DIY System Security Plan (SSP) Template:
System Security Plan:
The System Security Plan (SSP) template is NIST 800-171/53 focused. A CMMC SSP Template is currently under review.
The DIY SSP is designed to allow companies to efficiently develop one or more SSP(s) by:
Describing and characterizing their network architecture
Establishing system categorization and risk assessments, to include identification of relevant security baselines, controls and overlays
The SSP is designed to include network and interconnection diagrams, policies and procedures, cybersecurity assessments, Plans of Action and Milestones (POA&M’s), and other relevant artifacts.
An SSP is required by NIST SP 800-171 requirement 3.12.4 and is necessary to be compliant with DFARS 252.204-7012 and NIST SP 800-171 as well as the new CMMC mandate.