-type" prop/extensions must be present with 800-60 information type values.
      • -
    • The "connection-security" prop/extensions must be present with an appropriate value.
      • -
    • The "authentication-method" prop/extensions must be present with an appropriate value.
      • -
    • The "authentication-method" prop/extensions "remarks" must provide additional content.
      • -
    • The "nature-of-agreement" prop/extension must identify any governing terms for the connection.
      • -
    • One or more "communicates-with" link must provide the component UUID of the other system.
      • -
    • A "poam-item" link, which must have an href value that references the POA&M and a - resource-fragment that represents the POAM&M ID (legacy/Excel POA&M) - or poam-item UUID (OSCAL POA&M)
      • -
    • A "status" field that must have a state of "operational"
      • -
    • One or more "responsible-role" fields with: -
        -
      • one or more roles by "role-id" [rquiried]
        • -
      • one or more "privilege-uuid" prop/extensions [required]
        • -
      • one or more "party-uuid" values to identify who has these privliges. [required]
        • -
      -
      • -
    -

    -

    Because this is softare that exists within the boundary, it is also requires the following - in satisfaction of inventory/CM/ConMon requirements:

    -
      -
    • An "allows-authenticated-scan" property with an appropriate value.
      • -
    • An "scan-type" property/extension set to "infrastructure".
      • -
    • TODO: Revisit this list when working the inventory epic
      • -
    -     -     - - - - External Management CLI - -

    A CLI tool used by systems outside the authorization boundary to manage - or interact with this system..

    -     - - - - - - + -

    If 'yes', describe the authentication method in the remarks.

    -

    If 'no', explain why no authentication is used in the remarks.

    -

    If 'not-applicable', attest explain why authentication is not applicable in the remarks.

    +

    If there are one or more identified risks, describe any mitigating factors.

     -     - + + -

    Terms of Use

    +

    - - - + + - - + + 11111111-2222-4000-8000-004000000018 + + + 11111111-2222-4000-8000-004000000011 - -

    When a CLI tool outside the system communicates with this system, - such as for management of the user's hypervisor in this system, the - following is required:

    -
      -
    • The "title" fields must have the name of the CLI tool.
      • -
    • The "description" field that describes how the tool can influence the operation of this system.
      • -
    • The component "type" attribute must have a value of "software".
      • -
    • The "asset-type" property must have a value of "cli".
      • -
    • The "implementation-point" property must have a value of "external".
      • -
    • One or more "information-type" prop/extensions must be present with 800-60 information type values.
      • -
    • The "connection-security" prop/extensions must be present with an appropriate value.
      • -
    • The "authentication-method" prop/extensions must be present with an appropriate value.
      • -
    • The "authentication-method" prop/extensions "remarks" must provide additional content.
      • -
    • The "nature-of-agreement" prop/extension must identify any governing terms for the connection.
      • -
    • One or more "communicates-with" link must provide the component UUID of the component within this system.
      • -
    • A "poam-item" link, which must have an href value that references the POA&M and a - resource-fragment that represents the POAM&M ID (legacy/Excel POA&M) - or poam-item UUID (OSCAL POA&M)
      • -
    • A "status" field that must have a state of "operational"
      • -
    • One or more "responsible-role" fields with: -
        -
      • one or more roles by "role-id" [rquiried]
        • -
      • one or more "privilege-uuid" prop/extensions [required]
        • -
      • one or more "party-uuid" values to identify who has these privliges. [optional]
        • -
      -
      • -
    -

    -

    As this is impelemented external to the system boundary, information such as "scan-type" - and "allows-authenticated-scanning" are not applicable and should not be present.

    -     + + + + Service D @@ -1741,16 +1653,14 @@ compliance (e.g., Module in Process).

    - - - + + + - +     @@ -1762,16 +1672,14 @@ compliance (e.g., Module in Process).

    - - - + + + - + @@ -1789,7 +1697,7 @@

    FUNCTION: Describe typical component function.

    - + @@ -1804,13 +1712,13 @@     - + [SAMPLE]Product Name

    FUNCTION: Describe typical component function.

     - + @@ -1825,29 +1733,15 @@     - - Email Service - -

    Email Service

    -     - - - - - - - - -     - + [SAMPLE]Product

    FUNCTION: Describe typical component function.

     - - + + @@ -1862,42 +1756,66 @@

    COMMENTS: Provide other comments as needed.

     - + OS Sample

    None

     - +     - + Database Sample

    None

     + + + + + + +

    If 'yes', describe the authentication method.

    +

    If 'no', explain why no authentication is used.

    +

    If 'not-applicable', attest explain why authentication is not applicable in the remarks.

    +     +     - + + + + + + + + + + + 11111111-2222-4000-8000-004000000011 + + + 33333333-2222-4000-8000-004000000001 +     - + Appliance Sample

    None

     - - + + @@ -1907,70 +1825,183 @@     - - - IPv4 Production Subnet + + + AC Policy -

    IPv4 Production Subnet.

    +

    The Access Control Policy governs how access is managed and approved.

     - - - +     - - IPv4 Management Subnet + + AT Policy -

    IPv4 Management Subnet.

    +

    The Awareness and Training Policy governs how access is managed and approved.

     - - - - +     - - - - - - Access Control and Identity Management Policy + + AU Policy -

    The Access Control and Identity Management Policy governs how - user identities and access rights are managed.

    +

    The Audit and Accountability governs how access is managed and approved.

     - + - -

    A policy component is required for each policy that governs the system.

    -

    The title, description and status fields are required by core OSCAL. - The title field should reflect the actual title of the policy document.

    -

    A "policy" link field must be present that identifies the back-matter - resource representing the attached policy.

    -

    The document version and date are represented in the linked resource. Not here.

    -

    At this time FedRAMP does not _require_ policy approver or - audience information in the SSP; however, both may be represented here - using the responsible-role field. If electing to include this information, - use the "approver" role ID to represent approvers. Any other role listed - is assumed to be audience.

    -     - - AT Policy + + CA Policy -

    The Awareness and Training Policy governs how access is managed and approved.

    +

    The Assessment, Authorization, and Monitoring Policy governs how access is managed + and approved.

    +     + + +     + + CM Policy + +

    The Configuration Management Policy governs how access is managed and approved.

    +     + + +     + + CP Policy + +

    The Contingency Planning Policy governs how access is managed and approved.

    +     + + +     + + IA Policy + +

    The Identificaiton and Authentication Policy governs how access is managed and + approved.

    +     + + +     + + IR Policy + +

    The Incident Response Policy governs how access is managed and approved.

    +     + + +     + + MA Policy + +

    The Maintenance Policy governs how access is managed and approved.

    +     + + +     + + MP Policy + +

    The Media Protection Policy governs how access is managed and approved.

    +     + + +     + + PE Policy + +

    The Physical and Enviornmental Protection Policy governs how access is managed and + approved.

    +     + + +     + + PL Policy + +

    The Planning Policy governs how access is managed and approved.

    +     + + +     + + PM Policy + +

    The Program Management Policy governs how access is managed and approved.

    +     + + +     + + PS Policy + +

    The Personnel Security Policy governs how access is managed and approved.

    +     + + +     + + PT Policy + +

    The PII Processing and Transparency Policy governs how access is managed and + approved.

