IATT Documentation and Test Plans

old.reddit.com / @/u/gcolli795, https://old.reddit.com/user/gcolli795

Still learning the Ins and outs of ATOs and RMF.

Hey everyone, so I am at a complete loss. In all the documentation I can find. I can not find a definition of what a test plan is or should like. Heck in most docs like 800-37 or 800-53 test plan isn't even used. Im being told that its different than the assessment plan in RMF step 4? So thats confusing. Additionally I cannot find what is required for an IATT, what artifacts are needed or what it should like like. I assume its like a normal ATO package but you just go up to step 3?

my questions are:

  • what exactly is a test plan, what is it used for? What needs to be in it? what step is a test plan written at?
  • What does an IATT package look like? what artifacts are required? What step is it a part of?

[!Note] pretty please include any references

TIA!!

submitted by /u/gcolli795
[link] [comments]

published 4 months ago


Previous

Does anyone know what changed from the last one in the new Cloud SRG
published 4 months ago

Next

Session timeout - forcibly log-out required?
published 4 months ago
See all items from the same source