DIY System Security Plan Template

Overview of SSP Template...

hncyberhnspacehntraininghnBloghncompliancecenterhninsidercmmcupdate

DIY System Security Plan (SSP) Template:

System Security Plan:

The System Security Plan (SSP) template is NIST 800-171/53 focused.  A CMMC SSP Template is currently under review.
The DIY SSP is designed to allow companies to efficiently develop one or more SSP(s) by:

 

  • Describing and characterizing their network architecture
  • Identifying governance
  • Establishing system categorization and risk assessments, to include identification of relevant security baselines, controls and overlays
 
The SSP is designed to include network and interconnection diagrams, policies and procedures, cybersecurity assessments, Plans of Action and Milestones (POA&M’s), and other relevant artifacts.

 

An SSP is required by NIST SP 800-171 requirement 3.12.4 and is necessary to be compliant with DFARS 252.204-7012 and NIST SP 800-171 as well as the new CMMC mandate.

 

The SSP walks you through describing and characterizing your system, identifying governance, system categorization and risk assessment including identification of relevant security baselines, controls and overlays.