Security Assessment Plan (SAP)

The Security Assessment Plan (SAP) is a FedRAMP artifact that details how a cloud service provider and its assessor will conduct the security assessment, including the assessment schedule, roles and responsibilities, testing methods, and required deliverables. It serves as the blueprint for evaluating the system's security controls and supporting the authorization process.