FedRAMP 20x Key Security Indicators
Key Security Indicators for FedRAMP 20x authorization
Showing 55 indicators for LOW impact level
AFR — Authorization by FedRAMP (10 indicators)
KSI-AFR-ADSAuthorization Data Sharing
LOW
MODERATE
KSI-AFR-CCMCollaborative Continuous Monitoring
LOW
MODERATE
KSI-AFR-FSIFedRAMP Security Inbox
LOW
MODERATE
KSI-AFR-ICPIncident Communications Procedures
LOW
MODERATE
KSI-AFR-MASMinimum Assessment Scope
LOW
MODERATE
KSI-AFR-PVAPersistent Validation and Assessment
LOW
MODERATE
KSI-AFR-SCGSecure Configuration Guide
LOW
MODERATE
KSI-AFR-SCNSignificant Change Notifications
LOW
MODERATE
KSI-AFR-UCMUsing Cryptographic Modules
LOW
MODERATE
KSI-AFR-VDRVulnerability Detection and Response
LOW
MODERATE
CED — Cybersecurity Education (4 indicators)
CMT — Change Management (4 indicators)
CNA — Cloud Native Architecture (7 indicators)
KSI-CNA-DFPDefining Functionality and Privileges
LOW
MODERATE
KSI-CNA-IBPImplementing Best Practices
LOW
MODERATE
KSI-CNA-MATMinimizing Attack Surface
LOW
MODERATE
KSI-CNA-OFAOptimizing for Availability
LOW
MODERATE
KSI-CNA-RNTRestricting Network Traffic
LOW
MODERATE
KSI-CNA-RVPReviewing Protections
LOW
MODERATE
KSI-CNA-ULNUsing Logical Networking
LOW
MODERATE
IAM — Identity and Access Management (7 indicators)
KSI-IAM-AAMAutomating Account Management
LOW
MODERATE
KSI-IAM-APMAdopting Passwordless Methods
LOW
MODERATE
KSI-IAM-ELPEnsuring Least Privilege
LOW
MODERATE
KSI-IAM-JITAuthorizing Just-in-Time
LOW
MODERATE
KSI-IAM-MFAEnforcing Phishing-Resistant MFA
LOW
MODERATE
KSI-IAM-SNUSecuring Non-User Authentication
LOW
MODERATE
KSI-IAM-SUSResponding to Suspicious Activity
LOW
MODERATE