Today we released an updated and significantly different version of the Inventory Template as a separate attachment to the FedRAMP System Security Plan (SSP).
Why did we do this?
Previously, cloud system inventory information was kept in different parts of the SSP, Security Assessment Plan (SAP), Security Assessment Report (SAR), Contingency Plan, and the Plan of Action & Milestones (POA&M) templates. Much of this information was also duplicative and made the inventory data time consuming to populate and difficult for reviewers to clearly see a system’s unique inventory components without cross-checking multiple documents.
To make it easier to input, view, and analyze inventory data, we consolidated OS/Infrastructure, Database, and Software inventory into a single Excel tab and:
Merged several pairs of fields into one (e.g., Software and Software Version and IPv4 and IPv6)
Deleted low-value fields such as Asset Weight
Provided easy-to-understand guidance and examples
This is the first major change that we’ve made to this important template and we welcome suggestions on how we can continue to improve it. Send any ideas for future improvement to firstname.lastname@example.org.