For mobile, landscape view is recommended.
The Templates and Checklists are the various forms needed to create an RMF package and artifacts that support the completion of the eMASS registration. In addition to the Templates and Checklists, refer to the Cyber Commissioning and the Resources and Tools pages to review and download the Unified Facility Criteria and the Unified Facility Guide Specifications. While the templates and checklists are labeled DoD, ESTCP or Navy, they are fairly organization agnostic and any organization can modify them to suit their own use.
| Product | Date Posted |
| Feb 2019 | |
|
NIST SP 800-171 CRMP Checklist NIST SP 800-171 Cyber Risk Management Plan Checklist (03-26-2018) |
Feb 2019 |
|
Use the modified NIST template. |
July 2018 |
|
Use the excel file template for a DoD data incident. |
July 2018 |
|
US-CERT Incident Response Form Use the excel file template for a non-DoD data incident. |
July 2018 |
|
Event/Incident Response Plan (EIRP) Use the modified FedRAMP templates. |
July 2018 |
|
Event/Incident Communications Plan (EICP) Use the modified FedRAMP template (ESTCP EICP Graphics). |
July 2018 |
|
Recommend using the CSET tool/template or DoD Core Authorization Package excel file. |
July 2018 |
|
Security Assessment Report (SAR) ESTCP does not require a SAR, however, many insurance companies or AO’s may require a SAR. An organization can use the modified FedRAMP template. |
July 2018 |
|
Plan of Action & Milestones (POAM) Use the modified FedRAMP templates (GSA and DoD provided) (POAM Template). |
July 2018 |
|
NIST SP 800-53 R4 and 800-82 R2 Merged Example The complete security controls listed with the IT portion and the OT Supplemental Guidance added. |
July 2018 |
|
NIST SP 800-82 ICS Overlay Security Controls An excel file that adds/removes security controls from the IT baseline for OT FRCS. |
July 2018 |
| July 2018 | |
| July 2018 | |
|
A checklist for FRCS to ensure the OS and vendor software, physical networks (firewalls, routers, devices, etc.) are properly hardened and configured to the JIE requirements. |
July 2018 |
|
A checklist for FRCS to ensure the OS and vendor software, physical networks (firewalls, routers, devices, etc.) are properly hardened and configured to the JIE requirements. |
July 2018 |
|
This cost template is for investigators to use when preparing their full cost proposal and breaks down the 6 Steps of the RMF into distinct cost line items. The IE or ESTCP office will provide a Subject Matter Expert (SME) to assist the teams to prepare the documents and submittals. |
May 2018 |
|
ESTCP Information Technology Policies and Procedures A generic template of recommended policies and procedures (artifacts) to support the answers to the security control questions. |
July 2018 |
|
DoD RMF Core Security Authorization Package (replica of eMASS) The RMF Families of Security Controls (NIST SP 800-53 R4 and NIST SP 800-82R2) that must be answered to obtain an ATO on the DoDIN. |
July 2018 |