System Security Plan (SSP) & POA&M

$680.00

The SSP contains the framework you need to document your Controlled Unclassified Information (CUI) environment, which is a requirement of NIST 800-171.

Description

The SSP contains the framework you need to document your Controlled Unclassified Information (CUI) environment, which is a requirement of NIST 800-171.

Based on customer demand, we developed an editable System Security Plan (SSP) template that is specifically designed for NIST 800-171 compliance. This template is available for immediate download.

NIST 800-171 System Security Plan (SSP) Template

The SSP is meant to be a “living document” that captures pertinent information on the controls implementation for NIST 800-171. Specifically, the SSP template covers all Controlled Unclassified Information (CUI) and Non-Federal Organization (NFO) controls that are listed in Appendices D and E of NIST 800-171.

The SSP can serve as a key element in your organization’s cybersecurity program. It can stand alone or be paired with other specialized products we offer.

It is important to understand that there is no officially-sanctioned format for a System Security Plan (SSP) to meet NIST 800-171 compliance requirements. This template is based on SSP requirements that are used for other US government compliance requirements for SSPs, but it is tailored to document the entire Controlled Unclassified Information (CUI) environment for an organization.

A key concept to keep in mind with the SSP is that it should be complete enough for a reasonable person to pick up, read through and understand the following information:

  • The definition of CUI, in regards to the company’s operations. This is how CUI is defined in contracts.
  • Where CUI is stored, transmitted or processed.
  • What controls are in place to protect CUI as it is stored, transmitted and processed.
  • Any deficiencies that exist in protecting CUI, if applicable.
  • Remediation plans address known deficiencies, if applicable.

What Is The NIST 800-171 System Security Plan (SSP)?

Our products are one-time purchases with no software to install – you are buying Microsoft Office-based documentation templates that you can edit for your specific needs. If you can use Microsoft Office or OpenOffice, you can use this product! The SSP contains the framework you need to document your Controlled Unclassified Information (CUI) environment, which is a requirement of NIST 800-171.

What Problem Does The SSP Solve?

  • Lack of In House Security Experience – Writing cybersecurity documentation is a skill that most cybersecurity professionals simply are not proficient at and avoid the task at all cost. Tasking your security analysts and engineers to write documentation means you are actively taking them away from protecting and defending your network, which is not a wise use of their time. The SSP is an efficient method to obtain a quality SSP template for your organization!
  • Compliance Requirements As a DoD or US government contractor, having a SSP is a requirement of NIST 800-171.

How Does The SSP Solve It?

  • Clear Documentation – The SSP provides a comprehensive template to document your CUI environment. This equates to a time savings in staff and consultant expenses!
  • Time Savings – The SSP can provide your organization with a templated solution that requires minimal resources to fine tune for your organization’s specific SSP needs.
  • Alignment With Leading Practices – The SSP is written to align with NIST 800-53 controls for NIST 800-171 compliance.