The following artifacts/deliverables are developed at this phase
System Security Plan (SSP)-Most important document
Configuration Management Plan (CMP)
Contingency Plan (CP)
Contingency Plan Test (CPT)
The implementation and creation of relevant artifact for this phase is normally the responsibility of the system owner
A C&A analyst might be asked to assist in the development of the artifacts(C&A analyst collects information from the system owner or system Point of Contact (POC) and incorporate it into existing templates).
NIST Publications
SP 800-18-Guide for developing SSP
SP 800-53- NIST Recommend security controls
FIPS 200- Minimum Control
SP -800-128- Guide for configuration Management
SP 800-70- National checklist Program for IT Product
SP 800-34-Guide for contingency planning
SP 800-84-Guide to Test, Training, and Exercise Programs
SP 800- 47 Interconnecting Information Technology systems