Free Cyber Risk Analysis: Your Top Cyber Risks in 3 Clicks

Get Started
Request Demo

CyberStrong FedRAMP Requirements Checklist

Obtaining FedRAMP approval is a long and tedious process. But with CyberSaint, it doesn’t have to be.


Speed up the FedRAMP certification process with CyberSaint.

FedRAMP requirements include a System Security Plan (SSP), a Security Assessment Plan (SAP), a Security Assessment Report (SAR), and a Plan of Action and Milestone (POAM). CyberSaint has all of these bases covered in one simple solution.

The FedRAMP Initial Authorization Package Checklist

System Security Plan (SSP)

  • SSP ATTACHMENT 1 - Information Security Policies and Procedures (covering all control families)
  • SSP ATTACHMENT 2 - User Guide
  • SSP ATTACHMENT 3 - Digital Identity Worksheet
  • SSP ATTACHMENT 4 - Privacy Threshold Analysis (PTA) & Privacy Impact Assessment (PIA)
  • SSP ATTACHMENT 5 - Rule of Behavior (RoB)
  • SSP ATTACHMENT 6 - Information System Contingency Plan (ISCP)
  • SSP ATTACHMENT 7 - Configuration Management Plan (CMP)
  • SSP ATTACHMENT 8 - Incident Response Plan (IRP)
  • SSP ATTACHMENT 9 - Control Implementation Summary (CIS) Workbook
  • SSP ATTACHMENT 10 - Federal Information Processing Standard (FIPS) 199
  • SSP ATTACHMENT 11 - Separation of Duties Matrix
  • SSP ATTACHMENT 12 - Laws and Regulations
  • SSP ATTACHMENT 13 - Integrated Inventory Workbook\

Security Assessment Plan (SAP)

  • SAP APPENDIX A - Security Test Case Procedures
  • SAP APPENDIX B - Penetration Testing Plan and Methodology
  • SAP APPENDIX C - 3PAO Supplied Deliverables (e.g., Penetration Test Rules of Engagement, Sampling Methodology)

Security Assessment Report (SAR)

  • SAR APPENDIX A - Risk Exposure Table
  • SAR APPENDIX B - Security Test Case Procedures
  • SAR APPENDIX C - Infrastructure Scan Results
  • SAR APPENDIX D - Database Scan Results
  • SAR APPENDIX E - Web Scan Results
  • SAR APPENDIX I - Auxiliary Documents (e.g., evidence artifacts)
  • SAR APPENDIX J - Penetration Test Report

Plan of Action and Milestones (POA&M)

  • Continuous Monitoring Strategy (required by CA-7)
  • Continuous Monitoring Monthly Executive Summary


Learn more about CyberStrong

Download the Solution Sheet

Download the CyberStrong Solution Sheet