System Security Plan

  • System Security Plan (SSP) describes the security controls that are in use, or plan to be used to protect all aspects of the system. SSP only contain control compliance description. At this stage no testing is conducted to evaluate the effectiveness of the control. SSP is mostly completed through interviews.
  • The following terms are used to describe the status of each recommended security control in the SSP
  • Implemented/In Place 
  • Partial Implemented
  • Planned
  • Inherited
  • Not Applicable
  • Not Implemented
  • SSP contains two major sections
    • System section-description, categorization, E-authentication, system diagram
    • Security Control Section- Describe the status of each recommended control

error: Content is protected !!