Security Assessment Plan (SAP)
GPTKB entity
Statements (42)
Predicate | Object |
---|---|
gptkbp:instanceOf |
manual
security assessment artifact |
gptkbp:approvedBy |
authorizing official
|
gptkbp:basisFor |
authorization decision
conducting security assessment documenting assessment results evaluating security controls |
gptkbp:contains |
assessment tools
rules of engagement assessment resources roles and responsibilities assessment procedures assessment approach assessment deliverables assessment schedule security controls to be assessed |
gptkbp:createdBy |
security assessor
|
https://www.w3.org/2000/01/rdf-schema#label |
Security Assessment Plan (SAP)
|
gptkbp:purpose |
define assessment methods
define assessment objectives define scope of security assessment document assessment procedures establish assessment schedule identify assessment team |
gptkbp:relatedTo |
gptkb:Plan_of_Action_and_Milestones_(POA&M)
gptkb:Security_Assessment_Report_(SAR) gptkb:System_Security_Plan_(SSP) |
gptkbp:requires |
gptkb:NIST_SP_800-53
gptkb:Federal_Risk_and_Authorization_Management_Program_(FedRAMP) gptkb:NIST_SP_800-37 gptkb:FISMA |
gptkbp:step |
authorization process
security assessment process |
gptkbp:targetAudience |
authorizing official
information system security officer security assessor system owner |
gptkbp:updated |
prior to assessment
|
gptkbp:usedIn |
information security
risk management framework |
gptkbp:bfsParent |
gptkb:FedRAMP_Moderate
|
gptkbp:bfsLayer |
7
|