← Assessment Tool|20x Resource Hub
Last commit:Apr 8, 2026
·
Verified current as of Apr 13, 2026
v0.9.43-beta

Key Security Indicators

11 themes

All 11 KSI themes with indicators, NIST mappings, and guidance.

KSI-AFR

Authorization by FedRAMP

A secure cloud service provider seeking FedRAMP authorization will address all FedRAMP 20x requirements and recommendations, including government-specific requirements for maintaining a secure system and reporting on activities to government customers.

10 indicators

KSI-CMT

Change Management

A secure cloud service provider will ensure that all changes are properly documented and configuration baselines are updated accordingly.

4 indicators

KSI-CNA

Cloud Native Architecture

A secure cloud service offering will use cloud native architecture and design principles to enforce and enhance the confidentiality, integrity and availability of the system.

8 indicators

KSI-CED

Cybersecurity Education

A secure cloud service provider will educate their employees on cybersecurity measures, testing them persistently to ensure their knowledge is satisfactory.

4 indicators

KSI-IAM

Identity and Access Management

A secure cloud service offering will protect user data, control access, and apply zero trust principles.

7 indicators

KSI-INR

Incident Response

A secure cloud service offering will document, report, and analyze security incidents to ensure regulatory compliance and continuous security improvement.

3 indicators

KSI-MLA

Monitoring, Logging, and Auditing

A secure cloud service offering will monitor, log, and audit all important events, activity, and changes.

5 indicators

KSI-PIY

Policy and Inventory

A secure cloud service offering will have intentional, organized, universal guidance for how every information resource, including personnel, is secured.

5 indicators

KSI-RPL

Recovery Planning

A secure cloud service offering will define, maintain, and test incident response plan(s) and recovery capabilities to ensure minimal service disruption and data loss during incidents and contingencies.

4 indicators

KSI-SVC

Service Configuration

A secure cloud service offering will follow FedRAMP encryption policies, continuously verify information resource integrity, and restrict access to third-party information resources.

8 indicators

KSI-SCR

Supply Chain Risk

A secure cloud service offering will understand, monitor, and manage supply chain risks from third-party information resources.

2 indicators