Building a System Security Plan (SSP) that Matters

Date: November 03, 2021

If your organization is involved in contracting with the US federal government, you’ve likely come across the requirement to have a System Security Plan (SSP) in place. For those looking to understand or implement an SSP, there are many resources available, but it can be difficult to piece them together to see the full scope of the requirement and benefits.

As the Cybersecurity Maturity Model Certification (CMMC) continues on a path toward finalization, Department of Defense (DoD) contractors and subcontractors will need to comply with the requirement. Many private organizations also choose to use NIST SP 800-53, which includes SSP controls, as a framework for their Information Security programs.

Using real-world examples of SSP development, this webinar will help attendees see beyond getting a checkmark for compliance and learn how this documentation can benefit an organization. To help attendees see the full scope of how SSPs work, we’ll cover:

  • What is an SSP and why does it matter?
  • Which standards require SSPs and why?
  • How many SSPs does your organization need?
  • How does an organization achieve compliance with a Plan of Action and Milestones (POA&M)?
  • What needs to be included in required diagrams?
  • How to conduct ongoing reviews and maintenance of SSPs

The true purpose of an SSP is to provide a readable overview of your security requirements and controls—why not create a document that goes beyond just satisfying a requirement and helps your organization?

Join Security Consultants Chris Camejo and Jared McWherter to gain a better understanding of SSPs and learn practical information that can help with any SSP development requirement.