System Security Plan Q1-2022

System Security Plan Q1-2022 System Security Plan Q1-2022

System Security Plan (SSP) describes the security controls that are in use, or plan to be used to protect all aspects of the system. SSP only contain control compliance description. At this stage no testing is conducted to evaluate the effectiveness of the control. SSP is mostly completed through interviews.

The following terms are used to describe the status of each recommended security control in the SSP

Implemented/In Place
Partial Implemented
Planned
Inherited
Not Applicable
Not Implemented

SSP contains two major sections
- System section-description, categorization, E-authentication, system diagram
- Security Control Section- Describe the status of each recommended control

NIST Publications
- SP 800-18-Guide for developing SSP h t tp://cs r c .n ist .g o v /p u bli c ati o ns/nistp u bs/80 0 –18 –R e v 1/sp8 0 0 –1 8-R e v 1 – fi n al .pd f
- SP 800-53- NIST Recommend security controls h t tp://n v lpu b s.nist.g o v /nistp ubs/S pe ci a lP u bli c ati o ns/NI S T .S P .80 0 – 5 3 r 4 .pdf
- FIPS 200- Minimum Control
- SP -800 -171 Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations
- SP 800-171A Security Requirements for Controlled Unclassified Information

Quizzes

Basic IT Concept Quiz Q1-2022

Certified Authorization Professional Exam Q1-2022

error: Content is protected !!