Published: 10/23/2024
CFACTS UI Changes: Current and new comparison
We've prepared a list of changes for you to easily compare the old navigation to new.
This blog is part of a series of updates about the changes coming to the CFACTS application. The UI is being revised to better reflect the RMF (Risk Management Framework) process. We will be posting updates regularly to help you navigate this transition.
With the RMF UI changes, the tabs you are used to seeing in the authorization package are going to look different and some sections have been moved to other tabs to better reflect the RMF. These changes are detailed below. You can see the destination of the sections once the new RMF UI is released (we are anticipating the release to be in place by end of December).
General tab
| Section | New Tab | Notes |
| Authorization Package Type | Step 0 - Prepare | Contains: Division Owner, Reporting Divisions |
| Information System Details | Step 0 - Prepare | Now found on sub tab:Authorization Boundary and Asset Identification in the Asset Identification section. |
| System Provider(s) for Service or Capabilities | Step 0 - Prepare | Contains: System Provider(s)
Now found on sub tab: System Provider and Inheritors |
| System Inheritor(s) for Services or Capabilities | Step 0 - Prepare | Contains: System Inheritor(s), Inherited Controls and Elements: (Display Report)
Now found on sub tab: System Provider and Inheritors |
| Cloud Services | Step 0 - Prepare | Contains: Cloud Service Provider Details.
This is no longer its own section and is now part of Authorization Package Type section.
|
| Stakeholders | Step 0 - Prepare | Now found on sub tab: Stakeholder Identification |
| ISSO Documents | Step 0 - Prepare | Now found on sub tab: Stakeholder Identification |
| Related Pre-TPWA | Step 1 - Categorize | Contains: Related Pre-TPWA
Now found on sub tab: |
| Appendix Documentation | Step 4 - Assess | Now found on sub tab: Related Documents |
Security Category tab
| Section | New Tab | Notes |
| Organizational Users | Step 1 -Categorize | |
| Information Type | Step 0 - Prepare | Now found on sub tab: Information Types Inventory and Information Lifecycle |
| Personally Identifiable Information (PII) | Step 1 -Categorize | |
| Protected Health Information (PHI) | Step 1 -Categorize | |
| Security Category | Step 1 -Categorize | Contains Additional Security Category Documentation |
| Digital Identity Details | Step 1 -Categorize | |
| Sub tab: SORN | Step 1 -Categorize | Contains: System of Records Notice (SORN)
|
| Sub tab: Contingency Plan Details | Step 1 -Categorize | Contains: Contingency Plan Documentation |
| Sub tab: incident Response Plan Details | Step 1 -Categorize | Contains: Incident Response Documentation
|
| Sub tab: PIA | Step 1 -Categorize | Contains: Privacy Impact Assessment (PIA), Privacy Impact Assessment(PIA) Details, Privacy Impact Assessment(PIA) Documentation |
| Sub tab: ISRA | Step 0 - Prepare | Contains: Business System Risks, Information Security Risk Assessment (ISRA) Documentation, Generate ISRA button
Now found on sub tab: Information Types Inventory and Information Lifecycle |
| Sub tab: Computer Matching Agreement | Step 1 -Categorize | Contains: Computer matching Agreement Documentation |
| Sub tab: SIA documentation | Step 1 -Categorize | Contains: Security Impact Assessment Documentation |
| Sub tab: Authentication | Step 1 -Categorize | Contains: Authentication Selection, Related Authentication, Authentication Metrics Summary |
| Sub tab: E-CAP | Step 1 -Categorize | Contains: Encryption- Corrective Action Plan |
| Sub tab: High Value Assets (HAV) | Step 1 -Categorize | Contains: High Value Assets(HVA), High Value Documentation |
| Sub tab: M-21-31 Logging | Step 1 -Categorize | Contains: M-21-31 Logging Questionnaire |
Boundary tab
| Section | New Tab | Notes |
| CDM Visibility | Step 6 - Monitor | |
| Boundary Description | Step 0 - Prepare | Contains: Authorization Boundary Description Now found on sub tab: Authorization Boundary and Asset Identification |
| Boundary Diagrams | Step 0 – Prepare | Contains: Boundary Diagram Documentation
Now found on sub tab: Authorization Boundary and Asset Identification |
| Interconnection(s) | Step 0 – Prepare | Contains: Interconnections
Now found on sub tab: Authorization Boundary and Asset Identification |
| Memorandum of Understanding (MOU) | Step 0 – Prepare | Contains: Memorandum of Understanding(MOU) Documentation
Now found on sub tab: Authorization Boundary and Asset Identification |
| System FQDN(s) | Step 0 – Prepare | Contains: System FQDNs
Now found on sub tab: Authorization Boundary and Asset Identification |
| Hardware Summary | Step 0 – Prepare | Contains: Hardware Cross Reference Report (Display Report) |
| Software Summary | Step 0 - Prepare | Contains: Software |
