NIST SP 800-171 & CMMC 2.0 3.12.4 Requirement:

Develop, document, and periodically update system security plans that describe system boundaries, system environments of operation, how security requirements are implemented, and the relationships with or connections to other systems.

NIST SP 800-171 & CMMC 2.0 3.12.4 Requirement Explanation:

A system security plan describes your information system and how your company meets it's security requirements.

Example NIST SP 800-171 & CMMC 2.0 3.12.4 Implementation:

Create a system security plan (SSP). Include a list of key personnel and roles responsible for your information system. Provide a high level description of your systems primary purpose and functions. List common types of user roles and their associated permissions. Describe the type of data your information systems process (e.g. “Controlled Unclassified Information” (CUI)). Create a network diagram and write a description about it. Reference your hardware and software list in your SSP. List out all the security practices you need to implement. Describe how you have or plan to implement them. Periodically (e.g., bi-annually) update your system security plan (SSP) to reflect any changes.

NIST SP 800-171 & CMMC 2.0 3.12.4 Scenario(s):

- Scenario 1:

You create a system security plan providing a high level overview of your information system. You also specify your security requirements, how you have implemented them, and how you plan to implement the any absent security controls.
 

Quick & Simple

Discover Our Cybersecurity Compliance Solutions:

Whether you need to meet and maintain your compliance requirements, help your clients meet them, or verify supplier compliance we have the expertise and solution for you

 NIST SP 800-171 & CMMC Compliance App

NIST SP 800-171 & CMMC Compliance

Become compliant, provide compliance services, or verify partner compliance with NIST SP 800-171 and CMMC requirements.
 HIPAA Compliance App

HIPAA Compliance

Become compliant, provide compliance services, or verify partner compliance with HIPAA security rule requirements.
 FAR 52.204-21 Compliance App

FAR 52.204-21 Compliance

Become compliant, provide compliance services, or verify partner compliance with FAR 52.204-21 Basic Safeguarding of Covered Contractor Information Systems requirements.
 ISO 27001 Compliance App

ISO 27001 Compliance

Become compliant, provide compliance services, or verify partner compliance with ISO 27001 requirements.