Working with FedRAMP
The Federal Risk and Authorization Management Program (FedRAMP) provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services.
Hyperproof offers a NIST 800-53 program template you can use to quickly and easily stand up your program. See Creating a program with illustrative controls. Keep in mind that depending on the baseline you select, your NIS program may have more or fewer requirements. For example, if you create a program with a moderate baseline, only moderate-level requirements will be included in your program.
Tip
Follow Hyperproof on our journey to FedRAMP ATO! Check out the podcast and accompanying documentation.
Generating a SSP report
Roles and permissions
The following roles can export a SSP report:
Administrators
Compliance managers who are members of the program
Users who are members of the program
You can quickly and easily generate a System Security Plan (SSP) report for your program. The SSP report provides an in-depth overview of the security requirements for your organization’s information system. Furthermore, the report describes all of the controls that your organization has in place for meeting its security requirements.
Note
In Hyperproof, the SSP report properties come from your program’s requirements, not the controls. If you link additional controls to your program, those controls do not show up in or alter the SSP report in any way.
From the left menu, select Programs.
Select your program.
It's recommended to edit any requirement information in Hyperproof prior to exporting the SSP report. This ensures that the information in Hyperproof is the source of truth, i.e. if you need to export the SSP report in the future, the information in Hyperproof is up-to-date. To edit a requirement:
Select the Requirements tab.
Select a requirement, and then select the Details tab.
Make any necessary edits.
Repeat steps B and C as necessary.
Select the ... (More options) tab, and then click Export SSP report.