Published: 10/23/2024
CFACTS UI Changes: Current and new comparison
We've prepared a list of changes for you to easily compare the old navigation to new.
This blog is part of a series of updates about the changes coming to the CFACTS application. The UI is being revised to better reflect the RMF (Risk Management Framework) process. We will be posting updates regularly to help you navigate this transition.
With the RMF UI changes, the tabs you are used to seeing in the authorization package are going to look different and some sections have been moved to other tabs to better reflect the RMF. These changes are detailed below. You can see the destination of the sections once the new RMF UI is released (we are anticipating rollout in early January).
General tab
| Section | New Tab | Notes |
| Authorization Package Type | Step 0 - Prepare | Contains: Division Owner, Reporting Divisions |
| Information System Details | Step 0 - Prepare | Now found on sub tab: General Information |
| System Provider(s) for Service or Capabilities | Step 0 - Prepare | Now found on sub tab: Hosting and Leveraged Services or Capabilities This section has been renamed: Leveraging Other Services or Capabilities Contains: CMS System Provider(s), FedRAMP Cloud Service(s), Non FedRAMP Cloud Service(s) |
| System Inheritor(s) for Services or Capabilities | Step 0 - Prepare | Now found on sub tab: Hosting and Leveraged Services or Capabilities This section has been renamed: System(s) Leveraging Your Services or Capabilities Contains: System Inheritor(s), Inherited Controls and Elements: (Display Report) |
| Cloud Services | Step 0 - Prepare | Now found on sub tab: Hosting and Leveraged Services or Capabilities This section has been renamed: Leveraging Other Services or Capabilities Contains: CMS System Provider(s), FedRAMP Cloud Service(s), Non FedRAMP Cloud Service(s) |
| Stakeholders | Step 0 - Prepare | Now found on sub tab: Stakeholder Identification |
| ISSO Documents | Step 0 - Prepare | Now found on sub tab: Stakeholder Identification Contains: ISSO Documents |
| Related Pre-TPWA | Step 1 - Categorize | Now found on sub tab: PIA Contains: Related Pre-TPWA |
| Appendix Documentation | Step 4 - Assess | Now found on sub tab: Related Documents |
Security Category tab
| Section | New Tab | Notes |
| Organizational Users | Step 1 -Categorize | |
| Information Type | Step 0 - Prepare | Now found on sub tab: Information Types Inventory and Information Lifecycle |
| Personally Identifiable Information (PII) | Step 1 -Categorize | |
| Protected Health Information (PHI) | Step 1 -Categorize | |
| Security Category | Step 1 -Categorize | Contains: Additional Security Category Documentation |
| Digital Identity Details | Step 1 -Categorize | |
| Sub tab: SORN | Step 1 -Categorize | Contains: System of Records Notice (SORN) |
| Sub tab: Contingency Plan Details | Step 1 -Categorize | Contains: Contingency Plan Documentation |
| Sub tab: incident Response Plan Details | Step 1 -Categorize | Contains: Incident Response Documentation |
| Sub tab: PIA | Step 1 -Categorize | Contains: Privacy Impact Assessment (PIA), Privacy Impact Assessment(PIA) Details, Privacy Impact Assessment(PIA) Documentation |
| Sub tab: ISRA | Step 0 - Prepare | Note: the ISRA is no longer on its own sub tab Now found on sub tab: Information Types Inventory and Information Lifecycle |
| Sub tab: Computer Matching Agreement | Step 1 -Categorize | Contains: Computer matching Agreement Documentation |
| Sub tab: SIA documentation | Step 1 -Categorize | Contains: Security Impact Assessment Documentation |
| Sub tab: Authentication | Step 1 -Categorize | Contains: Authentication Selection, Related Authentication, Authentication Metrics Summary |
| Sub tab: E-CAP | Step 1 -Categorize | This tab is being retired and will not be in the new UI. |
| Sub tab: High Value Assets (HAV) | Step 1 -Categorize | Contains: High Value Assets (HVA), High Value Documentation |
| Sub tab: M-21-31 Logging | Step 1 -Categorize | Contains: M-21-31 Logging Questionnaire |
Boundary tab
| Section | New Tab | Notes |
| CDM Visibility | Step 6 - Monitor | |
| Boundary Description | Step 0 - Prepare | Now found on sub tab: Authorization Boundary
Contains: Authorization Boundary Description |
| Boundary Diagrams | Step 0 – Prepare | Now found on sub tab: Authorization Boundary
|
| Interconnection(s) | Step 0 – Prepare | Now found on sub tab: Authorization Boundary
Contains: Interconnections
|
| Memorandum of Understanding (MOU) | Step 0 – Prepare | Now found on sub tab: Authorization Boundary Contains: Memorandum of Understanding(MOU) Documentation |
| System FQDN(s) | Step 0 – Prepare | Now found on sub tab: Authorization Boundary Contains: System FQDNs |
| Hardware Summary | Step 0 – Prepare |
Contains: Hardware Cross Reference Report (Display Report) |
| Software Summary | Step 0 - Prepare |
Contains: Software |
Controls tab
| Section | New Tab | Notes |
