Security Assessment Plan (SAP)
GPTKB entity
Statements (42)
| Predicate | Object |
|---|---|
| gptkbp:instanceOf |
manual
security assessment artifact |
| gptkbp:approvedBy |
authorizing official
|
| gptkbp:basisFor |
authorization decision
conducting security assessment documenting assessment results evaluating security controls |
| gptkbp:contains |
assessment tools
rules of engagement assessment resources roles and responsibilities assessment procedures assessment approach assessment deliverables assessment schedule security controls to be assessed |
| gptkbp:createdBy |
security assessor
|
| https://www.w3.org/2000/01/rdf-schema#label |
Security Assessment Plan (SAP)
|
| gptkbp:purpose |
define assessment methods
define assessment objectives define scope of security assessment document assessment procedures establish assessment schedule identify assessment team |
| gptkbp:relatedTo |
gptkb:Plan_of_Action_and_Milestones_(POA&M)
gptkb:Security_Assessment_Report_(SAR) gptkb:System_Security_Plan_(SSP) |
| gptkbp:requires |
gptkb:NIST_SP_800-53
gptkb:Federal_Risk_and_Authorization_Management_Program_(FedRAMP) gptkb:NIST_SP_800-37 gptkb:FISMA |
| gptkbp:step |
authorization process
security assessment process |
| gptkbp:targetAudience |
authorizing official
information system security officer security assessor system owner |
| gptkbp:updated |
prior to assessment
|
| gptkbp:usedIn |
information security
risk management framework |
| gptkbp:bfsParent |
gptkb:FedRAMP_Moderate
|
| gptkbp:bfsLayer |
7
|