FedRAMP SaaS Sample Documentation

System Security Plan (SSP)

Part of the documentation that Project Hosts will create for you will be an SSP (~400 pages) that shows in detail how your SaaS solution meets all FedRAMP controls. Below is a link to a document showing the SSP table of contents and responses to a few sample controls.

​

Control Iplementation Summary (COS) and Customer Responsibility Matrix (CRM)

The CIS/CRM is an Excel document that shows a summary of how each control is met (inherited from the PH PaaS, implemented at the System-Specific SaaS level, or left to the customer agency to implement)