Under active development — Content is continuously updated and improved

Home / Frameworks / FedRAMP 20x KSI / MODERATE Impact

FedRAMP 20x Key Security Indicators

Key Security Indicators for FedRAMP 20x authorization

60 All 55 Low 60 Moderate

Showing 60 indicators for MODERATE impact level

AFR — Authorization by FedRAMP (10 indicators)

KSI-AFR-ADSAuthorization Data Sharing

KSI-AFR-CCMCollaborative Continuous Monitoring

KSI-AFR-FSIFedRAMP Security Inbox

KSI-AFR-ICPIncident Communications Procedures

KSI-AFR-MASMinimum Assessment Scope

KSI-AFR-PVAPersistent Validation and Assessment

KSI-AFR-SCGSecure Configuration Guide

KSI-AFR-SCNSignificant Change Notifications

KSI-AFR-UCMUsing Cryptographic Modules

KSI-AFR-VDRVulnerability Detection and Response

CED — Cybersecurity Education (4 indicators)

KSI-CED-DETReviewing Development and Engineering Training

KSI-CED-RGTReviewing General Training

KSI-CED-RRTReviewing Response and Recovery Training

KSI-CED-RSTReviewing Role-Specific Training

CMT — Change Management (4 indicators)

KSI-CMT-LMCLogging Changes

KSI-CMT-RMVRedeploying vs Modifying

KSI-CMT-RVPReviewing Change Procedures

KSI-CMT-VTDValidating Throughout Deployment

CNA — Cloud Native Architecture (8 indicators)

KSI-CNA-DFPDefining Functionality and Privileges

KSI-CNA-EISEnforcing Intended State

KSI-CNA-IBPImplementing Best Practices

KSI-CNA-MATMinimizing Attack Surface

KSI-CNA-OFAOptimizing for Availability

KSI-CNA-RNTRestricting Network Traffic

KSI-CNA-RVPReviewing Protections

KSI-CNA-ULNUsing Logical Networking

IAM — Identity and Access Management (7 indicators)

KSI-IAM-AAMAutomating Account Management

KSI-IAM-APMAdopting Passwordless Methods

KSI-IAM-ELPEnsuring Least Privilege

KSI-IAM-JITAuthorizing Just-in-Time

KSI-IAM-MFAEnforcing Phishing-Resistant MFA

KSI-IAM-SNUSecuring Non-User Authentication

KSI-IAM-SUSResponding to Suspicious Activity

INR — Incident Response (3 indicators)

KSI-INR-AARGenerating After Action Reports

KSI-INR-RIRReviewing Incident Response Procedures

KSI-INR-RPIReviewing Past Incidents

MLA — Monitoring, Logging, and Auditing (5 indicators)

KSI-MLA-ALAAuthorizing Log Access

KSI-MLA-EVCEvaluating Configurations

KSI-MLA-LETLogging Event Types

KSI-MLA-OSMOperating SIEM Capability

KSI-MLA-RVLReviewing Logs

PIY — Policy and Inventory (5 indicators)

KSI-PIY-GIVGenerating Inventories

KSI-PIY-RESReviewing Executive Support

KSI-PIY-RISReviewing Investments in Security

KSI-PIY-RSDReviewing Security in the SDLC

KSI-PIY-RVDReviewing Vulnerability Disclosures

RPL — Recovery Planning (4 indicators)

KSI-RPL-ABOAligning Backups with Objectives

KSI-RPL-ARPAligning Recovery Plan

KSI-RPL-RROReviewing Recovery Objectives

KSI-RPL-TRCTesting Recovery Capabilities

SCR — Supply Chain Risk (2 indicators)

KSI-RSC-MONMonitoring Supply Chain Risk

KSI-SCR-MITMitigating Supply Chain Risk

SVC — Service Configuration (8 indicators)

KSI-SVC-ACMAutomating Configuration Management

KSI-SVC-ASMAutomating Secret Management

KSI-SVC-EISEvaluating and Improving Security

KSI-SVC-PRRPreventing Residual Risk

KSI-SVC-RUDRemoving Unwanted Data

KSI-SVC-SNTSecuring Network Traffic

KSI-SVC-VCMValidating Communications

KSI-SVC-VRIValidating Resource Integrity