Skip to main content

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Share your experience with the FAS IT-Playbook by taking this brief survey

FCS Security Forms & Templates

The FCS forms and templates listed here cover a series of security and business risk management activities. Please note documents may have limited access and require a copy to be made to complete for use.

FCS Tenant Required Security Templates

Acceptance of Risk Template

Tenants use this template to document security risks identified but are not remediable via Plan of Action and Milestones (POA&Ms). Risks in this category are often due to technical limitations, however Tenants must first make honest attempts to address all risks via POA&M's prior to requesting acceptance of risk via this template.

FCS Security Requests

FCS Security requests are submitted through Jira or ServiceNow and are categorized below:
Jira
Firewall change request
Account Creation & Deletion
ServiceNow
Security Scan Request
Report a Lost Item
Report a Stolen Item
Security Training Compliance
Visit the Requests page for direct links to submit specific requests. Further support can be found on the FCS Tenant Quick Reference Guide and the Cloud Support Center.

Business Impact Assessment

Tenants use this template to document business impact and recovery procedures as needed to sustain primary business functions.

Digital Identity Acceptance Statement

Digital Identity Acceptance statements help determine the desired digital authenticator assurance levels to be deployed. Assurance Levels range from AAL 1 to AAL 3.

FIPS Low SSPP

Tenants use this template to document all control implementation details and Overview of a Low system operational status.
- EBTA
- MCaaS

FIPS Moderate SSPP

Tenants use this template to document all control implementation details and Overview of a Moderate system operational status.
- EBTA
- MCaaS

FIPS 199 Security Categorization

Tenants use this template to categorize information systems based on NIST SP-800-60 Vol 2 Information Types.

GSA Data Sharing Agreement

Tenants use this template to document the rules of behavior and desired nature of a data sharing agreement. This is typically required when connecting to system(s) within the authorization purview of different Authorizing Officials.

Interconnection Security Agreement

Tenants use this template to document the characteristics of an interconnection such as type of connect (internal/external), flow of connection (inbound/outbound) etc. An Interconnection Security Agreements (ISA) are typically required when connecting to system(s) within the authorization purview of different Authorizing Officials.

Privacy Impact Assessment

Tenants use this template to capture the necessary details pertaining to Privacy Data to the Chief Privacy Officer for review and approval.

Privacy Threshold Assessment

Tenants use this template to conduct Privacy threshold analysis exercise to determine the extent by which an information system (asset) collects Personal Identifiable Information (PII).

Service Level Agreement & Memorh3m of Understanding

This Service Level Agreement (SLA) and the Memorandum of Understanding (MOU) specifies the technical and security requirements for the exchange and consumption of services, including but not limited to the transmission of data between systems.

Customer Responsibility Matrix (CRM)

Customer Responsibility Matrices are used to control the documentation and inheritance model of information security controls within the GSA FCS Program.

Documents available via request.