    +     + + +     + + RA Policy + +

    The Risk Assessment Policy governs how access is managed and approved.

    +     + + +     + + SA Policy + +

    The System and Services Acquisition Policy governs how access is managed and + approved.

    +     + + +     + + S3 Policy + +

    The System and Communication Protection Policy governs how access is managed and + approved.

    +     + + +     + + SI Policy + +

    The System and Information Integrity Policy governs how access is managed and + approved.

    +     + + +     + + SR Policy + +

    The Supply Chain Risk Management Policy governs how access is managed and + approved.

     - +     - Access Control Procedure + AC Policy

    The Access Control Procedure governs how access is managed and approved.

     - +     @@ -1978,10 +2009,224 @@

    The Awareness and Training Procedure governs how access is managed and approved.

     - + + +     + + AU Policy + +

    The Audit and Accountability Procedure governs how access is managed and + approved.

    +     + + +     + + CA Policy + +

    The Assessment, Authorization, and Monitoring Procedure governs how access is managed + and approved.

    +     + + +     + + CM Policy + +

    The Configuration Management Procedure governs how access is managed and + approved.

    +     + + +     + + CP Policy + +

    The Contingency Planning Procedure governs how access is managed and approved.

    +     + + +     + + IA Policy + +

    The Identificaiton and Authentication Procedure governs how access is managed and + approved.

    +     + + +     + + IR Policy + +

    The Incident Response Procedure governs how access is managed and approved.

    +     + + +     + + MA Policy + +

    The Maintenance Procedure governs how access is managed and approved.

    +     + + +     + + MP Policy + +

    The Media Protection Procedure governs how access is managed and approved.

    +     + + +     + + PE Policy + +

    The Physical and Enviornmental Protection Procedure governs how access is managed and + approved.

    +     + + +     + + PL Policy + +

    The Planning Procedure governs how access is managed and approved.

    +     + + +     + + PM Policy + +

    The Program Management Procedure governs how access is managed and approved.

    +     + + +     + + PS Policy + +

    The Personnel Security Procedure governs how access is managed and approved.

    +     + + +     + + PT Policy + +

    The PII Processing and Transparency Procedure governs how access is managed and + approved.

    +     + + +     + + RA Policy + +

    The Risk Assessment Procedure governs how access is managed and approved.

    +     + + +     + + SA Policy + +

    The System and Services Acquisition Procedure governs how access is managed and + approved.

    +     +     + + S3 Policy + +

    The System and Communication Protection Procedure governs how access is managed and + approved.

    +     + + +     + + SI Policy + +

    The System and Information Integrity Procedure governs how access is managed and + approved.

    +     + + +     + + SR Policy + +

    The Supply Chain Risk Management Procedure governs how access is managed and + approved.

    +     + + +     + + + + + IPv4 Production Subnet + +

    IPv4 Production Subnet.

    +     + + + + +     + + IPv4 Management Subnet + +

    IPv4 Management Subnet.

    +     + + + + + +     + + Email Service + +

    Email Service

    +     + + + + + + +

    If 'yes', describe the authentication method.

    +

    If 'no', explain why no authentication is used.

    +

    If 'not-applicable', attest explain why authentication is not applicable in the remarks.

    +     +     + + + + + + + + + + + 11111111-2222-4000-8000-004000000011 + + + 33333333-2222-4000-8000-004000000001 + + + + + +     @@ -2007,8 +2252,8 @@ - - + +

    If no, explain why. If yes, omit remarks field.

    @@ -2068,7 +2313,7 @@

    If no, explain why. If yes, omit remark.

         - + 11111111-2222-4000-8000-004000000010 @@ -2094,9 +2339,8 @@ - - + +     @@ -2109,9 +2353,8 @@ - - + + @@ -2124,9 +2367,8 @@ - - + + @@ -2143,8 +2385,7 @@

    Asset wasn't running at time of scan.

    - +     @@ -2157,9 +2398,8 @@ - - + + @@ -2176,8 +2416,7 @@

    Asset wasn't running at time of scan.

    - +     @@ -2190,8271 +2429,4760 @@ - - + + + + + + +

    Appendix A - FedRAMP SSP Rev5 Template

    +

    This description field is required by OSCAL.

    +

    FedRAMP does not require any specific information here.

    +     + + + + + + organization-defined personnel or roles + + + at least every 3 years + + + at least annually + + + + +

    Describe how Part a is satisfied within the system.

    +

    Legacy approach. If no policy component is defined, describe here how the policy satisfies part a.

    +

    In this case, a link must be provided to the policy.

    +

    FedRAMP prefers all policies and procedures be attached as a resource in the back-matter. The link points to a resource.

    +     + + + + +

    The specified component is the system itself.

    +

    Any control implementation response that can not be associated with another component is associated with the component representing the system.

    +     +     + + +

    Describe how this policy component satisfies part a.

    +

    Component approach. This links to a component representing the Identity Management and Access Control Policy.

    +

    That component contains a link to the policy, so it does not have to be linked here too.

    +     + +     +     + + + +

    There

    +     + + + +

    Describe the plan to complete the implementation.

    +     +     +     + + +

    Describe how this policy currently satisfies part a.

    +     + + +

    Describe the plan for addressing the missing policy elements.

    +     +     + + +

    Identify what is currently missing from this policy.

    +     +     +     +     + + + +

    Describe how Part b-1 is satisfied.

    +     + +     +     + + + +

    Describe how Part b-2 is satisfied.

    +     + +     +     +     + + + + +

    Describe the plan to complete the implementation.

    +     +     + + + +

    Describe any customer-configured requirements for satisfying this control.

    +     +     + + 11111111-2222-4000-8000-004000000010 + + + 11111111-2222-4000-8000-004000000011 + + + + +

    Describe how the control is satisfied within the system.

    +     + + [SAMPLE]privileged, non-privileged + + + [SAMPLE]all + + + [SAMPLE]The Access Control Procedure + + + at least annually + +     +     + + + +

    Describe how AC-2, part a is satisfied within this system.

    +

    This points to the This System component, and is used any time a more specific component reference is not available.

    +     + + + +

    Leveraged system's statement of capabilities which may be inherited by a leveraging systems to satisfy AC-2, part a.

    +     +     + + +

    Leveraged system's statement of a leveraging system's responsibilities in satisfaction of AC-2, part a.

    +

    Not associated with inheritance, thus associated this with the by-component for this system. +

    +     + + 11111111-2222-4000-8000-004000000001 + +     +     +     + + +

    For the portion of the control satisfied by the application component of this system, describe how the control is met.

    +     + + + +

    Consumer-appropriate description of what may be inherited from this application component by a leveraging system.

    +

    In the context of the application component in satisfaction of AC-2, part a.

    +     + + 11111111-2222-4000-8000-004000000005 + +     + + +

    Leveraging system's responsibilities with respect to inheriting this capability from this application.

    +

    In the context of the application component in satisfaction of AC-2, part a.

    +     + + 11111111-2222-4000-8000-004000000005 + +     +     + +

    The component-uuid above points to the this system component.

    +

    Any control response content that does not cleanly fit another system component is placed here. This includes customer responsibility content.

    +

    This can also be used to provide a summary, such as a holistic overview of how multiple components work together.

