Security Assessment Plan (SAP)
A Security Assessment Plan (SAP) is developed by a Third-Party Assessment Organization (3PAO) and outlines the specific procedures and methodologies that will be used during the security assessment for FedRAMP authorization.
- glossary
- What is a Security Assessment Plan (SAP)?
What is a Security Assessment Plan (SAP)?
A Security Assessment Plan (SAP) is developed by a Third-Party Assessment Organization (3PAO) and outlines the specific procedures and methodologies that will be used during the security assessment for FedRAMP authorization.
Designed to guide the assessor through the assessment process and ensure a systematic and consistent approach, the SAP specifies:
- assessment procedures
- scope
- techniques
- tools
- roles and responsibilities
While the SAP specifies the how of a FedRAMP assessment, the Security Assessment Report (SAR) explains the result of that assessment process.