| Planned ARS Migration Date | Removed | This field has been removed as it is no longer needed. |
| Control Action | Step 2, 3 - Select and Implement | |
| Sub tab: ARS 5 Summary | Step 2, 3 - Select and Implement | Contains: Count of Controls |
| Sub tab: Allocated Controls Elements Cross-Reference | Step 2, 3 - Select and Implement | Contains: Allocated Controls Elements Cross-Reference, Allocated Control Elements |
| Sub tab: Allocated Controls Elements Report | Step 2, 3 - Select and Implement | Contains: Allocated Controls Elements Report Instructions (Display Report) |
| Sub tab: Control Elements Missing Shared Implementation Details | Step 2, 3 - Select and Implement | Contains: Control Elements Missing Shared Implementation Details Report (Display Report) |
| Sub tab: Control Elements Missing Private Shared Implementation Details | Step 2, 3 - Select and Implement | Contains: Missing Private Implementation Details Report (Display Report) |
| Sub tab: Not Assessed and Other Than Satisfied Control Elements | Step 2, 3 - Select and Implement | Contains: Not Assessed and Other Than Satisfied Control Elements (Display Report) (This doesn’t appear unless there are controls in the package.) |
| Sub tab: CAAT Template | Step 2, 3 - Select and Implement | Contains: CAAT Template (Display Report) |
| Archive Controls | Step 2, 3 - Select and Implement |
Assessments tab
| Section | New Tab | Notes |
| Assessment History | Step 4 - Assess | Now found on sub tab: Assessment |
| Assessment Artifacts | Step 4 - Assess | Now found on sub tab: Assessment |
| Authorization Package Documentation | Step 4 - Assess | Name changed to: Now found on sub tab: Related Documents |
POA&Ms tab
| Section | New Tab | |
| POA&Ms Summary | Step 4 – Assess | Now found on sub tab: POA&Ms |
| Sub tab: Open POA&Ms | Step 4 – Assess | Now found on sub tab: POA&Ms Contains: Open POA&Ms Details (Display Report) |
| Sub tab: Delayed POA&Ms | Step 4 – Assess | Now found on sub tab: POA&Ms Contains: Delayed POA&Ms Details (Display Report) |
| Sub tab: Pending Verification POA&Ms | Step 4 – Assess | Now found on sub tab:POA&Ms Contains: Pending Verification POA&Ms Details (Display Report) |
| Sub tab: Completed POA&Ms | Step 4 – Assess | Now found on sub tab: POA&Ms Contains: Completed POA&Ms Details (Display Report) |
Sub tab: Count of POA&Ms By Overall Status | Step 4 – Assess | Now found on sub tab: POA&Ms Contains: Count of POA&Ms By Overall Status Details (Display Report)
|
| Sub tab: Open POA&Ms Milestone Updates Reports | Step 4 - Assess | Now found on sub tab: POA&Ms Contains: Open POA&Ms Milestone Updates Reports Details (Display Report) |
Authorization tab
| Section | New Tab | Notes |
| Pre-assessment Review | Step 4 - Assess | Now found on sub tab: Assessment |
| System Security and Privacy Plan (SSPP) | Step 5 - Authorize | Now found on sub tab: Authorization Decision and Details Contains: System Security and Privacy Plan (SSPP) Documentation, Generate SSPP Button
|
| Security Assessment Report | Step 4 - Assess | Now found on sub tab: Assessment Contains: Security Assessment Report(SAR) |
| ATO Requests | Step 5 - Authorize | Now found on sub tab: ATO Requests Contains: ATO Requests |
| Override ATO Request Information | Step 5 – Authorize | Now found on sub tab: ATO Requests |
| Authorization Decision | Step 5 – Authorize | Now found on sub tab: Authorization Decision and Details Contains: Authorization Memo Documentation |
Ongoing Authorization Details | Step 5 - Authorize | Now found on sub tab: Authorization Decision and Details |
| Certification Form (Legacy) | Step 5 – Authorize | Now found on sub tab: Authorization Decision and Details Contains: Certificate Form |
| ATO Details | Step 5 – Authorize | Now found on sub tab: ATO Requests |
| ATO Maintenance = Attestation | Step 5 - Authorize | Now found on sub tab: ATO Requests Contains Control Elements Assessment Since ATO Report (Display Report) |
| Retire | Step 5 - Authorize | Now found on sub tab: Retirement Contains: Retire Documentation, Retire Comments
|
Documentation tab
| Section | New Tab | Notes |
| Authorization Package Documentation | Step 4 - Assess | Now found on sub tab: Related Documents Name changed to: Current Documentation (Display Report) |
| Archived Documentation | Step 4 - Assess | Contains: Archived Documentation (Display Report) |
Community Portal tab
The Community Portal has been phased out and will not be a part of the new RMF UI. You can aways reach out to the slack channel #cfacts_community if you need clarification or guidance.
Have questions?
Reach out to us on the CFACTS_Community slack channel or make an inquiry through the CFACTS Portal.
About the publisher:
The CMS FISMA Continuous Tracking System (CFACTS) is the database used to track system security and support the system authorization process. The CFACTS Team works on improvements to the platform and helps people use it effectively.