    +

    While the this system component is not explicitly required within every statement, it will typically be present.

    +     +     + + +

    For the portion inherited from an underlying FedRAMP-authorized provider, describe what is inherited.

    +     + + +

    Optional description.

    +

    Consumer-appropriate description of what may be inherited as provided by the leveraged system.

    +

    In the context of this component in satisfaction of AC-2, part a.

    +

    The provided-uuid links this to the same statement in the leveraged system's SSP.

    +

    It may be linked directly, but is more commonly provided via an OSCAL-based CRM (Inheritance and Responsibility Model).

    +     +     + + +

    Description of how the responsibility was satisfied.

    +

    The responsibility-uuid links this to the same statement in the leveraged system's SSP.

    +

    It may be linked directly, but is more commonly provided via an OSCAL-based CRM (Inheritance and Responsibility Model).

    +

    Tools should use this to ensure all identified customer responsibility statements have a corresponding satisfied statement in the leveraging system's SSP.

    +

    Tool developers should be mindful that

    +     +     +     +     +     + + + + +

    Describe the plan to complete the implementation.

    +     +     + + + + + 11111111-2222-4000-8000-004000000011 + + + + +

    Describe how the control is satisfied within the system.

    +     + + organization-defined personnel or roles + + + at least every 3 years + + + at least annually + +     +     + + + +

    Describe how Part a is satisfied.

    +     +     + + +

    Describe how this policy component satisfies part a.

    +

    Component approach. This links to a component representing the Policy.

    +

    That component contains a link to the policy, so it does not have to be linked here too.

    +     +     + + +

    Describe how this procedure component satisfies part a.

    +

    Component approach. This links to a component representing the procedure.

    +

    That component contains a link to the procedure, so it does not have to be linked here too.

    +     +     +     + + + +

    Describe how Part b-1 is satisfied.

    +     +     +     + + + +

    Describe how Part b-2 is satisfied.

    +     +     +     +     + + + + +

    Describe the plan to complete the implementation.

    +     +     + + + + + 11111111-2222-4000-8000-004000000011 + + + + +

    Describe how the control is satisfied within the system.

    +     + + organization-defined personnel or roles + + + at least every 3 years + + + at least annually + +     +     + + + +

    For the portion of the control satisfied by the service provider, describe how the control is met.

    +     + +     + + +

    Describe how this policy component satisfies part a.

    +

    Component approach. This links to a component representing the Policy.

    +

    That component contains a link to the policy, so it does not have to be linked here too.

    +     +     + + +

    Describe how this procedure component satisfies part a.

    +

    Component approach. This links to a component representing the procedure.

    +

    That component contains a link to the procedure, so it does not have to be linked here too.

    +     +     +     + + + +

    For the portion of the control satisfied by the service provider, describe how the control is met.

    +     + +     +     + + + +

    For the portion of the control satisfied by the service provider, describe how the control is met.

    +     + +     +     +     + + + + +

    Describe the plan to complete the implementation.

    +     +     + + + + + 11111111-2222-4000-8000-004000000011 + + + + +

    Describe how the control is satisfied within the system.

    +     + + organization-defined personnel or roles + + + at least every 3 years + + + at least annually + +     +     + + + +

    For the portion of the control satisfied by the service provider, describe how the control is met.

    +     +     + + +

    Describe how this policy component satisfies part a.

    +

    Component approach. This links to a component representing the Policy.

    +

    That component contains a link to the policy, so it does not have to be linked here too.

    +     +     + + +

    Describe how this procedure component satisfies part a.

    +

    Component approach. This links to a component representing the procedure.

    +

    That component contains a link to the procedure, so it does not have to be linked here too.

    +     +     +     + + + +

    For the portion of the control satisfied by the service provider, describe how the control is met.

    +     +     +     + + + +

    For the portion of the control satisfied by the service provider, describe how the control is met.

    +     +     +     +     + + + + +

    Describe the plan to complete the implementation.

    +     +     + + + + + 11111111-2222-4000-8000-004000000011 + + + + +

    Describe how the control is satisfied within the system.

    +     + + organization-defined personnel or roles + + + at least every 3 years + + + at least annually + +     +     + + + +

    For the portion of the control satisfied by the service provider, describe how the control is met.

    +     +     + + +

    Describe how this policy component satisfies part a.

    +

    Component approach. This links to a component representing the Policy.

    +

    That component contains a link to the policy, so it does not have to be linked here too.

    +     +     + + +

    Describe how this procedure component satisfies part a.

    +

    Component approach. This links to a component representing the procedure.

    +

    That component contains a link to the procedure, so it does not have to be linked here too.

    +     +     +     + + + +

    For the portion of the control satisfied by the service provider, describe how the control is met.

    +     +     +     + + + +

    For the portion of the control satisfied by the service provider, describe how the control is met.

    +     +     +     +     + + + + +

    Describe the plan to complete the implementation.

    +     +     + + + 11111111-2222-4000-8000-004000000011 + + + + +

    Describe how the control is satisfied within the system.

    +     + + organization-defined personnel or roles + + + at least every 3 years + + + at least annually + +     +     + + + +

    For the portion of the control satisfied by the service provider, describe how the control is met.

    +     +     + + +

    Describe how this policy component satisfies part a.

    +

    Component approach. This links to a component representing the Policy.

    +

    That component contains a link to the policy, so it does not have to be linked here too.

    +     +     + + +

    Describe how this procedure component satisfies part a.

    +

    Component approach. This links to a component representing the procedure.

    +

    That component contains a link to the procedure, so it does not have to be linked here too.

    +     +     +     + + + +

    For the portion of the control satisfied by the service provider, describe how the control is met.

    +     +     +     + + + +

    For the portion of the control satisfied by the service provider, describe how the control is met.

    +     +     +     +     + + + + + + + +

    The organization coordinates contingency plan development with organizational elements responsible for related plans.

    +     + +     +     +     + + + + + + + +

    The organization plans for the resumption of essential missions and business functions within organization-defined time period of contingency plan activation.

    +     + + within 24 hours + + +     +     +     + + + + + + + +

    The organization identifies critical system assets supporting essential missions and business functions.

    +     + +     +     +     + + + + + + + +

    The organization coordinates contingency plan testing with organizational elements responsible for related plans.

    +     + +     +     +     + + + + + + + +

    The organization conducts an assessment of the alternate storage site at least annually to determine its availability and readiness for operation.

    +     + +     +     +     + + + + + + + +

    The organization identifies potential accessibility problems to the alternate storage site in the event of an area-wide disruption or disaster and outlines explicit mitigation actions.

    +     + +     +     +     + + + + + + + +

    The organization conducts an assessment of the alternate processing site at least annually to determine its availability and readiness for operation.

    +     + +     +     +     + + + + + + + +

    The organization identifies potential accessibility problems to the alternate processing site in the event of an area-wide disruption or disaster and outlines explicit mitigation actions.

    +     + +     +     +     + + + + + + + +

    The organization develops alternate processing site agreements that contain priority-of-service provisions in accordance with organizational availability requirements (including recovery time objectives).

    +     + +     +     +     + + + + + + + +

    The organization identifies primary and alternate telecommunications services supporting the system and documents provider contingency plans and recovery time objectives to ensure the availability of telecommunication services.

