System Security Plan (SSP)
Part of the documentation that Project Hosts will create for you will be an SSP (~400 pages) that shows in detail how your SaaS solution meets all FedRAMP controls. Below is a link to a document showing the SSP table of contents and responses to a few sample controls.
Control Implementation Summary (CIS) and Customer Responsibility Matrix (CRM)
The CIS/CRM is an Excel document that shows a summary of how each control is met (inherited from the PH PaaS, implemented at the System-Specific SaaS level, or left to the customer agency to implement)
