Compliance / Cyber

The Compliance / Cyber section of the platform is where users can generate system packages related to ATO, FedRAMP, CMMC, and other compliance frameworks. As well as generating other documents related to cybersecurity and compliance.

Here will cover a brief overview of the Compliance / Cyber section, and what packages and documents you can generate.

Table of contents
  1. Objective of the Compliance / Cyber Section
  2. What Packages and Documents Can In A Box Generate?
  3. Getting Started with Compliance / Cyber

Objective of the Compliance / Cyber Section

Our platform is designed to streamline and automate the generation of system packages and compliance documents for ATO, FedRAMP, CMMC, and other compliance frameworks. By leveraging user-provided system information, it converts unstructured data into structured, compliance-ready documents. This automation simplifies the compliance process, saving time and reducing the effort required to produce these essential documents.

To further enhance efficiency, we have developed the platform to populate standard templates—such as Appendix-A-High-FedRAMP-Security-Controls and NIST 800-53 Controls—by automatically checking off boxes and filling in blanks based on the provided system information. This seamless integration not only saves users time and effort in creating these documents from scratch but also ensures consistency and accuracy, thereby further streamlining the compliance process.

In A Box is currently setup to create packages and documents, not evaluate existing ones. Evaluation of existing packages and documents is not supported at this time.

What Packages and Documents Can In A Box Generate?

The Packages and Documents are divided into Folders within the platform and each displaying a set of packages and documents that can be generated. The following are the folders and the packages and documents that can be generated within them:

This list is not exhaustive and is subject to change as the platform is updated and improved. Additionally, if you have any suggestions for new packages or documents, please let us know.

  • Appendix-A-FedPRAMP-Security-Controls
    • Appendix-A-High-FedRAMP-Security-Controls
    • Appendix-A-Moderate-FedRAMP-Security-Controls
    • FedRAMP Checklist
    • NIST 800-53 Controls
  • Appendix-C-Information-Security-Policies-and-Procedures
    • Access Control Policies and Procedures Document
    • Audit and Accountability Policy and Procedure
    • Awareness & Training Policy and Procedure
    • Business Continuity Plan
    • Change Management Policies and Procedures
    • CONOPS (Concept of Operations)
    • Continuity of Operations-COOP
    • Data Classification and Handling Policies
    • Data Spill Incident Handling Procedures
    • Disaster Recovery Plan
    • Employee Training and Awareness Document
    • Information Security and Procedures Document
    • Information Security Program Plan
    • Maintenance Policy and Procedures
    • Media Protection Policy and Procedure
    • Personnel Security Policy and Procedure
    • Physical & Environment Protection Policy and Procedure
    • Planning Policy and Procedure
    • Risk Assessment and Risk Management Document
    • Risk Management Strategy
    • Security Assessment Authorization Policy and Procedure
    • Software Development Life Cycle
    • Supply Chain Risk Management
    • System Communications Protection Policy and Procedure
    • System Information Integrity Policy and Procedure
    • System Services Acquisition Policy and Procedure
  • Appendix-F-Rules-of-Behavior(RoB)
    • Rules of Behavior (RoB) for System Security Plan
  • Appendix-G-System-Contingency-Plan-ISCP
    • Information System Contingency Plan (ISCP) for System Security Plan
  • Appendix-H-Configuration-Management-Plan-CMP
    • Configuration Management Plan (CMP) for System Security Plan.docx
  • Appendix-I-Incident-Response-Plan-IRP
    • Incident Response Plan Addendum DoD
    • Incident Response Plan for the System Security Plan
    • Incident Response Plan Tests
  • Appendix-N-Continuous-Monitoring-Plan
    • Continuous Monitoring Plan
    • FedRamp-Continuous-Monitoring-Monthly-Executive-Summary-Template
  • Appendix-P-Supply-Chain-Risk-Management-Plan-SCRMP
    • Supply Chain Risk Management
  • CMMC
    • NIST 800-171 Requirements
  • DoD
    • IL4 High SSP Addendum v2
    • IL5 High SSP Addendum V2
  • FedRAMP
    • FedRAMP-High-Moderate-Low-LI-SaaS-Baseline-System-Security-Plan-SSP

Getting Started with Compliance / Cyber

To get started with the Compliance / Cyber section, we have created the following two sections:

  • Adding A System: Where we detail on how to add a system and supporting information about the system to the platform.
  • Generating Packages and Documents: Where we detail on how to generate packages and documents for the system added to the platform.

Prior to starting please ensure you have defined a ‘Organization’ in the platform. This is required to add a system and generate packages and documents.

Back to top

Copyright © 2024 Ask Sage Inc. All Rights Reserved.