    +     + +     +     +     + + + + + + + +

    The organization obtains alternate telecommunications services to reduce the likelihood of sharing a single point of failure with primary telecommunications services.

    +     + +     +     +     + + + + + + + +

    The organization conducts backups of user-level information contained in the system at least weekly.

    +     + +     +     +     + + + + + + + +

    The organization provides a means to restore system functions without loading backups (e.g., through system reinstallation).

    +     + +     +     +     + + + + + + + +

    The organization implements transaction recovery for systems that are transaction-based.

    +     + +     +     +     + + + + +

    Describe the plan to complete the implementation.

    +     +     + + + + + 11111111-2222-4000-8000-004000000011 + + + + +

    Describe how the control is satisfied within the system.

    +     + + organization-defined personnel or roles + + + at least every 3 years + + + at least annually + +     +     + + + +

    For the portion of the control satisfied by the service provider, describe how the control is met.

    +     +     + + +

    Describe how this policy component satisfies part a.

    +

    Component approach. This links to a component representing the Policy.

    +

    That component contains a link to the policy, so it does not have to be linked here too.

    +     +     + + +

    Describe how this procedure component satisfies part a.

    +

    Component approach. This links to a component representing the procedure.

    +

    That component contains a link to the procedure, so it does not have to be linked here too.

    +     +     +     + + + +

    For the portion of the control satisfied by the service provider, describe how the control is met.

    +     +     +     + + + +

    For the portion of the control satisfied by the service provider, describe how the control is met.

    +     +     +     +     + + + + +

    Describe the plan to complete the implementation.

    +     +     + + + + + 11111111-2222-4000-8000-004000000011 + + + + +

    Describe how the control is satisfied within the system.

    +     + + organization-defined personnel or roles + + + at least every 3 years + + + at least annually + +     +     + + + +

    For the portion of the control satisfied by the service provider, describe how the control is met.

    +     +     + + +

    Describe how this policy component satisfies part a.

    +

    Component approach. This links to a component representing the Policy.

    +

    That component contains a link to the policy, so it does not have to be linked here too.

    +     +     + + +

    Describe how this procedure component satisfies part a.

    +

    Component approach. This links to a component representing the procedure.

    +

    That component contains a link to the procedure, so it does not have to be linked here too.

    +     +     +     + + + +

    For the portion of the control satisfied by the service provider, describe how the control is met.

    +     +     +     + + + +

    For the portion of the control satisfied by the service provider, describe how the control is met.

    +     +     +     +     + + + + +

    Describe the plan to complete the implementation.

    +     +     + + + + + 11111111-2222-4000-8000-004000000011 + + + + +

    Describe how the control is satisfied within the system.

    +     + + organization-defined personnel or roles + + + at least every 3 years + + + at least annually + +     +     + + + +

    For the portion of the control satisfied by the service provider, describe how the control is met.

    +     +     + + +

    Describe how this policy component satisfies part a.

    +

    Component approach. This links to a component representing the Policy.

    +

    That component contains a link to the policy, so it does not have to be linked here too.

    +     +     + + +

    Describe how this procedure component satisfies part a.

    +

    Component approach. This links to a component representing the procedure.

    +

    That component contains a link to the procedure, so it does not have to be linked here too.

    +     +     +     + + + +

    For the portion of the control satisfied by the service provider, describe how the control is met.

    +     +     +     + + + +

    For the portion of the control satisfied by the service provider, describe how the control is met.

    +     +     +     +     + + + + + + + +

    The organization:

    +     + + System Administrators, Security Administrators + + + at least annually + + +     +     +     + + + + + + + +

    The organization:

    +

    a. Approves and monitors the use of system maintenance tools; and

    +

    b. Controls maintenance tools through one or more of the following: removal, disabling, preventing unauthorized removal.

    +     + +     +     +     + + + + + + + +

    The organization inspects the maintenance tools used by maintenance personnel for improper or unauthorized modifications.

    +     + +     +     +     + + + + + + + +

    The organization checks media containing diagnostic and test programs for malicious code before the media are used in the system.

    +     + +     +     +     + + + + + + + +

    The organization prevents the unauthorized removal of maintenance equipment containing organizational information by:

    +

    (a) Verifying that there is no organizational information contained on the equipment;

    +

    (b) Sanitizing or destroying the equipment;

    +

    (c) Retaining the equipment within the facility; or

    +

    (d) Obtaining an exemption from the authorizing official explicitly authorizing removal of the equipment from the facility.

    +     + +     +     +     + + + + + + + +

    The organization:

    +

    a. Approves and monitors nonlocal maintenance and diagnostic activities;

    +

    b. Documents and monitors maintenance and diagnostic activities;

    +

    c. Requires that nonlocal maintenance and diagnostic activities be performed from an information system that implements a security capability comparable to the capability implemented on the system being serviced; or

    +

    d. Removes the component to be serviced from the system prior to nonlocal maintenance or diagnostic services.

    +     + + System Administrators, Security Administrators + + +     +     +     + + + + + + + +

    The organization:

    +

    a. Establishes a process for maintenance personnel authorization and maintains a list of authorized maintenance organizations or personnel;

    +

    b. Ensures that non-escorted personnel performing maintenance on the system possess the required access authorizations; and

    +

    c. Designates organizational personnel with required access authorizations and technical competence to supervise the maintenance activities of personnel who do not possess the required access authorizations.

    +     + +     +     +     + + + + + + + +

    The organization:

    +

    a. Implements procedures for the use of maintenance personnel that lack appropriate security clearances or are not U.S. citizens, that include the following requirements:

    +
      +
    1. Maintenance personnel who do not have needed access authorizations, clearances, or formal access approvals are escorted and supervised during the performance of maintenance and diagnostic activities on the system by approved organizational personnel who are fully cleared, have appropriate access authorizations, and are technically qualified;
      2. +
    2. Prior to initiating maintenance or diagnostic activities by personnel who do not have needed access authorizations, clearances or formal access approvals, all volatile information storage components within the system are sanitized and all nonvolatile storage media are removed or physically disconnected from the system and secured; and
      3. +
    +

    b. Develops and implements alternate security safeguards in the event a system component cannot be sanitized, removed, or disconnected from the system.

    +     + +     +     +     + + + + + + + +

    The organization performs maintenance on organization-defined system components within organization-defined time periods of failure.

    +     + + all system components + + + within 24 hours of failure + + +     +     +     + + + + +

    Describe the plan to complete the implementation.

    +     +     + + + + + 11111111-2222-4000-8000-004000000011 + + + + +

    Describe how the control is satisfied within the system.

    +     + + organization-defined personnel or roles + + + at least every 3 years + + + at least annually + +     +     + + + +

    For the portion of the control satisfied by the service provider, describe how the control is met.

    +     +     + + +

    Describe how this policy component satisfies part a.

    +

    Component approach. This links to a component representing the Policy.

    +

    That component contains a link to the policy, so it does not have to be linked here too.

    +     +     + + +

    Describe how this procedure component satisfies part a.

    +

    Component approach. This links to a component representing the procedure.

    +

    That component contains a link to the procedure, so it does not have to be linked here too.

