Controls ​

System Security Plan implementation progress can be tracked as Risk Solutions are mapped to Control requirements

Overview ​

Once information types and security objectives have been set, applicable controls for the project can be selected. The control parameters can also be set or applied and Risk Solutions mapped to the controls to monitor and review control implementation.

Control Selection ​

The control selection will default based on the project project type and security impact. For Example, a FedRAMP NIST 800-53 Revision 5 project with Moderate security impact will default to 323 controls required. Within the Controls Selection page, a user can click on "Edit Selection" and modify the controls selected using the check boxes to the left of the controls based on applicability for the project. The control description, supplemental guidance, and security baseline control requirements can be viewed and used to select applicable controls by clicking "View" under "Actions" on the right of the Controls Selection page.

Control Implementation ​

After controls are selected, configuring policy parameters in Paramify is simple. Within the Controls Implementation page, click on a parameter to adjust its settings. Our OSCAL-based system simplifies setting parameters, whether they require select-many, radio-select, or fill-in options. Paramify also facilitates completing incomplete settings. Just correct any misconfigurations, and you’re all set. The platform makes it easy to automatically match security objective parameter settings and a straightforward option to import your existing parameters.

Implementation status for a control requirement is calculated based off of the lowest implementation status of all linked risk solutions and custom responses for the given control. From highest to lowest implementation, the statuses are as follows:

• Implemented
• Planned
• Partially Implemented
• Alternative Implementation
• Not Implemented
• Not Applicable
• Not Set