Templates and Checklists

The Templates and Checklists are the various forms needed to create an RMF package and artifacts that support the completion of the eMASS registration. In addition to the Templates and Checklists, refer to the Cyber Commissioning and the Resources and Tools pages to review and download the Unified Facility Criteria and the Unified Facility Guide Specifications. While the templates and checklists are labeled DoD, ESTCP or Navy, they are fairly organization agnostic and any organization can modify them to suit their own use.

Product List by Product and Date Posted
Product Date Posted
Feb 2019

NIST SP 800-171 CRMP Checklist

Guidance

NIST SP 800-171 Cyber Risk Management Plan Checklist (03-26-2018)

Feb 2019

Security Audit Plan (SAP)

Guidance

Use the modified NIST template.

Jul 2018

DFARS Incident Response Form

Guidance

Use the excel file template for a DoD data incident.

Jul 2018

US-CERT Incident Response Form

Guidance

Use the excel file template for a non-DoD data incident.

Jul 2018

Event/Incident Response Plan (EIRP)

Guidance

Use the modified FedRAMP templates.

Jul 2018

Event/Incident Communications Plan (EICP)

Guidance

Use the modified FedRAMP template (ESTCP EICP Graphics).

Jul 2018

System Security Plan (SSP)

Guidance

Recommend using the CSET tool/template or DoD Core Authorization Package excel file.

Jul 2018

Security Assessment Report (SAR)

ESTCP does not require a SAR, however, many insurance companies or AO’s may require a SAR. An organization can use the modified FedRAMP template.

Jul 2018

Plan of Action & Milestones (POAM)

Guidance

Use the modified FedRAMP templates (GSA and DoD provided) (POAM Template).

Jul 2018

NIST SP 800-53 R4 and 800-82 R2 Merged Example

Guidance

The complete security controls listed with the IT portion and the OT Supplemental Guidance added.

Jul 2018

NIST SP 800-82 ICS Overlay Security Controls

Guidance

An excel file that adds/removes security controls from the IT baseline for OT FRCS.

Jul 2018
Jul 2018

NAVFAC Control System Inventory

Guidance

For Contractor use only, in association with new construction or repair projects that involve control systems and used in support for the requirement to discover, document, and institute a configuration management program.

Jul 2018

FRCS Pentest Checklist

Guidance

A checklist for FRCS to ensure the OS and vendor software, physical networks (firewalls, routers, devices, etc.) are properly hardened and configured to the JIE requirements.

Jul 2018

FRCS FAT and SAT Checklist

Guidance

A checklist for FRCS to ensure the OS and vendor software, physical networks (firewalls, routers, devices, etc.) are properly hardened and configured to the JIE requirements.

Jul 2018

FRCS RMF ATO WBS

Guidance

This cost template is for investigators to use when preparing their full cost proposal and breaks down the 6 Steps of the RMF into distinct cost line items. The IE or ESTCP office will provide a Subject Matter Expert (SME) to assist the teams to prepare the documents and submittals.

May 2018

ESTCP Information Technology Policies and Procedures

Guidance

A generic template of recommended policies and procedures (artifacts) to support the answers to the security control questions.

Jul 2018

DoD RMF Core Security Authorization Package (replica of eMASS)

Guidance

The RMF Families of Security Controls (NIST SP 800-53 R4 and NIST SP 800-82R2) that must be answered to obtain an ATO on the DoDIN.

Jul 2018
Share