    +     +     +     + + + +

    For the portion of the control satisfied by the service provider, describe how the control is met.

    +     +     +     + + + +

    For the portion of the control satisfied by the service provider, describe how the control is met.

    +     +     +     +     + + + + +

    Describe the plan to complete the implementation.

    +     +     + + + + + 11111111-2222-4000-8000-004000000011 + + + + +

    Describe how the control is satisfied within the system.

    +     + + organization-defined personnel or roles + + + at least every 3 years + + + at least annually + +     +     + + + +

    For the portion of the control satisfied by the service provider, describe how the control is met.

    +     +     + + +

    Describe how this policy component satisfies part a.

    +

    Component approach. This links to a component representing the Policy.

    +

    That component contains a link to the policy, so it does not have to be linked here too.

    +     +     + + +

    Describe how this procedure component satisfies part a.

    +

    Component approach. This links to a component representing the procedure.

    +

    That component contains a link to the procedure, so it does not have to be linked here too.

    +     +     +     + + + +

    For the portion of the control satisfied by the service provider, describe how the control is met.

    +     +     +     + + + +

    For the portion of the control satisfied by the service provider, describe how the control is met.

    +     +     +     +     + + + + +

    Describe the plan to complete the implementation.

    +     +     + + + + + 11111111-2222-4000-8000-004000000011 + + + + +

    Describe how the control is satisfied within the system.

    +     + + organization-defined personnel or roles + + + at least every 3 years + + + at least annually + +     +     + + + +

    For the portion of the control satisfied by the service provider, describe how the control is met.

    +     +     + + +

    Describe how this policy component satisfies part a.

    +

    Component approach. This links to a component representing the Policy.

    +

    That component contains a link to the policy, so it does not have to be linked here too.

    +     +     + + +

    Describe how this procedure component satisfies part a.

    +

    Component approach. This links to a component representing the procedure.

    +

    That component contains a link to the procedure, so it does not have to be linked here too.

    +     +     +     + + + +

    For the portion of the control satisfied by the service provider, describe how the control is met.

    +     +     +     + + + +

    For the portion of the control satisfied by the service provider, describe how the control is met.

    +     +     +     +     + + + + +

    Describe the plan to complete the implementation.

    +     +     + + + + + 11111111-2222-4000-8000-004000000011 + + + + +

    Describe how the control is satisfied within the system.

    +     + + organization-defined personnel or roles + + + at least every 3 years + + + at least annually + +     +     + + + +

    For the portion of the control satisfied by the service provider, describe how the control is met.

    +     +     + + +

    Describe how this policy component satisfies part a.

    +

    Component approach. This links to a component representing the Policy.

    +

    That component contains a link to the policy, so it does not have to be linked here too.

    +     +     + + +

    Describe how this procedure component satisfies part a.

    +

    Component approach. This links to a component representing the procedure.

    +

    That component contains a link to the procedure, so it does not have to be linked here too.

    +     +     +     + + + +

    For the portion of the control satisfied by the service provider, describe how the control is met.

    +     +     +     + + + +

    For the portion of the control satisfied by the service provider, describe how the control is met.

    +     +     +     +     + + + + +

    Describe the plan to complete the implementation.

    +     +     + + + + + 11111111-2222-4000-8000-004000000011 + + + + +

    Describe how the control is satisfied within the system.

    +     + + organization-defined personnel or roles + + + at least every 3 years + + + at least annually + +     +     + + + +

    For the portion of the control satisfied by the service provider, describe how the control is met.

    +     +     + + +

    Describe how this policy component satisfies part a.

    +

    Component approach. This links to a component representing the Policy.

    +

    That component contains a link to the policy, so it does not have to be linked here too.

    +     +     + + +

    Describe how this procedure component satisfies part a.

    +

    Component approach. This links to a component representing the procedure.

    +

    That component contains a link to the procedure, so it does not have to be linked here too.

    +     +     +     + + + +

    For the portion of the control satisfied by the service provider, describe how the control is met.

    +     +     +     + + + +

    For the portion of the control satisfied by the service provider, describe how the control is met.

    +     +     +     +     + + + + +

    Describe the plan to complete the implementation.

    +     +     + + + + + 11111111-2222-4000-8000-004000000011 + + + + +

    Describe how the control is satisfied within the system.

    +     + + organization-defined personnel or roles + + + at least every 3 years + + + at least annually + +     +     + + + +

    For the portion of the control satisfied by the service provider, describe how the control is met.

    +     +     + + +

    Describe how this policy component satisfies part a.

    +

    Component approach. This links to a component representing the Policy.

    +

    That component contains a link to the policy, so it does not have to be linked here too.

    +     +     + + +

    Describe how this procedure component satisfies part a.

    +

    Component approach. This links to a component representing the procedure.

    +

    That component contains a link to the procedure, so it does not have to be linked here too.

    +     +     +     + + + +

    For the portion of the control satisfied by the service provider, describe how the control is met.

    +     +     +     + + + +

    For the portion of the control satisfied by the service provider, describe how the control is met.

    +     +     +     +     + + + + +

    Describe the plan to complete the implementation.

    +     +     + + + + + 11111111-2222-4000-8000-004000000011 + + + + +

    Describe how the control is satisfied within the system.

    +     + + organization-defined personnel or roles + + + at least every 3 years + + + at least annually + +     +     + + + +

    For the portion of the control satisfied by the service provider, describe how the control is met.

    +     +     + + +

    Describe how this policy component satisfies part a.

    +

    Component approach. This links to a component representing the Policy.

    +

    That component contains a link to the policy, so it does not have to be linked here too.

    +     +     + + +

    Describe how this procedure component satisfies part a.

    +

    Component approach. This links to a component representing the procedure.

    +

    That component contains a link to the procedure, so it does not have to be linked here too.

    +     +     +     + + + +

    For the portion of the control satisfied by the service provider, describe how the control is met.

    +     +     +     + + + +

    For the portion of the control satisfied by the service provider, describe how the control is met.

    +     +     +     +     + + + + +

    Describe the plan to complete the implementation.

    +     +     + + + + + 11111111-2222-4000-8000-004000000011 + + + + +

    Describe how the control is satisfied within the system.

    +     + + organization-defined personnel or roles + + + at least every 3 years + + + at least annually + +     +     + + + +

    For the portion of the control satisfied by the service provider, describe how the control is met.

    +     +     + + +

    Describe how this policy component satisfies part a.

    +

    Component approach. This links to a component representing the Policy.

    +

    That component contains a link to the policy, so it does not have to be linked here too.

    +     +     + + +

    Describe how this procedure component satisfies part a.

    +

    Component approach. This links to a component representing the procedure.

    +

    That component contains a link to the procedure, so it does not have to be linked here too.

    +     +     +     + + + +

    For the portion of the control satisfied by the service provider, describe how the control is met.

    +     +     +     + + + +

    For the portion of the control satisfied by the service provider, describe how the control is met.

    +     +     +     +     + + + + + 11111111-2222-4000-8000-004000000018 + + + + +

    Describe how the control is satisfied within the system.

    +

    DMARC is employed.

    +

    SPF is employed.

    +

    DKIM is employed.

    +     + + organization-defined personnel or roles + + + [specify frequency] + + + [specify frequency] + +     +     +     + + + + +

    Describe the plan to complete the implementation.

