System Questionnaire

Answer the following questions to determine which security baseline applies to your system

System Type

What type of system are you deploying?

Software as a Service (SaaS)

Platform as a Service (PaaS)

Infrastructure as a Service (IaaS)

On-Premises System

Impact Level

What is the impact level of the data processed by your system?

Low Impact SaaS (LiSaaS) - Streamlined controls for cloud-based SaaS applications (38 controls)

Low Impact - Limited adverse effects on operations, assets, or individuals (129 controls)

Moderate Impact - Serious adverse effects on operations, assets, or individuals (275 controls)

High Impact - Severe or catastrophic effects on operations, assets, or individuals (514 controls)

Cloud Provider

Which cloud provider are you using (if applicable)?

Amazon Web Services (AWS)

Microsoft Azure

Google Cloud Platform (GCP)

Other Cloud Provider

Not using a cloud provider

AWS Services Used

Which of the following AWS services are you using? (select all that apply)

EC2 (Virtual Machines)

S3 (Storage)

RDS (Relational Database)

Lambda (Serverless)

IAM (Identity and Access Management)

Azure Services Used

Which of the following Azure services are you using? (select all that apply)

Virtual Machines

Azure Storage

Azure SQL Database

Azure Functions

Azure Active Directory (AAD)

Google Cloud Platform Services Used

Which of the following GCP services are you using? (select all that apply)

Compute Engine

Cloud Storage

Cloud SQL

Cloud Functions

Identity and Access Management (IAM)

Cloud Services Used

Please describe the cloud services you are using:

System Information

System Name

System Description

System Owner

Security Engineer

NIST FISMA Authorization Tool Based on NIST SP 800-53 Rev. 5