$650.00

NIST 800-171 System Security Plan (SSP) Template

SKU:
P11-SSP
Availability:
Digital Download - Available Immediately

file types are bmp, gif, jpg, jpeg, jpe, jif, jfif, jfi, png, wbmp, xbm, tiff

NIST 800-171 System Security Plan (SSP)

Based on customer demand, we developed an editable System Security Plan (SSP) template that is specifically designed for NIST 800-171 compliance. This template is available for immediate download.

Product Example - NIST 800-171 SSP

The SSP is based on existing formats that are used for FedRAMP, but is designed specifically for NIST 800-171 to document the controls affecting your Controlled Unclassified Information (CUI) and Non-Federal Organization (NFO) controls. The SSP is meant to be a "living document" that addresses the who, what, why, when, where, who and how of a security program.

logo-product-nist-800-171-system-security-plan-ssp-template-2019.1.jpg   Watch Our Product Walkthrough Video   View Product Example
    download-example-microsoft-word.jpg
   

Example SSP

    download-example-microsoft-excel.jpg
   

Example POA&M

Cost Savings Estimate - NIST 800-171 System Security Plan (SSP)

When you look at the costs associated with either (1) hiring an external consultant to write cybersecurity documentation for you or (2) tasking your internal staff to write it, the cost comparisons paint a clear picture that buying from ComplianceForge is the logical option. Compared to hiring a consultant, you can save months of wait time and tens of thousands of dollars. Whereas, compared to writing your own documentation, you can potentially save hundreds of work hours and the associated cost of lost productivity. Purchasing the SSP from ComplianceForge offers these fundamental advantages when compared to the other options for obtaining quality cybersecurity documentation:

  • For your internal staff to generate comparable documentation, it would take them an estimated 70 internal staff work hours, which equates to a cost of approximately $5,250 in staff-related expenses. This is about 4-8 months of development time where your staff would be diverted from other work.
  • If you hire a consultant to generate this documentation, it would take them an estimated 40 consultant work hours, which equates to a cost of approximately $12,000. This is about 3-4 months of development time for a contractor to provide you with the deliverable.
  • The SSP is approximately 5% of the cost for a consultant or 12% of the cost of your internal staff to generate equivalent documentation.
  • We process most orders the same business day so you can potentially start working with the SSP the same day you place your order.

2019-pricing-ssp-1.jpg

The process of writing cybersecurity documentation can take an internal team many months and it involves pulling your most senior and experienced cybersecurity experts away from operational duties to assist in the process, which is generally not the most efficient use of their time. In addition to the immense cost of hiring a cybersecurity consultant at $300/hr+ to write this documentation for you, the time to schedule a consultant, provide guidance and get the deliverable product can take months. Even when you bring in a consultant, this also requires involvement from your internal team for quality control and answering questions, so the impact is not limited to just the consultant's time being consumed. 

software-2018.1-no-software-to-install-v4.jpg

NIST 800-171 System Security Plan (SSP) Template

The SSP is meant to be a "living document" that captures pertinent information on the controls implementation for NIST 800-171. Specifically, the SSP template covers all Controlled Unclassified Information (CUI) and Non-Federal Organization (NFO) controls that are listed in Appendices D and E of NIST 800-171. 

 

product-selection-2018.2-cybersecurity-policies-standards-procedures-controls.jpg

     

 

The SSP can serve as a key element in your organization's cybersecurity program. It can stand alone or be paired with other specialized products we offer.

It is important to understand that there is no officially-sanctioned format for a System Security Plan (SSP) to meet NIST 800-171 compliance requirements. This template is based on SSP requirements that are used for other US government compliance requirements for SSPs, but it is tailored to document the entire Controlled Unclassified Information (CUI) environment for an organization.

A key concept to keep in mind with the SSP is that it should be complete enough for a reasonable person to pick up, read through and understand the following information:

  • The definition of CUI, in regards to the company’s operations. This is how CUI is defined in contracts.
  • Where CUI is stored, transmitted or processed.
  • What controls are in place to protect CUI as it is stored, transmitted and processed.
  • Any deficiencies that exist in protecting CUI, if applicable.
  • Remediation plans address known deficiencies, if applicable.

 

What Is The NIST 800-171 System Security Plan (SSP)?

Our products are one-time purchases with no software to install - you are buying Microsoft Office-based documentation templates that you can edit for your specific needs. If you can use Microsoft Office or OpenOffice, you can use this product! The SSP contains the framework you need to document your Controlled Unclassified Information (CUI) environment, which is a requirement of NIST 800-171.

What Problem Does The SSP Solve?

  • Lack of In House Security Experience - Writing cybersecurity documentation is a skill that most cybersecurity professionals simply are not proficient at and avoid the task at all cost. Tasking your security analysts and engineers to write documentation means you are actively taking them away from protecting and defending your network, which is not a wise use of their time. The SSP is an efficient method to obtain a quality SSP template for your organization!
  • Compliance Requirements As a DoD or US government contractor, having a SSP is a requirement of NIST 800-171. 

How Does The SSP Solve It?

  • Clear Documentation - The SSP provides a comprehensive template to document your CUI environment. This equates to a time savings in staff and consultant expenses!
  • Time Savings - The SSP can provide your organization with a templated solution that requires minimal resources to fine tune for your organization's specific SSP needs. 
  • Alignment With Leading Practices - The SSP is written to align with NIST 800-53 controls for NIST 800-171 compliance.  

Plan of Action & Milestones (POA&M) Template Included

At no additional cost, your purchase of the System Security Plan (SSP) template comes with a Microsoft Excel template for a Plan of Action and Milestones (POA&M) that is editable for your needs.

plan-of-action-milestones-template.jpg

Related Products

Reviews

  • 1. Well worth the money 5

    I can’t thank you enough for the tools you guys have created. It has saved us countless hours in the implementation of 800-171.

    - Director of Information Technology on Jan 10th 2018

Find Out Exclusive Information On Cybersecurity