    +     +     + + + + + 11111111-2222-4000-8000-004000000011 + + + + +

    Describe how the control is satisfied within the system.

    +     + + to include chief privacy and ISSO and/or similar role or designees + + + at least every 3 years + + + at least annually + +     +     + + + +

    For the portion of the control satisfied by the service provider, describe how the control is met.

    +     +     + + +

    Describe how this policy component satisfies part a.

    +

    Component approach. This links to a component representing the Policy.

    +

    That component contains a link to the policy, so it does not have to be linked here too.

    +     +     + + +

    Describe how this procedure component satisfies part a.

    +

    Component approach. This links to a component representing the procedure.

    +

    That component contains a link to the procedure, so it does not have to be linked here too.

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     - - -

    This description field is required by OSCAL.

    -

    FedRAMP does not require any specific information here.

    -

    -

    -     - - - all managers, administrators and users of the system - -

    [Assignment: organization-defined personnel or roles]

    -

    This focuses on roles the POLICY is disseminated to.

    -     -     - - all managers and administrators of the system - -

    [Assignment: organization-defined personnel or roles]

    -

    This focuses on roles PROCEDURES are disseminated to.

    -     -     - - System-level - -

    [Selection (one or more): Organization-level; Mission/business process-level; Systemlevel]

    -

    This is a SELECT parameter. Use one "value" field for each selection.

    -     -     - - System Architect - -

    [Assignment: organization-defined official]

    -     -     - - at least every 3 years - -

    [Assignment: organization-defined frequency]

    -     -     - - change in organizational legal status or ownership - -

    [Assignment:organization-defined events]

    -     -     - - at least annually - -

    [Assignment: organization-defined frequency]

    -     -     - - change in policy or a security incident involving a failure of access control mechanisms - -

    [Assignment:organization-defined events]

    -     -     - - - - -

    Describe how Part a is satisfied within the system as a whole.

    -

    FedRAMP prefers all policies and procedures be attached as a resource in the - back-matter. The link points to a resource.

    -     - - -

    This is the "this-system" component, which represents the system as a whole.

    -

    There are two reasons to provide a response here:

    -
      -
    • When first converting a legacy/Word-based SSP to OSCAL, the entire control - response may be placed here until it can be parsed out into appropriate component - responses.
      • -
    • When it is necessary to explain how two or more components work together to - satisfy this requirement.
      • -
    -     -     - - -

    Describe how this policy satisfies part a.

    -     - - -

    This is the "policy" component, which represents the Access Control and - Identity Management Policy.

    -     -     - - -

    Describe how this procedure satisfies part a.

    -     - - -

    This is the "process-procedure" component, which represents the Access Control Process.

    -     -     -     - - - -

    Describe how Part b is satisfied within the system as a whole.

    -     - - - -

    Describe the plan to complete the implementation.

    -     -     - -

    This is the "this-system" component, which represents the system as a whole.

    -

    There are two reasons to provide a response here:

    -
      -
    • When first converting a legacy/Word-based SSP to OSCAL, the entire control - response may be placed here until it can be parsed out into appropriate component - responses.
      • -
    • When it is necessary to explain how two or more components work together to - satisfy this requirement.
      • -
    -     -     - - - -

    Describe how this policy currently satisfies part a.

    -     - - -

    Describe the plan for addressing the missing policy elements.

    -     -     - - -

    Identify what is currently missing from this policy.

    -     -     -     -     - - - -

    Describe how Part b-1 is satisfied.

    -     - -     -     -     - - - - -

    Describe the plan to complete the implementation.

    -     -     - - - - -

    Describe any customer-configured requirements for satisfying this control.

    -     -     - - [SAMPLE]privileged, non-privileged - - - [SAMPLE]all - - - [SAMPLE]The Access Control Procedure - - - at least annually - - - 11111111-2222-4000-8000-004000000010 - - - 11111111-2222-4000-8000-004000000011 - - - - - -

    Describe how AC-2, part a is satisfied within this system.

    -

    This points to the "This System" component, and is used any time a more - specific component reference is not available.

    -     - - - -

    Leveraged system's statement of capabilities which may be inherited by a - leveraging systems to satisfy AC-2, part a.

    -     -     - - -

    Leveraged system's statement of a leveraging system's responsibilities in - satisfaction of AC-2, part a.

    -

    Not associated with inheritance, thus associated this with the - by-component for "this system".

    -     - - 11111111-2222-4000-8000-004000000001 - -     -     -     - - -

    For the portion of the control satisfied by the application component of this - system, describe how the control is met.

    -     - - - -

    Consumer-appropriate description of what may be inherited from this - application component by a leveraging system.

    -

    In the context of the application component in satisfaction of AC-2, part - a.

    -     - - 11111111-2222-4000-8000-004000000005 - -     - - -

    Leveraging system's responsibilities with respect to inheriting this - capability from this application.

    -

    In the context of the application component in satisfaction of AC-2, part - a.

    -     - - 11111111-2222-4000-8000-004000000005 - -     -     - -

    The component-uuid above points to the "this system" component.

    -

    Any control response content that does not cleanly fit another system component - is placed here. This includes customer responsibility content.

    -

    This can also be used to provide a summary, such as a holistic overview of how - multiple components work together.

    -

    While the "this system" component is not explicitly required within every - statement, it will typically be present.

    -     -     - - -

    For the portion inherited from an underlying FedRAMP-authorized provider, - describe what is inherited.

    -     - - -

    Optional description.

    -

    Consumer-appropriate description of what may be inherited as provided by the - leveraged system.

    -

    In the context of this component in satisfaction of AC-2, part a.

    -

    The provided-uuid links this to the same statement in the - leveraged system's SSP.

    -

    It may be linked directly, but is more commonly provided via an OSCAL-based - CRM (Inheritance and Responsibility Model).

    -     -     - - -

    Description of how the responsibility was satisfied.

    -

    The responsibility-uuid links this to the same statement in the - leveraged system's SSP.

    -

    It may be linked directly, but is more commonly provided via an OSCAL-based - CRM (Inheritance and Responsibility Model).

    -

    Tools should use this to ensure all identified customer - responsibility statements have a corresponding - satisfied statement in the leveraging system's SSP.

    -

    Tool developers should be mindful that

    -     -     -     -     - - - -

    Describe how AC-2, part a is satisfied within this system.

    -

    This points to the "This System" component, and is used any time a more - specific component reference is not available.

    -     -     -     -     - - - - organization-defined personnel or roles - - - at least every 3 years - - - at least annually - - - - - -

    Describe how Part a is satisfied within the system.

    -

    Legacy approach. If no policy component is defined, describe here how the - policy satisfies part a.

    -

    In this case, a link must be provided to the policy.

    -

    FedRAMP prefers all policies and procedures be attached as a resource in the - back-matter. The link points to a resource.

    -     - -

    The specified component is the system itself.

    -

    Any control implementation response that can not be associated with another - component is associated with the component representing the system.

    -     -     - - -

    Describe how this policy satisfies part a.

    -

    Component approach. This links to a component representing the Identity - Management and Access Control Policy.

    -

    That component contains a link to the policy, so it does not have to be linked - here too.

