Skip to main content

Published: 10/23/2024

CFACTS UI Changes: Current and new comparison

by CFACTS Team

We've prepared a list of changes for you to easily compare the old navigation to new.

This blog is part of a series of updates about the changes coming to the CFACTS application. The UI is being revised to better reflect the RMF (Risk Management Framework) process. We will be posting updates regularly to help you navigate this transition.

With the RMF UI changes, the tabs you are used to seeing in the authorization package are going to look different and some sections have been moved to other tabs to better reflect the RMF. These changes are detailed below. You can see the destination of the sections once the new RMF UI is released (we are anticipating the release to be in place by end of December). 

General tab

SectionNew TabNotes
Authorization Package TypeStep 0 - PrepareContains: Division Owner, Reporting Divisions
Information System DetailsStep 0 - PrepareNow found on sub tab:Authorization Boundary and Asset Identification in the Asset Identification section.
System Provider(s) for Service or CapabilitiesStep 0 - Prepare

Contains: System Provider(s) 

 

Now found on sub tab:  System Provider and Inheritors

System Inheritor(s) for Services or CapabilitiesStep 0 - Prepare

Contains: System Inheritor(s), Inherited Controls and Elements: (Display Report)

 

Now found on sub tab:  System Provider and Inheritors

 

Cloud ServicesStep 0 - Prepare

Contains: Hosting, Cloud, and Leveraged Services or Capabilities (Cloud Service Provider Details).

This is no longer its own section and now found on subtab: Hosting, Cloud, and Leveraged Services or Capabilities

StakeholdersStep 0 - PrepareNow found on sub tab: Stakeholder Identification
ISSO DocumentsStep 0 - PrepareNow found on sub tab: Stakeholder Identification
Related Pre-TPWAStep 1 - Categorize

Contains: Related Pre-TPWA

 

Now found on sub tab:
PIA

Appendix DocumentationStep 4 - Assess

Now found on sub tab:

Related Documents

Security Category tab

SectionNew TabNotes
Organizational UsersStep 1 -Categorize 
Information TypeStep 0 - Prepare

Now found on sub tab: 

Information Types Inventory and Information Lifecycle   

Personally Identifiable Information (PII)Step 1 -Categorize 
Protected Health Information (PHI)Step 1 -Categorize 
Security CategoryStep 1 -CategorizeContains Additional Security Category Documentation
Digital Identity DetailsStep 1 -Categorize 
Sub tab: SORNStep 1 -Categorize

Contains: System of Records Notice (SORN) 

 

Sub tab: Contingency Plan Details Step 1 -CategorizeContains: Contingency Plan Documentation
Sub tab: incident Response Plan DetailsStep 1 -Categorize

Contains: Incident Response Documentation 

 

Sub tab: PIAStep 1 -CategorizeContains: Privacy Impact Assessment (PIA), Privacy Impact Assessment(PIA) Details, Privacy Impact Assessment(PIA) Documentation
Sub tab: ISRAStep 0 - Prepare

Contains: Business System Risks, Information Security Risk Assessment (ISRA) Documentation, Generate ISRA button

 

Now found on sub tab: 

Information Types Inventory and Information Lifecycle   

Sub tab: Computer Matching AgreementStep 1 -CategorizeContains: Computer matching Agreement Documentation
Sub tab: SIA documentationStep 1 -CategorizeContains: Security Impact Assessment Documentation
Sub tab: AuthenticationStep 1 -CategorizeContains: Authentication Selection, Related Authentication, Authentication Metrics Summary
Sub tab: E-CAPStep 1 -CategorizeContains: Encryption- Corrective Action Plan
Sub tab:  High Value Assets (HAV)Step 1 -CategorizeContains: High Value Assets(HVA)High Value Documentation
Sub tab: M-21-31 LoggingStep 1 -CategorizeContains: M-21-31 Logging Questionnaire

Boundary tab

SectionNew TabNotes
CDM VisibilityStep 6 - Monitor 
Boundary DescriptionStep 0 - PrepareContains: Authorization Boundary Description

Now found on sub tab: Authorization Boundary and Asset Identification
Boundary DiagramsStep 0 – Prepare

Contains: Boundary Diagram Documentation

 

Now found on sub tab: Authorization Boundary and Asset Identification

Interconnection(s)Step 0 – Prepare

Contains: Interconnections

 

Now found on sub tab: Authorization Boundary and Asset Identification

Memorandum of Understanding (MOU)Step 0 – Prepare

Contains: Memorandum of Understanding(MOU) Documentation

 

Now found on sub tab: Authorization Boundary and Asset Identification

System FQDN(s)Step 0 – Prepare

Contains: System FQDNs

 

Now found on sub tab: Authorization Boundary and Asset Identification

Hardware SummaryStep 0 – PrepareContains: Hardware Cross Reference Report (Display Report)
Software SummaryStep 0 - PrepareContains: Software

