At the start of the FedRAMP JAB P-ATO process, the CSP briefs its system architecture to the FedRAMP ISSO and JAB TRs. This in-depth, technical briefing describes clearly the system boundary, identifies internal and external components to the boundary, and how data flows throughout the system. This briefing provides FedRAMP reviewers an understanding of the system architecture and provides context to the SSP; some agencies may or may not require an architecture briefing.
It is absolutely critical that the boundary definition include all of the major components required to transmit, process, and store Federal Data as related to the service offering. Further, all relevant service and system descriptions must capture components of the Boundary. The System Security Plan (SSP) and the security controls must capture detailed explanations of control implementation details related to these boundary components.
Quzara engineers and FedRAMP professionals have years of experience working with CSPs and Federal Agencies in defining the Boundary and can provide focused expertise on this critical task so that clients have a clear vision of future documentation and technical components for the Authorization Boundary.