CSPs with a FedRAMP authorization must utilize the Rev. 5 SSP template to identify the gaps between their Rev. 4 control implementations and the Rev. 5 requirements. CSPs should have already documented Rev. 4 to Rev. 5 gaps within the POA&M and the Rev. 5 CIS/CRM template. This provides stakeholders visibility into the Rev. 4 controls that have changed and what the CSP will do to implement the Rev. 5 requirements while also documenting the entire Rev. 5 gap.
Comments
0 comments
Please sign in to leave a comment.