Overview
NOTE
The FedRAMP Board approved the latest FedRAMP Policy for Cyptographic Module Selection and Use on January 16, 2025.In Paramify, Appendix Q is data flow driven which includes the following for data in transit and data at rest:
- Source (component)
- Destination (component)
- Source Validation (Validation component)
- Destination Validation (Validation component)
- Service (component)
- Usage
- Notes
Details for Appendix Q can be created or updated in each of the components above. It is recommended to create the data flows on the Data element types. The fields available to support Appendix Q in each component vary by what is relevant for that component. Below are example pages to input or review Data Flows.
For information on NIST validated Cryptographic modules, see Cryptographic Module Name Program.
Paramify also includes Data Element types to the data flows to help evaluate that the list of components included in Appendix Q are complete and accurate.
SaaS Component View
Cloud Services: Service Component View
Appendix Q to Component & Data Flow Field Mapping
See Appendix Q to Component & Data Flow Field Mapping for details.
Refining Appendix Q
Once all the components above are created and/or updated accurately, the data flow details can be added or updated from the Data Element types or the source, destination, or service component. The Service and Validation components will likely be the easiest to compare with Appendix Q to troubleshoot if something looks inaccurate in the deliverable generated by Document Robot.
If you are coming back to address Appendix Q after your initial review/update of the Elements, it might be easiest to Add Data Flow details on Data elements. You can expand the Data Flow view from any element with Data Flow to update all the relevant inputs for Appendix Q using the expand button next to the plus.
For more information about generating Appendix Q, see Document Robot: Generating Compliance Deliverables.
Comments
0 comments
Please sign in to leave a comment.