Customer Responsibility Matrix (CRM)

old.reddit.com / @/u/goetzecc, https://old.reddit.com/user/goetzecc

In order to correctly complete an SSP, for say, a SaaS csp, wouldn’t you need the CRM for the IaaS it’s hosted on to correctly complete the control narratives? Where the csp has inherited some controls, you indicate that, but where they have responsibility for others, you describe how you implemented the ones you are responsible for.

submitted by /u/goetzecc
[link] [comments]

published 5 months ago


Previous

Azure Commercial FEDRAMP Package - CRM for NIST Controls 800-53
published 5 months ago

Next

Easiest way to determine availability of FedRAMP'd products within certain FedRAMP clouds?
published 5 months ago
See all items from the same source