You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<p>CSPs should use the FedRAMP FIPS 199 Categorization Template (Attachment 10) in the SSP along with the guidance of <ahref="http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-60v2r1.pdf" target="_blank">NIST Special Publication 800-60 volume 2 Revision 1</a> to correctly categorize their system based on the types of information processed, stored, and transmitted on their systems. Customer agencies are expected to perform a separate FIPS 199 analysis for their own data hosted in the CSP’s cloud environment.</p>
<p>CSPs should use the FedRAMP FIPS 199 Categorization Template (Appendix K) in the SSP along with the guidance of <ahref="http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-60v2r1.pdf" target="_blank">NIST Special Publication 800-60 volume 2 Revision 1</a> to correctly categorize their system based on the types of information processed, stored, and transmitted on their systems. Customer agencies are expected to perform a separate FIPS 199 analysis for their own data hosted in the CSP’s cloud environment.</p>
<p>CSPs can achieve a FedRAMP Authorized designation via the Agency Path for any of the baselines (LI-SaaS, Low, Moderate, High). CSPs can only pursue a FedRAMP Authorized designation via the JAB Path for the Moderate and High baselines.</p>
