FCS Security Forms & Templates
The FCS forms and templates listed here cover a series of security and business risk management activities. Please note documents may have limited access and require a copy to be made to complete for use.
FCS Tenant Required Security Templates
Tenants use this template to document security risks identified but are not remediable via Plan of Action and Milestones (POA&Ms). Risks in this category are often due to technical limitations, however Tenants must first make honest attempts to address all risks via POA&M's prior to requesting acceptance of risk via this template.
FCS Security Requests
FCS Security requests are submitted through Jira or ServiceNow and are categorized below:
Jira
Firewall change request
Account Creation & Deletion
ServiceNow
Security Scan Request
Report a Lost Item
Report a Stolen Item
Security Training Compliance
Visit the Requests page for direct links to submit specific requests.
Further support can be found on the FCS Tenant Quick Reference Guide and the Cloud Support Center.
Tenants use this template to document business impact and recovery procedures as needed to sustain primary business functions.
Digital Identity Acceptance statements help determine the desired digital authenticator assurance levels to be deployed. Assurance Levels range from AAL 1 to AAL 3.
Tenants use this template to categorize information systems based on NIST SP-800-60 Vol 2 Information Types.
Tenants use this template to document the rules of behavior and desired nature of a data sharing agreement. This is typically required when connecting to system(s) within the authorization purview of different Authorizing Officials.
Tenants use this template to document the characteristics of an interconnection such as type of connect (internal/external), flow of connection (inbound/outbound) etc. An Interconnection Security Agreements (ISA) are typically required when connecting to system(s) within the authorization purview of different Authorizing Officials.
Tenants use this template to capture the necessary details pertaining to Privacy Data to the Chief Privacy Officer for review and approval.
Tenants use this template to conduct Privacy threshold analysis exercise to determine the extent by which an information system (asset) collects Personal Identifiable Information (PII).
This Service Level Agreement (SLA) and the Memorandum of Understanding (MOU) specifies the technical and security requirements for the exchange and consumption of services, including but not limited to the transmission of data between systems.
Customer Responsibility Matrix (CRM)
Customer Responsibility Matrices are used to control the documentation and inheritance model of information security controls within the GSA FCS Program.
Documents available via request.