Controls tab

SectionNew TabNotes
Planned ARS Migration DateRemovedThis field has been removed as it is no longer needed.
Control ActionStep 2, 3 - Select and Implement 
Sub tab: ARS 5 SummaryStep 2, 3 - Select and ImplementContains: Count of Controls
Sub tab: Allocated Controls Elements Cross-ReferenceStep 2, 3 - Select and ImplementContains: Allocated Controls Elements Cross-Reference, Allocated Control Elements 
Sub tab: Allocated Controls Elements ReportStep 2, 3 - Select and ImplementContains: Allocated Controls Elements Report Instructions (Display Report)
Sub tab: Control Elements Missing Shared Implementation DetailsStep 2, 3 - Select and ImplementContains: Control Elements Missing Shared Implementation Details Report (Display Report)
Sub tab: Control Elements Missing Private Shared Implementation DetailsStep 2, 3 - Select and ImplementContains: Missing Private Implementation Details Report (Display Report)

Sub tab: Not Assessed and Other Than Satisfied Control Elements

 


Step 2, 3 - Select and Implement
Contains: Not Assessed and Other Than Satisfied Control Elements (Display Report)

(This doesn’t appear unless there are controls in the package.)
Sub tab: CAAT TemplateStep 2, 3 - Select and ImplementContains: CAAT Template (Display Report)
Archive ControlsStep 2, 3 - Select and Implement 

Assessments tab

SectionNew TabNotes
Assessment HistoryStep 4 - Assess

Now found on sub tab:

Assessment

Assessment ArtifactsStep 4 - Assess

Now found on sub tab:

Assessment

Authorization Package DocumentationStep 4 - Assess

Name changed to:
Current Documentation (Display Report)

 

Now found on sub tab: Related Documents

POA&Ms tab

Section New Tab 
POA&Ms Summary Step 4 – Assess

Now found on sub tab:

POA&Ms

 

Sub tab: Open POA&MsStep 4 – Assess

Contains: Open POA&Ms Details (Display Report)

 

Now found on sub tab:

POA&Ms

Sub tab: Delayed POA&MsStep 4 – Assess

Contains: Delayed POA&Ms Details (Display Report)

 

Now found on sub tab:

POA&Ms

Sub tab: Pending Verification POA&MsStep 4 – Assess

Contains: Pending Verification POA&Ms Details (Display Report)

 

Now found on sub tab:

POA&Ms

Sub tab: Completed POA&MsStep 4 – Assess

Contains: Completed POA&Ms Details (Display Report)

 

Now found on sub tab:

POA&Ms


 

Sub tab: Count of POA&Ms By Overall Status

Step 4 – Assess

Contains: Count of POA&Ms By Overall Status Details (Display Report)

Now found on sub tab:

POA&Ms

 

Sub tab: Open POA&Ms Milestone Updates ReportsStep 4 - Assess

Contains: Open POA&Ms Milestone Updates Reports Details (Display Report)

 

Now found on sub tab:

POA&Ms

Authorization tab

SectionNew TabNotes
Pre-assessment ReviewStep 4 - Assess

Now found on sub tab:

Assessment

System Security and Privacy Plan (SSPP)Step 5 - Authorize

Contains: System Security and Privacy Plan (SSPP) Documentation, Generate SSPP Button

 

Now found on sub tab: Authorization Decision and Details

 

Security Assessment ReportStep 4 - Assess

Contains: Security Assessment Report(SAR)

Now found on sub tab:

Assessment

ATO RequestsStep 5 - Authorize

Contains: ATO Requests

 

Now found on sub tab:

ATO Requests

Override ATO Request InformationStep 5 – Authorize

Now found on sub tab:

ATO Requests


 

Authorization Decision 

Step 5 – Authorize

Contains: Authorization Memo Documentation

 

Now found on sub tab: Authorization Decision and Details

 


 

Ongoing Authorization Details

Step 5 - Authorize

Now found on sub tab: Authorization Decision and Details

 

Certification Form (Legacy)Step 5 – Authorize

Contains: Certificate Form

Now found on sub tab: Authorization Decision and Details

 

Ato DetailsStep 5 – Authorize

Now found on sub tab:

ATO Requests

 

 

ATO Maintenance = AttestationStep 5 - Authorize

Contains Control Elements Assessment Since ATO Report (Display Report)

Now found on sub tab:

ATO Requests

RetireStep 5 - Authorize

Contains: Retire Documentation, Retire Comments

 

Now found on sub tab:

Retirement

Documentation tab

SectionNew TabNotes
Authorization Package DocumentationStep 4 - Assess

Name changed to:
Current Documentation (Display Report)

 

Now found on sub tab: Related Documents

Archived DocumentationStep 4 - AssessContains: Archived Documentation (Display Report)

Community Portal tab

The Community Portal has been phased out and will not be a part of the new RMF UI. You can aways reach out to the slack channel #cfacts_community if you need clarification or guidance.

Have questions?

Reach out to us on the CFACTS_Community slack channel or make an inquiry through the CFACTS Portal.

About the publisher:

The CMS FISMA Continuous Tracking System (CFACTS) is the database used to track system security and support the system authorization process. The CFACTS Team works on improvements to the platform and helps people use it effectively.