    -     - -     - - -

    Describe how this procedure satisfies part a.

    -

    Component approach. This links to a component representing the Identity - Management and Access Control Policy.

    -

    That component contains a link to the policy, so it does not have to be linked - here too.

    -     - -     -     - - - -

    There

    -     - - - -

    Describe the plan to complete the implementation.

    -     -     -     - - -

    Describe how this policy currently satisfies part a.

    -     - - -

    Describe the plan for addressing the missing policy elements.

    -     -     - - -

    Identify what is currently missing from this policy.

    -     -     -     -     - - - -

    Describe how Part b-1 is satisfied.

    -     - -     -     -     - - - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     -     - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - - placeholder - - - placeholder - - - -

    This is the 'this-system' component.

     - -     -     -     - - -     - + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     + + + + + + +

    Implementation description needed

    +     +     +     +     +     + @@ -10483,8 +7211,7 @@ FedRAMP Applicable Laws and Regulations - +

    Must be present in a FedRAMP SSP.

     @@ -10492,26 +7219,22 @@ - Access Control and Identity Management Policy + Access Control Policy Title -

    A single policy that addresses both the AC and IA families.

    +

    AC Policy document

     - - - 00000000 + + + + + 00000000 -

    Each policy must be attached as back-matter resources, and must include:

    -
      -
    • a title field with the attached document's published title.
      • -
    • a "type" property with a value of "policy".
      • -
    • a "published" property with the attached document's publication date.
      • -
    • a "version" property with the attached document's published version.
      • -
    • Either base64 embedded attachment or an rlink with a valid href value.
      • -
    • both base64 and rlink require a media-type for policies
      • -
    -

    Each policy must have a corrisponding "policy" component.

    +

    Table 12-1 Attachments: Policy Attachment

    +

    May use rlink with a relative path, or embedded as + base64. +

    @@ -10528,7 +7251,8 @@

    Table 12-1 Attachments: Policy Attachment

    May use rlink with a relative path, or embedded as - base64.

    + base64. +

    @@ -10545,7 +7269,8 @@

    Table 12-1 Attachments: Policy Attachment

    May use rlink with a relative path, or embedded as - base64.

    + base64. +

    @@ -10562,7 +7287,8 @@

    Table 12-1 Attachments: Policy Attachment

    May use rlink with a relative path, or embedded as - base64.

    + base64. +

    @@ -10579,7 +7305,8 @@

    Table 12-1 Attachments: Policy Attachment

    May use rlink with a relative path, or embedded as - base64.

    + base64. +

    @@ -10597,7 +7324,8 @@

    Table 12-1 Attachments: Policy Attachment

    May use rlink with a relative path, or embedded as - base64.

    + base64. +

    @@ -10614,7 +7342,8 @@

    Table 12-1 Attachments: Policy Attachment

    May use rlink with a relative path, or embedded as - base64.

    + base64. +

    @@ -10631,7 +7360,8 @@

    Table 12-1 Attachments: Policy Attachment

    May use rlink with a relative path, or embedded as - base64.

    + base64. +

    @@ -10642,13 +7372,14 @@ - + 00000000

    Table 12-1 Attachments: Policy Attachment

    May use rlink with a relative path, or embedded as - base64.

    + base64. +

    @@ -10665,7 +7396,8 @@

    Table 12-1 Attachments: Policy Attachment

    May use rlink with a relative path, or embedded as - base64.

    + base64. +

    @@ -10682,7 +7414,8 @@

    Table 12-1 Attachments: Policy Attachment

    May use rlink with a relative path, or embedded as - base64.

    + base64. +

    @@ -10699,7 +7432,8 @@

    Table 12-1 Attachments: Policy Attachment

    May use rlink with a relative path, or embedded as - base64.

    + base64. +

    @@ -10716,7 +7450,8 @@

    Table 12-1 Attachments: Policy Attachment

    May use rlink with a relative path, or embedded as - base64.

    + base64. +

    @@ -10733,7 +7468,8 @@

    Table 12-1 Attachments: Policy Attachment

    May use rlink with a relative path, or embedded as - base64.

    + base64. +

    @@ -10750,7 +7486,8 @@

    Table 12-1 Attachments: Policy Attachment

    May use rlink with a relative path, or embedded as - base64.

    + base64. +

    @@ -10767,7 +7504,8 @@

    Table 12-1 Attachments: Policy Attachment

    May use rlink with a relative path, or embedded as - base64.

    + base64. +

    @@ -10784,7 +7522,8 @@

    Table 12-1 Attachments: Policy Attachment

    May use rlink with a relative path, or embedded as - base64.

    + base64. +

    @@ -10801,7 +7540,8 @@

    Table 12-1 Attachments: Policy Attachment

    May use rlink with a relative path, or embedded as - base64.

    + base64. +

    @@ -10814,18 +7554,13 @@ - + 00000000 -

    Procedures must be attached as back-matter resources, and must include:

    -
      -
    • a title field with the attached document's published title.
      • -
    • a "type" property with a value of "procedure".
      • -
    • a "published" property with the attached document's publication date.
      • -
    • a "version" property with the attached document's published version.
      • -
    • Either base64 embedded attachment or an rlink with a valid href value.
      • -
    • both base64 and rlink require a media-type for policies
      • -
    +

    Table 12-1 Attachments: Procedure Attachment

    +

    May use rlink with a relative path, or embedded as + base64. +

    @@ -10842,7 +7577,8 @@

    Table 12-1 Attachments: Procedure Attachment

    May use rlink with a relative path, or embedded as - base64.

    + base64. +

    @@ -10859,7 +7595,8 @@

    Table 12-1 Attachments: Procedure Attachment

    May use rlink with a relative path, or embedded as - base64.

    + base64. +

    @@ -10876,7 +7613,8 @@

    Table 12-1 Attachments: Procedure Attachment

    May use rlink with a relative path, or embedded as - base64.

    + base64. +

    @@ -10893,7 +7631,8 @@

    Table 12-1 Attachments: Procedure Attachment

    May use rlink with a relative path, or embedded as - base64.

    + base64. +

    @@ -10910,7 +7649,8 @@

    Table 12-1 Attachments: Procedure Attachment

    May use rlink with a relative path, or embedded as - base64.

    + base64. +

    @@ -10927,7 +7667,8 @@

    Table 12-1 Attachments: Procedure Attachment

    May use rlink with a relative path, or embedded as - base64.

    + base64. +

    @@ -10944,7 +7685,8 @@

    Table 12-1 Attachments: Procedure Attachment

    May use rlink with a relative path, or embedded as - base64.

    + base64. +

    @@ -10961,7 +7703,8 @@

    Table 12-1 Attachments: Procedure Attachment

    May use rlink with a relative path, or embedded as - base64.

    + base64. +

    @@ -10978,7 +7721,8 @@

    Table 12-1 Attachments: Procedure Attachment

    May use rlink with a relative path, or embedded as - base64.

    + base64. +

    @@ -10995,7 +7739,8 @@

    Table 12-1 Attachments: Procedure Attachment

    May use rlink with a relative path, or embedded as - base64.

    + base64. +

    @@ -11012,7 +7757,8 @@

    Table 12-1 Attachments: Procedure Attachment

    May use rlink with a relative path, or embedded as - base64.

