System Security Plan
- System Security Plan (SSP) describes the security controls that are in use, or plan to be used to protect all aspects of the system. SSP only contain control compliance description. At this stage no testing is conducted to evaluate the effectiveness of the control. SSP is mostly completed through interviews.
- The following terms are used to describe the status of each recommended security control in the SSP
- Implemented/In Place
- Partial Implemented
- Not Applicable
- Not Implemented
- SSP contains two major sections
- System section-description, categorization, E-authentication, system diagram
- Security Control Section- Describe the status of each recommended control
- NIST Publications
- FIPS 200- Minimum Control
- SP -800 -171 Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations
- SP 800-171A Security Requirements for Controlled Unclassified Information
error: Content is protected !!
Accessing this course requires a login. Please enter your credentials below!