Controls tab
| Section | New Tab | Notes |
| Planned ARS Migration Date | Removed | This field has been removed as it is no longer needed. |
| Control Action | Step 2, 3 - Select and Implement | |
| Sub tab: ARS 5 Summary | Step 2, 3 - Select and Implement | Contains: Count of Controls |
| Sub tab: Allocated Controls Elements Cross-Reference | Step 2, 3 - Select and Implement | Contains: Allocated Controls Elements Cross-Reference, Allocated Control Elements |
| Sub tab: Allocated Controls Elements Report | Step 2, 3 - Select and Implement | Contains: Allocated Controls Elements Report Instructions (Display Report) |
| Sub tab: Control Elements Missing Shared Implementation Details | Step 2, 3 - Select and Implement | Contains: Control Elements Missing Shared Implementation Details Report (Display Report) |
| Sub tab: Control Elements Missing Private Shared Implementation Details | Step 2, 3 - Select and Implement | Contains: Missing Private Implementation Details Report (Display Report) |
Sub tab: Not Assessed and Other Than Satisfied Control Elements
| Step 2, 3 - Select and Implement | Contains: Not Assessed and Other Than Satisfied Control Elements (Display Report) (This doesn’t appear unless there are controls in the package.) |
| Sub tab: CAAT Template | Step 2, 3 - Select and Implement | Contains: CAAT Template (Display Report) |
| Archive Controls | Step 2, 3 - Select and Implement |
Assessments tab
| Section | New Tab | Notes |
| Assessment History | Step 4 - Assess | Now found on sub tab: Assessment |
| Assessment Artifacts | Step 4 - Assess | Now found on sub tab: Assessment |
| Authorization Package Documentation | Step 4 - Assess | Name changed to:
Now found on sub tab: Related Documents |
POA&Ms tab
| Section | New Tab | |
| POA&Ms Summary | Step 4 – Assess | Now found on sub tab: POA&Ms
|
| Sub tab: Open POA&Ms | Step 4 – Assess | Contains: Open POA&Ms Details (Display Report)
Now found on sub tab: POA&Ms |
| Sub tab: Delayed POA&Ms | Step 4 – Assess | Contains: Delayed POA&Ms Details (Display Report)
Now found on sub tab: POA&Ms |
| Sub tab: Pending Verification POA&Ms | Step 4 – Assess | Contains: Pending Verification POA&Ms Details (Display Report)
Now found on sub tab: POA&Ms |
| Sub tab: Completed POA&Ms | Step 4 – Assess | Contains: Completed POA&Ms Details (Display Report)
Now found on sub tab: POA&Ms |
Sub tab: Count of POA&Ms By Overall Status | Step 4 – Assess | Contains: Count of POA&Ms By Overall Status Details (Display Report) POA&Ms
|
| Sub tab: Open POA&Ms Milestone Updates Reports | Step 4 - Assess | Contains: Open POA&Ms Milestone Updates Reports Details (Display Report) Now found on sub tab: POA&Ms |
Authorization tab
| Section | New Tab | Notes |
| Pre-assessment Review | Step 4 - Assess | Now found on sub tab: Assessment |
| System Security and Privacy Plan (SSPP) | Step 5 - Authorize | Contains: System Security and Privacy Plan (SSPP) Documentation, Generate SSPP Button Now found on sub tab: Authorization Decision and Details
|
| Security Assessment Report | Step 4 - Assess | Contains: Security Assessment Report(SAR) Assessment |
| ATO Requests | Step 5 - Authorize | Contains: ATO Requests
Now found on sub tab: ATO Requests |
| Override ATO Request Information | Step 5 – Authorize | Now found on sub tab: ATO Requests |
Authorization Decision | Step 5 – Authorize | Contains: Authorization Memo Documentation
Now found on sub tab: Authorization Decision and Details
|
Ongoing Authorization Details | Step 5 - Authorize | Now found on sub tab: Authorization Decision and Details
|
| Certification Form (Legacy) | Step 5 – Authorize | Contains: Certificate Form
|
| Ato Details | Step 5 – Authorize | Now found on sub tab: ATO Requests
|
| ATO Maintenance = Attestation | Step 5 - Authorize | Contains Control Elements Assessment Since ATO Report (Display Report) ATO Requests |
| Retire | Step 5 - Authorize | Contains: Retire Documentation, Retire Comments
Now found on sub tab: Retirement |
Documentation tab
| Section | New Tab | Notes |
| Authorization Package Documentation | Step 4 - Assess | Name changed to:
Now found on sub tab: Related Documents |
| Archived Documentation | Step 4 - Assess | Contains: Archived Documentation (Display Report) |
Community Portal tab
The Community Portal has been phased out and will not be a part of the new RMF UI. You can aways reach out to the slack channel #cfacts_community if you need clarification or guidance.
Have questions?
Reach out to us on the CFACTS_Community slack channel or make an inquiry through the CFACTS Portal.
About the publisher:
The CMS FISMA Continuous Tracking System (CFACTS) is the database used to track system security and support the system authorization process. The CFACTS Team works on improvements to the platform and helps people use it effectively.