    + base64. +

    @@ -11029,7 +7775,8 @@

    Table 12-1 Attachments: Procedure Attachment

    May use rlink with a relative path, or embedded as - base64.

    + base64. +

    @@ -11046,7 +7793,8 @@

    Table 12-1 Attachments: Procedure Attachment

    May use rlink with a relative path, or embedded as - base64.

    + base64. +

    @@ -11063,7 +7811,8 @@

    Table 12-1 Attachments: Procedure Attachment

    May use rlink with a relative path, or embedded as - base64.

    + base64. +

    @@ -11080,7 +7829,8 @@

    Table 12-1 Attachments: Procedure Attachment

    May use rlink with a relative path, or embedded as - base64.

    + base64. +

    @@ -11097,7 +7847,8 @@

    Table 12-1 Attachments: Procedure Attachment

    May use rlink with a relative path, or embedded as - base64.

    + base64. +

    @@ -11114,7 +7865,8 @@

    Table 12-1 Attachments: Procedure Attachment

    May use rlink with a relative path, or embedded as - base64.

    + base64. +

    @@ -11131,7 +7883,8 @@

    Table 12-1 Attachments: User's Guide Attachment

    May use rlink with a relative path, or embedded as - base64.

    + base64. +

    @@ -11151,7 +7904,8 @@

    Table 12-1 Attachments: Rules of Behavior (ROB)

    May use rlink with a relative path, or embedded as - base64.

    + base64. +

    @@ -11169,7 +7923,8 @@

    Table 12-1 Attachments: Contingency Plan (CP) Attachment

    May use rlink with a relative path, or embedded as - base64.

    + base64. +

    @@ -11187,7 +7942,8 @@

    Table 12-1 Attachments: Configuration Management (CM) Plan Attachment

    May use rlink with a relative path, or embedded as - base64.

    + base64. +

    @@ -11205,7 +7961,8 @@

    Table 12-1 Attachments: Incident Response (IR) Plan Attachment

    May use rlink with a relative path, or embedded as - base64.

    + base64. +

    @@ -11244,31 +8001,21 @@

    Table 12-1 Attachments: Continuous Monitoring Plan Attachment

    May use rlink with a relative path, or embedded as - base64.

    + base64. +

    Plan of Actions and Milestones (POAM) + + 00000000 - -

    The POA&M attachment may either be a legacy Excel workbook or OSCAL file. - The resource must have:

    -
      -
    • a title field with the the value, "Plan of Actions and Milestones (POAM)"
      • -
    • a "published" property with the effective date of the attached POA&M.
      • -
    • a "type" property with a value of "plan" and a class of "poam".
      • -
    • Either base64 embedded attachment or an rlink with a valid href value.
      • -
    • Both base64 and rlink require a media-type for policies
      • -
    -

    A "version" property is optional.

    -

    The appropriate media types for OSCAL content - are, "application/xml", "application/json" or "application/yaml".

    -     +     @@ -11285,14 +8032,15 @@

    Table 12-1 Attachments: Procedure Attachment

    May use rlink with a relative path, or embedded as - base64.

    + base64. +

    - Interconnection Security Agreement + [SAMPLE]Interconnection Security Agreement Title @@ -11306,7 +8054,7 @@

    FedRAMP Logo

     - + 00000000 @@ -11323,7 +8071,8 @@ 00000000

    May use rlink with a relative path, or embedded as - base64.

    + base64. +

    FedRAMP prefers base64 for images and diagrams.

    Images must be in sufficient resolution to read all detail when rendered in a browser via HTML5.

    @@ -11338,7 +8087,8 @@ 00000000

    May use rlink with a relative path, or embedded as - base64.

    + base64. +

    FedRAMP prefers base64 for images and diagrams.

    Images must be in sufficient resolution to read all detail when rendered in a browser via HTML5.

    @@ -11359,7 +8109,8 @@ system-characteristics/authorization-boundary/diagram/link/@href flag using a value of "#11111111-2222-4000-8000-001000000054"

    May use rlink with a relative path, or embedded as - base64.

    + base64. +

    FedRAMP prefers base64 for images and diagrams.

    Images must be in sufficient resolution to read all detail when rendered in a browser via HTML5.

    @@ -11380,7 +8131,8 @@ system-characteristics/network-architecture/diagram/link/@href flag using a value of "#11111111-2222-4000-8000-001000000055"

    May use rlink with a relative path, or embedded as - base64.

    + base64. +

    FedRAMP prefers base64 for images and diagrams.

    Images must be in sufficient resolution to read all detail when rendered in a browser via HTML5.

    @@ -11399,7 +8151,8 @@

    This should be referenced in the system-characteristics/data-flow/diagram/link/@href flag using a value of "#11111111-2222-4000-8000-001000000056"

    May use rlink with a relative path, or embedded as - base64.

    + base64. +

    FedRAMP prefers base64 for images and diagrams.

    Images must be in sufficient resolution to read all detail when rendered in a browser via HTML5.

    @@ -11416,7 +8169,8 @@ 41 CFR 201 - Federal Acquisition Supply Chain Security Act; Rule, 85 Federal Register 54263 (September 1, 2020), pp 54263-54271. + + Federal Acquisition Supply Chain Security Act; Rule, 85 Federal Register 54263 (September 1, 2020), pp 54263-54271. @@ -11433,5 +8187,32 @@ and the value is "citation".

         + + CSP Reference + + + +

    CSP-specific reference. Note the "type" property's class is "reference" + and the value is "citation".

    +     +     + + Separation of Duties Matrix + +

    Separation of Duties Matrix

    +     + + + + + 00000000 + +

    May use rlink with a relative path, or embedded as base64. +

    +     +     + + +     - + \ No newline at end of file From fdedb59066f88feef02332258848ed1ba079d6d1 Mon Sep 17 00:00:00 2001 From: "A.J. Stein" Date: Sat, 14 Dec 2024 03:01:30 -0500 Subject: [PATCH 5/5] Add bad constraint id, help-url map-fed for #798 We will wrap with this approach, but it should demonstrate this approach will not work and template strings, wrapped with a TVT handlers or not, just get processed as strings. The specification is unclear if this approach could ever be supported outside of `message` anyway, but it escaped my memory until today's standup. --- .../fedramp-external-constraints.xml | 35 +++++++++++-------- 1 file changed, 20 insertions(+), 15 deletions(-) diff --git a/src/validations/constraints/fedramp-external-constraints.xml b/src/validations/constraints/fedramp-external-constraints.xml index 419880d99..63efc14e7 100644 --- a/src/validations/constraints/fedramp-external-constraints.xml +++ b/src/validations/constraints/fedramp-external-constraints.xml @@ -195,23 +195,28 @@ - + - - - - - Required Attachment is Present + + + + Required Policy Attachment is Present + + {$policy-statements(@statement-id)('message')} + + + Required Procedure Attachment is Present - A FedRAMP SSP MUST define attachments that document control implementation in a policy component. Control statement {../@statement-id} is missing such a policy component. - - - Required Attachment is Present - - A FedRAMP SSP MUST define attachments that document control implementation in a policy component. Control statement {../@statement-id} is missing such a policy component. - + {$policy-statements(@statement-id)('message')} +