DIY System Security Plan (SSP) Template:

System Security Plan:

The System Security Plan (SSP) template is designed to allow companies to efficiently develop one or more SSP(s) by:

• Describing and characterizing their network architecture

• Identifying governance

• Establishing system categorization and risk assessments, to include identification of relevant security baselines, controls and overlays

The SSP is designed to include network and interconnection diagrams, policies and procedures, cybersecurity assessments, Plans of Action and Milestones (POA&M’s), and other relevant artifacts.

An SSP is required by NIST SP 800-171 requirement 3.12.4 and is necessary to be compliant with DFARS 252.204-7012 and NIST SP 800-171.