v1.1.0
About
Home
Controls
Controls Layer
📚
Control Catalogs
📋
Baselines
🔄
Mappings
Resources
OSCAL
🌙
Login
OSCAL Profile / Baseline
Profile from FedRAMP 20x Key Security Indicators
•
MODERATE
• 54 controls • Source:
FedRAMP 20x Key Security Indicators
•
Started
Created from FedRAMP 20x Key Security Indicators catalog
Export OSCAL
JSON
YAML
XML
← Back
54
Selected Controls
54
P2
▼
Priority by Control Family
— click a badge to filter
✕ Clear Filter
AUTH
4 controls
4
CM
7 controls
7
CNA
5 controls
5
EDU
3 controls
3
IAM
5 controls
5
IR
4 controls
4
MLA
7 controls
7
POL
4 controls
4
REC
4 controls
4
SCR
4 controls
4
SVC
7 controls
7
Legend:
P1 (High)
P2 (Medium)
P3 (Low)
None
54 controls in this profile
Expand All
Collapse All
AUTH
— Authorization by FedRAMP
4
KSI-AUTH-01
P2
Authorization Data Sharing
KSI-AUTH-02
P2
Significant Change Notifications
KSI-AUTH-03
P2
Vulnerability Disclosure Program
KSI-AUTH-04
P2
FedRAMP 20x Compliance Attestation
CM
— Change Management
7
KSI-CM-01
P2
Configuration Baseline
KSI-CM-02
P2
Version Control
KSI-CM-03
P2
Immutable Deployment
KSI-CM-04
P2
Automated Testing
KSI-CM-05
P2
Change Approval Process
KSI-CM-06
P2
Rollback Capability
KSI-CM-07
P2
Change Impact Analysis
CNA
— Cloud Native Architecture
5
KSI-CNA-01
P2
DoS Protection
KSI-CNA-02
P2
High Availability
KSI-CNA-03
P2
Container Immutability
KSI-CNA-04
P2
Microservices Isolation
KSI-CNA-05
P2
Auto-Scaling
EDU
— Cybersecurity Education
3
KSI-EDU-01
P2
Security Awareness Training
KSI-EDU-02
P2
Role-Based Training
KSI-EDU-03
P2
Phishing Simulation
IAM
— Identity and Access Management
5
KSI-IAM-01
P2
Phishing-Resistant MFA
KSI-IAM-02
P2
Least Privilege Access
KSI-IAM-03
P2
Centralized Identity
KSI-IAM-04
P2
Privileged Access Management
KSI-IAM-05
P2
Service Account Management
IR
— Incident Response
4
KSI-IR-01
P2
Incident Response Plan
KSI-IR-02
P2
Incident Detection and Reporting
KSI-IR-03
P2
Incident Recovery
KSI-IR-04
P2
Tabletop Exercises
MLA
— Monitoring, Logging, and Auditing
7
KSI-MLA-01
P2
Centralized Logging
KSI-MLA-02
P2
Log Retention
KSI-MLA-03
P2
Vulnerability Scanning
KSI-MLA-04
P2
Infrastructure Monitoring
KSI-MLA-05
P2
Alert Response
KSI-MLA-06
P2
Anomaly Detection
KSI-MLA-07
P2
Penetration Testing
POL
— Policy and Inventory
4
KSI-POL-01
P2
Security Policy Documentation
KSI-POL-02
P2
Asset Inventory
KSI-POL-03
P2
Data Classification
KSI-POL-04
P2
Acceptable Use Policy
REC
— Recovery Planning
4
KSI-REC-01
P2
Backup Strategy
KSI-REC-02
P2
Recovery Time Objectives
KSI-REC-03
P2
Disaster Recovery Testing
KSI-REC-04
P2
Business Continuity Plan
SCR
— Supply Chain Risk
4
KSI-SCR-01
P2
Third-Party Authorization
KSI-SCR-02
P2
Software Bill of Materials
KSI-SCR-03
P2
Dependency Scanning
KSI-SCR-04
P2
Supply Chain Attestation
SVC
— Service Configuration
7
KSI-SVC-01
P2
Encryption at Rest
KSI-SVC-02
P2
Encryption in Transit
KSI-SVC-03
P2
Component Integrity
KSI-SVC-04
P2
Hardened Baselines
KSI-SVC-05
P2
Key Management
KSI-SVC-06
P2
Network Segmentation
KSI-SVC-07
P2
Endpoint Protection
OSCAL Metadata
+
OSCAL Version
Not set
Document Version
Not set
Published
Not set
Last Modified
2026-03-24T00:32:48Z
Roles
0
No roles defined
Parties
0
No parties defined